Thanks @hongkedavid for your interest in ROS/ROS2 and security.
There is no plan to implement an online arbiter in ROS 2 at the moment. As ROS 2 is focused on decentralized communication, there is no ROS master anymore and all the policy evaluation and authorization is done directly between nodes. Adding a central component that knows all the policies of the system, override node access control policy resolution and that can modify them at runtime would be both challenging to implement in DDS and have several severe drawbacks that don't play well with a secure distributed system:
- Introduce a single point of failure as taking it down would prevent communication if the arbiter approval is required to establish communication
- Store all the policy information of the system in a single place rather than distribute it
- Force every node to establish additional communication channels and adds network overhead to communicate with the arbiter.
Regarding SROS: I don't think any work has been done in that direction. Currently the sros master enforces the policies defined in the certificates.
Hope this helps,
---
[Visit Topic](
https://discourse.ros.org/t/implementation-of-online-arbiter-in-sros-sros2/3456/3) or reply to this email to respond.
If you do not want to receive messages from ros-users please use the unsubscribe link below. If you use the one above, you will stop all of ros-users from receiving updates.
______________________________________________________________________________
ros-users mailing list
ros-users@lists.ros.org
http://lists.ros.org/mailman/listinfo/ros-users
Unsubscribe: <
http://lists.ros.org/mailman//options/ros-users>
(text/plain)