[Discourse.ros.org] [Next Generation ROS] Implementation of online arbiter in SROS/SROS2
Thanks @hongkedavid for your interest in ROS/ROS2 and security.
There is no plan to implement an online arbiter in ROS 2 at the moment. As ROS 2 is focused on decentralized communication, there is no ROS master anymore and all the policy evaluation and authorization is done directly between nodes. Adding a central component that knows all the policies of the system, override node access control policy resolution and that can modify them at runtime would be both challenging to implement in DDS and have several severe drawbacks that don't play well with a secure distributed system:
- Introduce a single point of failure as taking it down would prevent communication if the arbiter approval is required to establish communication
- Store all the policy information of the system in a single place rather than distribute it
- Force every node to establish additional communication channels and adds network overhead to communicate with the arbiter.
Regarding SROS: I don't think any work has been done in that direction. Currently the sros master enforces the policies defined in the certificates.