auth_framework/server/security/
mod.rs

1//! Comprehensive security implementation module for enterprise-grade authentication.
2//!
3//! This module provides advanced security features and compliance implementations
4//! designed for high-security environments including financial services, healthcare,
5//! and government applications. All implementations follow current security best
6//! practices and relevant industry standards.
7//!
8//! # Security Features
9//!
10//! - **DPoP (Demonstration of Proof-of-Possession)**: RFC 9449 implementation
11//! - **mTLS (Mutual TLS)**: Client certificate authentication
12//! - **FAPI (Financial-grade API)**: Financial industry security profile
13//! - **X.509 Certificate Management**: PKI-based authentication
14//! - **CAEP (Continuous Access Evaluation)**: Real-time access revocation
15//!
16//! # Compliance Standards
17//!
18//! - **FAPI 1.0 & 2.0**: Financial-grade API security profiles
19//! - **Open Banking**: European and UK open banking standards
20//! - **PCI DSS**: Payment card industry compliance
21//! - **NIST Cybersecurity Framework**: Government security guidelines
22//! - **ISO 27001**: Information security management
23//!
24//! # Advanced Security Properties
25//!
26//! - **Zero-Trust Architecture**: Never trust, always verify
27//! - **Defense in Depth**: Multiple layers of security
28//! - **Principle of Least Privilege**: Minimal necessary access
29//! - **Continuous Monitoring**: Real-time threat detection
30//! - **Cryptographic Agility**: Algorithm flexibility and rotation
31//!
32//! # Use Cases
33//!
34//! - **Financial Services**: Banking, payment processing, trading platforms
35//! - **Healthcare**: HIPAA-compliant medical record systems
36//! - **Government**: Classified information systems
37//! - **Enterprise**: High-security corporate applications
38//! - **IoT Security**: Device-to-device authentication
39//!
40//! # Example
41//!
42//! ```rust
43//! use auth_framework::server::security::{DpopManager, FapiManager};
44//!
45//! // DPoP for token binding
46//! let dpop_manager = DpopManager::new(jwt_validator);
47//! let dpop_result = dpop_manager.validate_dpop_proof(
48//!     dpop_proof,
49//!     "POST",
50//!     "https://api.example.com/resource",
51//!     Some(&access_token),
52//!     None
53//! ).await?;
54//!
55//! // FAPI compliance validation
56//! let fapi_manager = FapiManager::new(config);
57//! let fapi_validation = fapi_manager.validate_request(&request).await?;
58//! ```
59//!
60//! # Performance Considerations
61//!
62//! Security operations are optimized for production use with:
63//! - Efficient cryptographic operations
64//! - Minimal memory allocation
65//! - Concurrent-safe implementations
66//! - Connection pooling for external services
67
68pub mod caep_continuous_access;
69pub mod dpop;
70pub mod fapi;
71pub mod mtls;
72pub mod x509_signing;
73
74// Re-export commonly used types
75pub use caep_continuous_access::*;
76pub use dpop::*;
77pub use fapi::*;
78pub use mtls::*;
79pub use x509_signing::*;
80
81