DDS-Security 1.0 FTF Avatar
  1. OMG Issue

DDSSEC_ — New callback for authentication failures

Open Closed All
  • Key: DDSSEC_-30
  • Legacy Issue Number: 19795
  • Status: closed  
  • Source: ZettaScale Technology ( Mr. Julien Enoch)
  • Summary:

    When a DomainParticipant tries to authenticate itself with a remote DomainParticipant but is rejected by this one, there is no way for the user of this DomainParticipant to know it has been rejected (unless a potential security log).

    We could add an operation to the DDS::DomainParticipantListener (or to an inheriting class) to do such a callback:
    on_remote_authentication_failure(BuiltinParticipantKey_t remote_participant_key)
    which will be called each time the DomainParticipant is rejected by a remote DomainParticipant.

  • Reported: DDS-Security 1.0b1 — Thu, 11 Jun 2015 04:00 GMT
  • Disposition: Closed; No Change — DDS-Security 1.0
  • Disposition Summary:

    New callback for authentication rejection

    In general it is considered best-practice to not communicate on the network authentication failures, nor provide the reasons for it. In addition the suggested enhancement would require an extra message which increases the surface of a DOS attack.
  • Updated: Tue, 12 Jul 2016 14:45 GMT