-
Key: DDSSEC11-56
-
Status: closed
-
Source: Twin Oaks Computing, Inc. ( Mr. Clark Tucker)
-
Summary:
The Permissions XSD for the <allow_rule> and <deny_rule> elements allows for zero topics to be specified. In that case, does the rule match ANY topic or NO topics?
-
Reported: DDS-SECURITY 1.0 — Sun, 5 Mar 2017 19:46 GMT
-
Disposition: Resolved — DDS-SECURITY 1.1
-
Disposition Summary:
Modify description of permissions grant rules and XSD
Make it clear that lacking <publish> Criteria, a rule does not match any topics names for publishing. Likewise lacking a <subscribe> Criteria a rule would match no topics for subscribing.
These clarifications should be added to 9.4.1.3.2.3.1.2 (Publish Section) and 9.4.1.3.2.3.1.3 (Subscribe Section)
Modify the XSD for the Permissions document to make the <topics> section mandatory within the <publish> and <subscribe> sections.
This would impact the omg_shared_ca_permissions.xsd file.
Also this affects the omg_shared_ca_permissions_example.xml in that the rule below is invalid:<allow_rule> <domains> <id>0</id> </domains> <publish> </publish> <subscribe></subscribe> </allow_rule>
This rule should be changed to remove the empty <publish> and <subscribe> elements. This change does not modify the meaning of the rule.
In addition the copy of the example XML that appears in 9.4.1.4 (DomainParticipant example permissions document (non normative)) needs to also be updated.
-
Updated: Tue, 19 Dec 2017 20:03 GMT
-
Attachments:
- omg_shared_ca_permissions_example_i56.xml 4 kB (application/xml)
- omg_shared_ca_permissions_i56.xsd 5 kB (text/xml)
DDSSEC11 — Permissions grant rule with no specified topic
- Key: DDSSEC11-56
- OMG Task Force: DDS Security 1.1 RTF