-
Key: DDSSEC12-101
-
Status: open
-
Source: Real-Time Innovations ( Dr. Gerardo Pardo-Castellote, Ph.D.)
-
Summary:
DomainTag was added to DDSI-RTPS as a mechanism to further identify/isolate DDS Domains beyond the separation provided by the DomainId. For two participants to be on the same domain both the DomainId and the DomainTag (a string) must match. The domain-tag string matching is literal (strcmp() character by character) there is no expressions.
Resulting from this it makes sense to add support for them to DDS security, without this support there would be no way to have different governance or permissions for domains that differ only on the DomainTag.
Adding support will impact the SPIs (e.g. extra parameters on validate_local_identity, validate_local_permissions, and most of thje check_operations. Operations that currently take the DomainId_t as a parameter should be expanded to also take a DomainTag.
Adding support will impact Governance and Permissions files.
E.g. the DomainIdSet should which is used on both files be expanded to incorporate domain tags. -
Reported: DDS-SECURITY 1.1b1 — Tue, 14 Mar 2023 19:48 GMT
-
Updated: Mon, 25 Mar 2024 15:55 GMT
-
Attachments:
- omg_shared_ca_governance.xsd 7 kB (text/xml)
- omg_shared_ca_governance_example.xml 5 kB (application/xml)
- omg_shared_ca_permissions.xsd 5 kB (text/xml)
- omg_shared_ca_permissions_example.xml 4 kB (application/xml)
DDSSEC12 — Add support for DomainTag to DDS-Security
- Key: DDSSEC12-101
- OMG Task Force: DDS Security 1.2 RTF