Access Control

Access control restricts which operations a node is willing to accept from a peer on which key expressions. It is evaluated locally by each node based on peer identity, local configuration, and implementation-specific policy logic.

Scope

The base Zenoh wire protocol does not define:

  • a portable rule grammar,

  • a standard on-wire representation for policies,

  • a mandatory rule-evaluation algorithm,

  • or a shared identity model across implementations.

What it does define is the set of operations that a local policy may gate: session establishment, declaration exchange, publication, deletion, query issuance, query replies, and related control messages.

Typical Policy Inputs

Implementations commonly base access decisions on some combination of:

  • transport-layer identities such as certificate subjects or peer keys,

  • session-layer credentials exchanged via the Auth extension,

  • key expressions and operation type,

  • traffic direction (ingress vs egress),

  • deployment-specific tenancy, region, or routing metadata.

Configuration

Access control rules are configured out-of-band (e.g., in a configuration file or management API). The exact configuration format and evaluation semantics are implementation-defined and out of scope for the base protocol specification.