[ros-users] [Discourse.ros.org] [Next Generation ROS] ROS2 Security Working Group Online Meeting

ruffsl ros.discourse at gmail.com
Fri Nov 23 06:46:04 UTC 2018

Presently, the capabilities for ros `topics` are distinguished as `publish` `subscribe`. I'd suggest we formalise the terminology for the accompanying sub-systems as well for: perimetres, services, actions.  
I'd propose the following breakdown of capability primitives:

| Subsystem | Capabilities |
| topics | `publish`, `subscribe` |
| parameters  | `read`, `write` |
| actions | `call`, `execute` |
| service | `request`, `reply` |

Perhaps others may have suggestions per the exact choice of vocab (e.g. [reply vs response](https://www.wikiwand.com/en/Request%E2%80%93response)) to adopt.

These collection of subject permissions above reflects the symmetry of roles for each given subsystem object interface. Should it be necessary, we should anticipate the extending the number of capability types. For example, while the pub/sub server/client roles in topics and services are rather straightforward, what of finer restrictions when provisioning for parameters and actions? Should practices such as [same origin policy](https://en.wikipedia.org/wiki/Same-origin_policy) be implementable when controlling who can cancel who's particular goal, or who can write to which particular parameter?

[Visit Topic](https://discourse.ros.org/t/ros2-security-working-group-online-meeting/6393/27) or reply to this email to respond.

More information about the ros-users mailing list