DDS Security 1.0 FTF 2 — Open Issues - OMG Issue Tracker

Key: DDSSEC_-72

Status: closed

Source: Twin Oaks Computing, Inc. ( Mr. Clark Tucker)

Summary:

The mechanism of testing the 'partition' for match is not fully described. A “rule” specifies a set of partition names, and an “entity” provides a set of partition names.

What is sufficient to determine that a match exists: exact set match, set intersection, strict subset match?

This impacts the behavior of these methods on AccessControl:
check_create_datareader()
check_create_datawriter()
check_remote_datareader()
check_remote_datawriter()

Reported: DDS-Security 1.0b1 — Tue, 17 Nov 2015 13:57 GMT

Disposition: Resolved — DDS-Security 1.0

Disposition Summary:

Modify Permissions Document Schema to clarify rules for multiple partitions and topics

Modify the XSD for the Permissions document so that each "grant" (publish/subscribe) contains three sections: <topics>, <partitions>, and <data_tags>.

The <data_tags> remains as before.
The <topics> section contains a list of topic expressions, each enclosed by the <topic> tag.
The <partitions> section contains a list of partition expressions, each enclosed by the <partition> tag.

For the grant to match there shall be a match of the topics, partitions, and data-tags criteria. This is interpreted as an AND of each of the criteria. For a specific criteria to match (e.g. <topics>) it is enough that one of the topic expressions listed matches (i.e. an OR of the expressions with the <topics> section).

This change applies to the Permissions XSD as well as the Example Permissions files which appear both inside the specification and as separate machine readable documents.

Updated: Tue, 12 Jul 2016 14:45 GMT

Attachments:

omg_shared_ca_permissions_example_i72.xml 4 kB (application/xml)
omg_shared_ca_permissions_i72.xsd 4 kB (text/xml)