Access Control for pub/sub

[clibequilibrium]

Hello Zenoh community,

I am using Zenoh in a distributed mmo similar to Second Life and facing a problem of security with key expression.
My use case uses Zenoh Peers as Servers that process game logic & Zenoh Routers are used as micro-services storage for Login, Chat, Inventory etc. services.

The problem I am facing is that Zenoh clients are able to subscribe to any expressions with wildcards /** and are able to fetch the data from other clients. Ideally we should be able to restrict access to:

Zenoh Router storage

• Being able to restrict access to the key expressions/volumes to just "peers" for example:

        demo: {
          key_expr: "demo/example/**",
          access_Mode: "peer",
          strip_prefix: "demo/example",
          volume: {
            id: "rocksdb",
            dir: "example",
            create_db: true,
          }
        }

Having this will allow to have peers that can act as authoritative servers while the clients can only pub/sub what they have access to.

Thanks !

[cameronbraid]

I agree that something like this is needed

zenoh may wish to get some inspiration from how nats does it https://docs.nats.io/running-a-nats-service/configuration/securing_nats/auth_intro/jwt

[cameronbraid]

Oh, I just found https://github.com/orgs/eclipse-zenoh/projects/2/views/4?filterQuery=access&pane=issue&itemId=3679896