zerodds-security 1.0.0-rc.3

DDS-Security 1.1 plugin SPI for ZeroDDS: Authentication / AccessControl / Cryptographic / Logging / DataTagging trait definitions + generic-message topics + token data model.
Documentation
  • Coverage
  • 100%
    240 out of 240 items documented1 out of 132 items with examples
  • Size
  • Source code size: 125.04 kB This is the summed size of all the files inside the crates.io package for this release.
  • Documentation size: 3.9 MB This is the summed size of all files generated by rustdoc for all configured targets
  • Ø build duration
  • this release: 3s Average build duration of successful builds.
  • all releases: 6s Average build duration of successful builds in releases after 2024-10-23.
  • Links
  • Homepage
  • zero-objects/zero-dds
    6 1 0
  • crates.io
  • Dependencies
  • Versions
  • Owners
  • SandraK82

zerodds-security

License: Apache-2.0 docs.rs

DDS-Security 1.1 (formal/2018-04-01) plugin SPI for the ZeroDDS stack: trait definitions, token data model, generic-message topics. Pure Rust + alloc. Safety classification: SAFE (trust-neutral SPI layer).

Spec mapping

Spec Trait / module Concrete impl
§8.3 Authentication AuthenticationPlugin zerodds-security-pki
§8.4 Access Control AccessControlPlugin zerodds-security-permissions
§8.5 Cryptographic CryptographicPlugin zerodds-security-crypto
§8.6 Logging LoggingPlugin zerodds-security-logging
§8.7 Data Tagging DataTaggingPlugin zerodds-security-runtime

Coverage doc: docs/spec-coverage/dds-security-1.2.md (50 done / 0 partial / 0 open / 1 n/a, K6 audit).

What's inside

Plugin traits (object-safe, Box<dyn Plugin>-erasable):

  • AuthenticationPlugin — identity validation + handshake.
  • AccessControlPlugin — permissions check, topic allow/deny.
  • CryptographicPlugin — encrypt/decrypt submessage + key material + receiver-specific MACs.
  • LoggingPlugin — audit events.
  • DataTaggingPlugin — built-in DataTagging (DDS-Security 1.2 §8.7).

Token data model:

  • IdentityToken, PermissionsToken, CryptoToken, IdentityStatusToken.
  • DataHolder, BinaryProperty, WireProperty.

Generic messages (DCPSParticipantStatelessMessage + DCPSParticipantVolatileMessageSecure):

  • ParticipantGenericMessage, MessageIdentity.
  • Topic constants: TOPIC_STATELESS_MESSAGE, TOPIC_VOLATILE_MESSAGE_SECURE, TYPE_NAME_GENERIC_MESSAGE.

Cross-cutting:

  • Property, PropertyList — plugin configuration via <participant_qos><property>.
  • security_topic_qos — built-in security-topic QoS profiles (§7.4.5).
  • SecurityError — all plugin errors.
  • mock (feature std) — test mock plugins.

Layer position

Layer 4 — Core Services (SPI crate). Pure Rust + alloc, no ZeroDDS crate deps. Consumed by 7 further security crates (security-pki, -crypto, -keyexchange, -permissions, -logging, -rtps, -runtime) plus by zerodds-discovery (built-in endpoint slots) and zerodds-dcps (feature security).

Quickstart

use zerodds_security::{AuthenticationPlugin, AccessControlPlugin};
use zerodds_security::mock::MockAuthenticationPlugin;

let auth: Box<dyn AuthenticationPlugin> = Box::new(MockAuthenticationPlugin::new());
// Use auth.validate_local_identity(...), auth.begin_handshake_request(...) etc.

Production use cases build the real plugins (security-pki, etc.) and plug them into the DCPS participant via Box<dyn Plugin>.

Feature flags

Feature Default Purpose
std Mutex + thread-safe mock
alloc ✅ via std Vec/String
safety reserved hook

Stability

1.0.0-rc.1 is API-frozen — breaking changes require a v2.0 major bump. Semver patch + minor may only add new methods with a default body or non-breaking enum variants. This frozen pledge is binding, because 7 sister crates + dcps + discovery depend on this SPI.

Tests

cargo test -p zerodds-security

39 unit tests + 1 doc test green.

License

Apache-2.0. See LICENSE.

See also