DDS-SECURITY 1.1 RTF Avatar
  1. OMG Issue

DDSSEC11 — Handling expiration of Permissions or Certificates during operation

Open Closed All
  • Key: DDSSEC11-110
  • Status: closed  
  • Source: Twin Oaks Computing, Inc. ( Mr. Clark Tucker)
  • Summary:

    The Permissions document includes a validity range (not-before + not-after). Also, PKI certificates (used for identification) have an expiration date.

    The standard should address what happens when, during the course of operation, either of these expiration dates are passed. That is, 1) a peer is discovered and authenticated and permissions are validated; 2) time passes such that either or both (permission and/or certificate) expiration date/s pass/es.

    Two possible approaches:

    • Do nothing - that is, matched and validated entities continue to communicate uninterrupted.
    • Enforce expiration - The middleware periodically checks expiration dates and terminates communication when things expire.
    • There are probably other approaches.

    It is likely that the details are not important to interoperability, and can be left to the vendor.

  • Reported: DDS-SECURITY 1.0 — Sun, 9 Jul 2017 17:18 GMT
  • Disposition: Duplicate or Merged — DDS-SECURITY 1.1
  • Disposition Summary:

    Merge with DDSSEC11-82

    This issue is related to DDSSEC11-82 so it makes sense to handle both together
  • Updated: Tue, 19 Dec 2017 20:03 GMT