zerodds-bridge-security
Shared security layer for ZeroDDS bridge daemons (ws / mqtt / coap / amqp / grpc / corba): §7.1 TLS (rustls), §7.2 auth modes, §7.3 topic ACL.
ZeroDDS component: Layer 5 (Bridges). Bundles three reusable building blocks that any bridge daemon can plug in without having to write its own crypto/auth logic.
Spec mapping
| Spec document | Section |
|---|---|
| ZeroDDS Bridge Spec 1.0 | §7.1 TLS |
| ZeroDDS Bridge Spec 1.0 | §7.2 auth modes |
| ZeroDDS Bridge Spec 1.0 | §7.3 topic ACL |
Safety classification
STANDARD — security-relevant, but not safety-certified.
#![forbid(unsafe_code)] is set.
Usage
use ;
let subj = new.with_group;
let acl = allow_all;
let _allowed = acl.check;
Building blocks
- [
tls] —rustls 0.23ServerConfig builder with PEM cert/key loader, optional client CA trust for mTLS, plusRotatingTlsConfigfor SIGHUP hot reload. - [
auth] — auth modesnone|bearer|jwt|mtls|saslplus [AuthSubject] type with group memberships and free-form claims. - [
acl] — topic ACL with wildcard and group matching (read / write). - [
connection] — per-connection helpers: server-side TLS handshake, rustlsClientConnectorbuilder, RotatingTlsConfig. - [
ctx] —SecurityCtxas an aggregate (auth + ACL + TLS), plusauthenticate/authorize/extract_mtls_subject.
Features
default = ["std"]— standard library + heap allocator.std— required (rustls 0.23 needs std).
Stability
1.0.0-rc.1 — the public API is RC1-stable. Breaking changes require a
major bump. New auth modes or ACL operations are additive discriminants
and thus major-additive.
Build & test
License
Apache-2.0. See LICENSE.