Jump to content
OpenSplice DDS Forum

Search the Community

Showing results for tags 'ACCESS_POLICY'.



More search options

  • Search By Tags

    Type tags separated by commas.
  • Search By Author

Content Type


Forums

  • About OpenSplice DDS
    • News and Events
    • Site Feedback
  • Using OpenSplice DDS
    • General
    • Troubleshooting
  • Understanding OpenSplice DDS
    • OpenSplice DDS Slideshows
    • OpenSplice DDS Movies
  • Community
    • Project: SIMD
    • Project: CamelOS
    • Project: DDS Touchstone
    • Project: RESTful DDS
    • Mac OS X

Calendars

  • Community Calendar

Found 1 result

  1. MAC access policy

    Hello All, I am using OpenSpliceVersion : 6.1 evaluation DDSServer has the list of trusted certificates of the users, i would like to restrict the users who are all not in the server trusted list. How can i implement this ?? I have configured x509 authentication and MAC access policy. Really i am struggling to know how it will work. Please explain MAC access policy. Following server configuration i done so far, ospl.xml <OpenSplice> <Domain> <Name>DDSServer</Name> <Id>0</Id> <Database> <Size>10485760</Size> </Database> <Service enabled="true" name="networking"> <Command>snetworking</Command> </Service> <Service name="durability"> <Command>durability</Command> </Service> <Service name="cmsoap"> <Command>cmsoap</Command> </Service> </Domain> <NetworkService name="networking"> <Partitioning> <GlobalPartition Address="broadcast,x.x.x.x" SecurityProfile="GlobalProfile"/> </Partitioning> <Security enabled="true" > <SecurityProfile Name="GlobalProfile"Cipher="aes128" CipherKey="716AC3C0333D38D61B4CA0734C7A7274" /> [b] <AccessControl enabled="true" policy="file:///opt/PrismTech/OpenSpliceDDS/V6.1.1p1/HDE/x86_64.linux2.6-debug/etc/config/access_policy.xml"> <AccessControlModule enabled="true" type="MAC"/> </AccessControl>[/b] [b] <Authentication enabled="true"> <X509Authentication> <Credentails> <Key>file:///opt/PrismTech/OpenSpliceDDS/V6.1.1p1/HDE/x86_64.linux2.6-debug/keyCerts/key.dds.test.pem</Key> <Cert>file:///opt/PrismTech/OpenSpliceDDS/V6.1.1p1/HDE/x86_64.linux2.6-debug/keyCerts/dds.test.pem</Cert> </Credentails> <TrustedCertificates>file:///opt/PrismTech/OpenSpliceDDS/V6.1.1p1/HDE/x86_64.linux2.6-debug/keyCerts/trusted/agent.test.pem</TrustedCertificates> </X509Authentication> </Authentication>[/b] </Security> <Channels> <Channel enabled="true" name="default" default="true"> <PortNr>2020</PortNr> </Channel> </Channels> </NetworkService> <DurabilityService name="durability"> <Network> <Alignment> <TimeAlignment>FALSE</TimeAlignment> <RequestCombinePeriod> <Initial>2.5</Initial> <Operational>0.1</Operational> </RequestCombinePeriod> </Alignment> <WaitForAttachment maxWaitCount="10"> <ServiceName>networking</ServiceName> </WaitForAttachment> </Network> <NameSpaces> <NameSpace name="defaultNamespace"> <Partition>*</Partition> </NameSpace> <Policy nameSpace="defaultNamespace" durability="Durable" alignee="Initial" aligner="True"/> </NameSpaces> </DurabilityService> <TunerService name="cmsoap"> <Server> <PortNr>50000</PortNr> </Server> </TunerService> </OpenSplice> access_policy.xml <accessControlPolicy> <secrecyLevels> <!-- for MAC --> <secrecyLevel>UNCLASSIFIED</secrecyLevel> <secrecyLevel>RESTRICTED</secrecyLevel> <secrecyLevel>CONFIDENTIAL</secrecyLevel> <secrecyLevel>SECRET</secrecyLevel> <secrecyLevel>TOP_SECRET</secrecyLevel> </secrecyLevels> <integrityLevels> <!-- for MAC --> <integrityLevel>LEVEL_0</integrityLevel> <integrityLevel>LEVEL_1</integrityLevel> <integriyLevel>LEVEL_2</integrityLevel> </integrityLevels> <users> <user> <id>123</id> <clearance> <!-- for MAC --> <secrecyLevel>RESTRICTED</secrecyLevel> <integrityLevel>LEVEL_2</integrityLevel> <compartments> <compartment>US</compartment> </compartments> </clearance> <authentication> <x509Authentication> <subject>agent.test.com</subject> </x509Authentication> </authentication> </user> </users> <resources> <resource> <type>PARTITION</type> <id>HelloWorld example</id> <topics> <topic>HelloWorldData_Msg<topic> <topics> <classification> <!-- for MAC --> <secrecyLevel>RESTRICTED</secrecyLevel> <integrityLevel>LEVEL_2</integrityLevel> <compartments> <compartment>US</compartment> </compartments> </classification> <resource> </resources> </accessControlPolicy> Thanks -Viswa
×