DDS-Security 1.0 FTF Avatar
  1. OMG Issue

DDSSEC_ — Is there implicit handling for builtin secure endpoints in the access control plugin?

  • Key: DDSSEC_-74
  • Status: closed  
  • Source: Twin Oaks Computing, Inc. ( Mr. Clark Tucker)
  • Summary:

    Should there be 'implicit' governance rules for the builtin secure endpoints? OR, must they be listed (or defaulted) in DomainGovernance just like any other topic?

    This impacts the behavior of:
    get_endpoint_sec_attributes()

  • Reported: DDS-Security 1.0b1 — Tue, 17 Nov 2015 14:04 GMT
  • Disposition: Resolved — DDS-Security 1.0
  • Disposition Summary:

    *Fully specify the behavior of the AccessControl plugin for the builtin endpoints *

    The objective is to clarify the use of the AccessControl Plugin when creating/matching the builtin secure endpoints .
    The behavior of the Crypto plugin relative to the builtin secure endpoints seems reasonably clear so there is not need to add extra material on this one.

    Propose to add two new sections 8.8.3 (DDS Entities impacted by the AccessControl operations) and 8.8.4 (AccessControl behavior with local participant creation) to clarify this (see Specific Changes below).

    Add a Properties (sec 7.2.1) member to EndpointSecurityAttributes. Specify those are included in the ones passed to the CryptoFactory operations register_local_datawriter and register_local_datareader

    For symmetry so that this is also extensible add a Properties member to ParticipantSecurityAttributes. Specify those are are included in the ones passed to the CryptoFactory operation register_local_participant.

    The spec is inconsistent in that sometimes it uses "Properties" and others "PropertySeq". Also to be consistent with the DDS PIM naming of types the name should be changed from "Property" to "Property_t". To correct this the following changes should be applied: Change the name from "Property" to "Property_t" from "BinaryProperty" to "BinaryProperty_t" from "Properties" to "PropertySeq" and from "BinaryProperties" to "BinaryPropertySeq"

  • Updated: Tue, 12 Jul 2016 14:45 GMT
  • Attachments: