[ros-users] [Discourse.ros.org] [Next Generation ROS] Non-DDS-based RMW implementation

ruffsl ros.discourse at gmail.com
Wed Aug 29 19:26:01 UTC 2018





[quote="GregBurns, post:5, topic:5890"]

Built-in security  messages are authenticates and encrypted end-to-end (node-to-node)

[/quote]



I went reading through the DPS docs and was concerned that the security section made no mention of a access control (like with DDS's specification):



https://intel.github.io/dps-for-iot/security.html



I then spotted a brief subsection in the tutorials page about adding support for access control by interjecting custom policy functionality that could operate on the context of the connection, be it subscription, publication or acknowledgement control:



https://intel.github.io/dps-for-iot/tutorials-security.html#adding-access-control



While that seems like a good start, I'd like to see a default plugin that could be shared among client libraries to maintain interoperability. I fear leaving everyone to writing their own Policy Enforcement Point (PEP) and/or Policy Decision Point (PDP) could lead to inconsistencies in interpretation and enforcement of access control implementations.



<details>

Also looks like policy to enforce would then reside within the local participant, and not necessarily originate from the remote subject unless some additional handshaking exchange is introduced. This would otherwise require distributing policy updates to the entire IoT network rather then just to the participant/subjects affected. Perhaps the policies could be bound to subjects via extensions to the signed certs when using DTLS with certificates, though I'm not sure I'd recommend that approach.











---

[Visit Topic](https://discourse.ros.org/t/non-dds-based-rmw-implementation/5890/7) or reply to this email to respond.









More information about the ros-users mailing list