Deny-by-default authorization with RBAC, ABAC, tenant isolation, and web middleware.
Shared security types, identity traits, correlation context, and data classification primitives.
Authentication helpers for JWT, OIDC, MFA, API keys, sessions, and step-up policy.
Native-client device trust decisions, attestation metadata, and trust-tier session policy.
Authorization metadata primitives for RustUse
A proc-macro way to validate user permissions for `rocket-grants` crate.
An authorization framework with compile-time enforcement.
ReBAC (Relationship-Based Access Control) authorization engine - Google Zanzibar implementation
Security telemetry, redaction, HMAC-sealed events, and audit-friendly event sinks.
Input validation, request limits, CORS, Fetch Metadata, and browser boundary protections.
Secret wrappers, envelope encryption, KMS providers, crypto agility, and password hashing.
Secure error handling with public-safe responses, incident IDs, and panic boundaries.