ores::security Namespace Reference

Shared security primitives for ORE Studio. More...

Detailed Description

Shared security primitives for ORE Studio.

This component provides cryptographic operations and validation utilities that are shared across other components. Key features include:

• Cryptographic operations (ores::security::crypto namespace):
  • Password hashing using scrypt algorithm
  • AES-256-GCM encryption/decryption with PBKDF2 key derivation
• Validation utilities (ores::security::validation namespace):
  • Password policy validation (OWASP compliant)
  • Email format validation

All cryptographic operations use OpenSSL and follow current OWASP security recommendations.

• JWT support (ores::security::jwt namespace):
  • JWT claims structure with tenant/party/session fields
  • HS256 symmetric signing and verification
  • RS256 asymmetric signing (IAM only) and verification (all services)