Security
Security patterns and best practices for ARC Protocol.
Overview
ARC Protocol security through authentication, transport encryption, and authorization.
Topics
- Authentication - OAuth2 and JWT validation
- Transport Security - TLS and quantum-safe encryption
- Authorization - Scope validation and permissions
Security Layers
┌─────────────────────────────────────┐
│ Application Security │
│ (Business Logic, Input Validation) │
└──────────────┬──────────────────────┘
│
┌──────────────▼──────────────────────┐
│ Authorization Layer │
│ (OAuth2 Scopes, Permissions) │
└──────────────┬──────────────────────┘
│
┌──────────────▼──�────────────────────┐
│ Authentication Layer │
│ (OAuth2, JWT Validation) │
└──────────────┬──────────────────────┘
│
┌──────────────▼──────────────────────┐
│ Transport Security │
│ (TLS 1.2+, Quantum-Safe Hybrid) │
└─────────────────────────────────────┘
Core Principles
- Defense in Depth - Multiple security layers
- Least Privilege - Minimal required permissions
- Zero Trust - Verify every request
- Encryption Everywhere - TLS for all communications
- Audit Trail - Log security events
Quick Reference
Authentication
from arc import Server
from arc.auth import MultiProviderJWTValidator
validator = MultiProviderJWTValidator(providers={...})
server = Server(server_id="secure-server", enable_auth=True)
server.set_jwt_validator(validator)
Transport Security
# Quantum-safe hybrid TLS (default)
client = Client(endpoint="...", token="...", use_quantum_safe=True)
Authorization
server.set_required_scopes({
"task.create": ["arc.task.controller"],
"chat.start": ["arc.chat.controller"]
})