-
Key: DDSSEC11-94
-
Status: closed
-
Source: Real-Time Innovations ( Dr. Gerardo Pardo-Castellote, Ph.D.)
-
Summary:
The security specification introduces several new builtin endpoints, for secure discovery (DCPSPublicationsSecure, DCPSSubscriptionsSecure), secure liveliness (BuiltinParticipantMessageSecure), and Key Exchange (ParticipantVolatileMessageSecure).
The behavior of these endpoints with regards to the security plugins is controlled by fields in the ParticipantSecurityAttributes, specifically is_discovery_protected and is_liveliness_protected.
However the behavior of regular (application-defined) endpoints with regards to the security plugins is controlled by the value of the EndpointSecurityAttributes that are specific to each Endpoint.
This difference in treatment complicates the specification as well as the implementation. It also limits what can be done with the builtin endpoints.
A better solution would be to reuse the EndpointSecurityAttributes to specify the configuration of the builtin endpoints. This can be done by replacing the is_discovery_protected and is_liveliness_protected booleans with the EndpointSecurityAttributes fields for each type of endpoint as in:
struct ParticipantSecurityAttributes { .... EndpointSecurityAttributes discovery_endpoint_attributes; EndpointSecurityAttributes liveliness_endpoint_attributes; ... };
That way the DDS core can treat the builtin endpoints as any other endpoint with regards to security.
Note that this approach is already followed for the ParticipantVolatileMessageSecureMessage. Its behavior is specified in 7.4.4.2 given its EndpointSecurityAttributes which are hardcoded in the specification.
-
Reported: DDS-SECURITY 1.0 — Wed, 31 May 2017 23:38 GMT
-
Disposition: Resolved — DDS-SECURITY 1.1
-
Disposition Summary:
Define the TopicSecurityAttributes for the secure builtin topics
The cryptographic behavior of the secure builtin topics (for example DCPSPublicationsSecure) can be configured via existing elements in the DomainGovernance file. Clearly define how those elements impact the secure builtin topics.
-
Updated: Tue, 19 Dec 2017 20:03 GMT
DDSSEC11 — Unify treatment of builtin endpoints with that of regular endpoints
- Key: DDSSEC11-94
- OMG Task Force: DDS Security 1.1 RTF