====== OMG: DDS Security (DDS-SECURITY) ======
[[ddsf:public:guidebook:06_append:01_family_of_standards:start| return to the DDS Family of Standards ]]
Data sheet for DDS Security ( DDS-SECURITY)
| Title | DDS Security |
| Acronym | DDS-SECURITY |
| Version | 1.1 |
| OMG Document Number | formal/18-04-01 |
| Release Date | July 2018 |
| About Specification | [[https://www.omg.org/spec/DDS-SECURITY/1.1/]] |
| Document | [[https://www.omg.org/spec/DDS-SECURITY/1.1/PDF]]|
: **Note**: The following is an excerpt from the actual document. It is provided here as a convenience and is not authoritative. Refer to the original document as the authoritative reference.
===== General =====
This specification adds several new “DDS Security Support” compliance points (“profile”) to the [[ddsf:public:guidebook:06_append:glossary:d:data_distribution_service_dds]]
Specification. See the compliance levels within the Conformance Clause below.
===== Overview of this Specification =====
This specification defines the [[ddsf:public:guidebook:06_append:glossary:s:securitymodel|Security Model]] and [[ddsf:public:guidebook:06_append:glossary:s:service_plugin_interface]] architecture for compliant DDS implementations. The DDS Security Model is enforced by the invocation of these SPIs by the DDS implementation. This specification also defines a set of builtin implementations of these SPIs.
* The specified builtin SPI implementations enable out-of-the box security and [[ddsf:public:guidebook:06_append:glossary:i:interoperability|interoperability]] between compliant [[ddsf:public:guidebook:06_append:glossary:d:ddsapplication|DDS Applications]].
* The use of SPIs allows DDS users to customize the behavior and technologies that the DDS implementations use for Information Assurance, specifically customization of [[ddsf:public:guidebook:06_append:glossary:a:authentication]], [[ddsf:public:guidebook:06_append:glossary:a:accesscontrol]], [[ddsf:public:guidebook:06_append:glossary:e:encryption|Encryption]], Message Authentication, Digital Signing, [[ddsf:public:guidebook:06_append:glossary:d:datalog|Logging]] and Data Tagging.
{{ :ddsf:resources:overall_architecture_for_dds_security.png?700 |}}
Overall architecture for [[ddsf:public:guidebook:06_append:glossary:d:data_distribution_service_dds]] Security
This specification defines five SPIs that when combined together provide Information Assurance to
DDS systems:
* //**Authentication** Service Plugin. Provides the means to verify the identity of the application
and/or user that invokes operations on DDS. Includes facilities to perform mutual
authentication between participants and establish a shared secret.//
* //**AccessControl** Service Plugin. Provides the means to enforce policy decisions on what DDS
related operations an authenticated user can perform. For example, which domains it can join,
which Topics it can publish or subscribe to, etc.//
* //**Cryptographic** Service Plugin. Implements (or interfaces with libraries that implement) all
cryptographic operations including encryption, decryption, hashing, digital signatures, etc. This
includes the means to derive keys from a shared secret.//
* //**Logging** Service Plugin. Supports auditing of all DDS security-relevant events.//
* //**Data Tagging** Service Plugin. Provides a way to add tags to data samples.//
Source: [[https://www.omg.org/spec/DDS-SECURITY | DDS Security 1.1]]
/**=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
/* To add a discussion page to this page, comment out the line that says
~~DISCUSSION:off~~
*/
~~DISCUSSION:on|Outstanding Issues~~
~~DISCUSSION:off~~