DDS-SECURITY 1.2 RTF Avatar
  1. OMG Issue

DDSSEC12 — check_remote_participant when default is ALLOW

  • Key: DDSSEC12-85
  • Status: open  
  • Source: Object Computing, Inc. - OCI ( Adam Mitz)
  • Summary:

    The check_remote_participant row of Table 63 contains the text:

    If the Permissions document contains a Grant for the remote
    DomainParticipant and the Grant contains an allow rule on the
    DomainParticipant domain_id, then the operation shall succeed and
    return TRUE.

    It seems like the intent is to ensure that there is some possible Action that this participant can do in the domain. That should take into account a <default>ALLOW</default> permission.

    In general the <default> XML element seems to be not fully/consistently described in the section for Built-In Access Control. The xsd says it must be present, but section 9.4.1.3.2.3 says it may not be.

  • Reported: DDS-SECURITY 1.1b1 — Tue, 23 Jun 2020 04:13 GMT
  • Updated: Thu, 21 Oct 2021 10:39 GMT