[ros-users] [Discourse.ros.org] [Next Generation ROS] ROS2 Security

Mikael Arguedas ros.discourse at gmail.com
Mon Jul 24 15:37:47 UTC 2017

Thanks for you interest in ROS 2 security!

[quote="Roser, post:3, topic:2273"]
As for SROS2, now its merged into the ROS2 mainline, does this mean that the mainline is always enough to use the ROS2 security features from the current to the future ? or the further development will continue on SROS2 when necessary but merge the work on SROS2 into the mainline at a certain ROS2 release milestone?

The sros2 repository is mostly to provide tools to generate and manage security files more easily. The support for DDS-Security has been added within the core of ROS2  itself (you can find the set of changes on various repository on [this issue](https://github.com/ros2/ros2/issues/339)). DDS-Security support is now a "core" feature of ROS 2 and will be developed and integrated following the same process as any other ROS 2 features.
So ROS2 will always ship with DDS-Security support from now on.

[quote="Roser, post:3, topic:2273"]
for example, where to find the detail to learn more technical detai

Are you looking for details about DDS-Security itself ? or how DDS-Security is wrapped in the ROS2 interface ?

If the former, I think that the best resources are the [DDS-Security specification](http://www.omg.org/spec/DDS-SECURITY/1.0/) provided by OMG. For details about specific implementations, refer to the vendor's DDS-Security section [here](http://docs.eprosima.com/en/latest/security.html) for Fast-RTPS, through the RTI Portal for Connext (the information is not public AFAIK). 

If the latter, the set of pull requests referenced in [#339](https://github.com/ros2/ros2/issues/339) will give context about how the security parameters are passed down the layers of the ROS2 stack. In brief you can decide to create a secure node in ROS2 by simply defining [environment variables](https://github.com/ros2/sros2/blob/master/SROS2_Linux.md#define-the-sros2-environment-variables), the user code itself is exactly the same.
The RCL layer will ensure that the directory to find the security files exists and pass it to the rmw_<VENDOR> layer. Each rmw implementation will use it's own logic to find the specific files and configure the participant accordingly (see [rmw_fastrtps_cpp](https://github.com/ros2/rmw_fastrtps/pull/103/files) and [rmw_connext_cpp](https://github.com/ros2/rmw_connext/pull/225/files) to see how ot's done for the 2 currenty supported vendors). Once the participant created with these settings, the DDS implementation will take care of performing the authentication / encryption / access control functions.

Hope this helps

[Visit Topic](https://discourse.ros.org/t/ros2-security/2273/4) or reply to this email to respond.

More information about the ros-users mailing list