DDS-SECURITY 1.1 RTF Avatar
  1. OMG Issue

DDSSEC11 — discovery_protection_kind is Underspecified

  • Key: DDSSEC11-45
  • Status: closed  
  • Source: Real-Time Innovations ( Dr. Gerardo Pardo-Castellote, Ph.D.)
  • Summary:

    In current version of the spec, ParticipantSecurityAttributes only contains is_access_protected and is_rtps_protected.

    To be consistent with other fields like topic_rule's metadata_protection_kind (mapped to is_submessage_protected by the spec) or domain_rule's rtps_protection_kind (mapped to is_rtps_protected by the spec)), we should do the following modifications to the spec:

    • ParticipantSecurityAttributes: add new field is_discovery_protected
      • is_discovery_protected: Indicates the value of is_submessage_protected for the Builtin Discovery Secure endpoints.
    • Discovery Protection Kind element, add the following to 9.4.1.2.4.5 Discovery Protection Kind element:

    This setting controls the contents of the ParticipantSecurityAttributes returned by the
    AccessControl::get_participant_sec_attributes operation on the DomainParticipant. Specifically the is_discovery_protected attribute in the ParticipantSecurityAttributes shall be set to FALSE if and only if the value of the <discovery_protection_kind> element is NONE.

  • Reported: DDS-SECURITY 1.0 — Mon, 5 Dec 2016 12:13 GMT
  • Disposition: Resolved — DDS-SECURITY 1.1
  • Disposition Summary:

    Define is_discovery_protected ParticipantSecurityAttribute

    Add an entry for is_discovery_protected to Table 21 in section 8.4.2.4. This field controls whether the Crypto plugin operations are called on the DCPSPublicationsSecure and DCPSSubscriptionsSecure.

    Edit section 9.4.1.2.4.4 (Discovery Protection Kind element) to explain that the setting of the <discovery_protection_kind> element determines the value of the ParticipantSecurityAttributes returned by the AccessControl::get_participant_sec_attributes. Specifically the field is_discovery_protected

  • Updated: Tue, 19 Dec 2017 20:03 GMT