End-to-end encrypted, mutually authenticated, secure communication.
Data, within modern distributed applications, are rarely exchanged over a single point-to-point transport connection. Application messages routinely flow over complex, multi-hop, multi-protocol routes — across data centers, through queues and caches, via gateways and brokers — before reaching their end destination.
Transport layer security protocols are unable to protect application messages because their protection is constrained by the length and duration of the underlying transport connection.
Ockam makes it simple for our applications to guarantee end-to-end integrity, authenticity, and confidentiality of data. We no longer have to implicitly depend on the defenses of every machine or application within the same, usually porous, network boundary. Our application’s messages don’t have to be vulnerable at every point, along their journey, where a transport connection terminates.
Instead, our application can have a strikingly smaller vulnerability surface and easily make granular authorization decisions about all incoming information and commands.
- End-to-end encrypted, mutually authenticated secure channels.
- Multi-hop, multi-transport, application layer routing.
- Key establishment, rotation, and revocation - for fleets, at scale.
- Lightweight, Concurrent, Stateful Workers that enable simple APIs.
- Attribute-based Access Control - credentials with selective disclosure.
- Add-ons for a variety of operating environments, transport protocols, and cryptographic hardware.
Tutorials, examples and reference guides are available at docs.ockam.io.
- Access Control
- Ockam general bi-directional channel
- Compatibility adapter, mostly for
- A module to export the error code in a meaningful way
- Flow Controls
- List of all top-level services
- Ockam pipe module
- Pipe2 composition system
- Advanced Ockam worker protocols
RemoteRelayallows registering node within a Cloud Node with dynamic or static alias, which allows other nodes forward messages to local workers on this node using that alias.
- Module containing types for managing
- Types and traits relating to ockam vaults.
- A collection of utility workers for various use cases.
- A generic address type.
- A passthrough marker message type.
- Context contains Node state and references to the runtime.
- Allow to send message to destination address periodically after some delay Only one scheduled heartbeat allowed at a time Dropping this handle cancels scheduled heartbeat
- The type of errors returned by Ockam functions.
- Underlying Ockam node executor
- A message type that is routed locally within a single node.
- Full set of options to
- Full set of options to
- Start a node with a custom setup configuration
- A message metadata wrapper type
- A user-defined protocol identifier.
- Alias worker to register remote workers under local names.
- Trust Options for a Forwarding Service
- A full route to a peer.
- A message wrapper that provides message route information.
- We use sqlx as our primary interface for interacting with the database The database driver is currently Sqlite
- An abstraction to build a worker system graph
- Trust Options for a TCP connection
- Trust Options for an Inlet
- Trust Options for a TCP listener
- Trust Options for an Outlet
- High level management interface for TCP transports
- A generic transport message type.
- Start a
Workerwith a custom configuration
- A composable worker system type.
- An enumeration of different error types emitted by this library.
- This enum represents the set of types that we currently support in our database Since we support only Sqlite at the moment, those types are close to what is supported by Sqlite: https://www.sqlite.org/datatype3.html
- Clone trait for async structs.
- This trait provides some syntax for transforming sqlx errors into ockam errors
- A user defined message that can be serialised and deserialized.
- Defines an interface for Ockam Workers that need to continuously perform background operations.
- Handle a single type of message for a worker system-address
- This trait adds a
create_tcp_transportmethod to any struct returning a Context. This is the case for an ockam::Node, so you can write
- This trait can be implemented by any type that can be converted to a database type Typically an
- This trait provides some syntax to shorten queries execution returning ()
- Defines the core interface shared by all Ockam Workers.
- Produces Ok(true) to avoid an ambiguous reading from using the unadorned value in auth code.
- Produces Ok(false) to avoid an ambiguous reading from using the unadorned value in auth code.
- A generator for unique, human-readable identifiers suitable for use in distributed systems.
- Alias of the type used for encoded data.
- Marks an async function to be run in an ockam node.
- Mark an Ockam Processor implementation.
- Marks an async test function to be run in an ockam node.
- Mark an Ockam Worker implementation.