6. Access Control Configuration¶
This section provides a detailed description of the OpenSplice access control policy configuration.
Each configuration parameter will be explained by means of an extensive description together with the tabular summary that contains the following information:
- Full path -
Describes the location of the item within a complete configuration. Because the configuration is in XML format, an XPath expression is used to point out the name and location of the configuration item.
- Format -
Describes the format of the value of the configuration item.
- Dimension -
Describes the unit for the configuration item (for instance seconds or bytes).
- Default value -
Describes the default value that is used by the service when the configuration item is not set in the configuration.
- Valid values -
Describes the valid values for the configuration item. This can be a range or a set of values.
If the configuration parameter is an XML attribute, the table also contains the following information:
- Required -
Describes whether the attribute is required or if it is optional.
If the configuration parameter is an XML element, the table also contains the following information:
- Occurrences -
Describes the range of the possible number of occurrences of the element in the configuration by specifying the minimum and maximum number of occurrences.
6.1. Access Control Policy Elements¶
When access control is enabled a file containing the access control policy configuration is referenced in the secure networking configuration.
The access control policy configuration expects a root element
named accessControlPolicy. Elements defined in an access control
policy are listed and explained in the following sections.
6.1.1. Element secrecyLevels/secrecyLevel¶
The access control policy contains a hierarchical list of
secrecy levels which are grouped under the secrecyLevels
element. Typical secrecy levels would be: UNCLASSIFIED,
RESTRICTED, CONFIDENTIAL, SECRET, and TOP_SECRET.
Note that the order of defined secrecy levels is important:
secrecy levels are listed from weakest to strongest.
Full Path |
accessControlPolicy/secrecyLevels/secrecyLevel |
Format |
string |
Dimension |
none |
Default Value |
none |
Valid Values |
any |
Occurrences (min-max) |
0 - * |
Remarks |
Listed from the weakest to the strongest level. |
6.1.2. Element integrityLevels/integrityLevel¶
The access control policy contains a list of integrity levels
which are grouped under the integrityLevels element.
The order of defined integrity levels is important. Integrity
levels are listed from the weakest to the strongest.
Full Path |
accessControlPolicy/integrityLevels/integrityLevel |
Format |
string |
Dimension |
none |
Default Value |
none |
Valid Values |
any |
Occurrences (min-max) |
0 - * |
Remarks |
Listed from the weakest to the strongest level. |
6.1.3. Element users/user¶
The users section contains a set of users. A user has an id, a
clearance, and a list of authentication mechanisms.
6.1.3.1. Element id¶
Full Path |
accessControlPolicy/users/user/id |
Format |
string |
Dimension |
none |
Default Value |
none |
Valid Values |
any |
Occurrences (min-max) |
0 - 1 |
Remarks |
none |
6.1.3.2. Element Clearance¶
A clearance consists of this user’s secrecy level, integrity level, and a set of compartments.
6.1.3.2.1. Element secrecyLevel¶
Defines this user’s secrecy level.
Full Path |
accessControlPolicy/users/user/clearance/secrecyLevel |
Format |
string |
Dimension |
none |
Default Value |
none |
Valid Values |
any, defined in accessControlPolicy/secrecyLevels |
Occurrences (min-max) |
0 - 1 |
Remarks |
none |
6.1.3.2.2. Element integrityLevel¶
Defines this user’s integrity level.
Full Path |
accessControlPolicy/users/user/clearance/integrityLevel |
Format |
string |
Dimension |
none |
Default Value |
none |
Valid Values |
any, defined in accessControlPolicy/integrityLevels |
Occurrences (min-max) |
0 - 1 |
Remarks |
none |
6.1.3.2.3. Element compartments/compartment¶
The compartments section contains a set of compartments this
user is entitled to access.
Full Path |
accessControlPolicy/users/user/clearance/compartments/compartment |
Format |
string |
Dimension |
none |
Default Value |
none |
Valid Values |
any |
Occurrences (min-max) |
0 - * |
Remarks |
none |
6.1.3.3. Element authentication¶
This element contains a list of authentication mechanisms for this user.
Currently, OpenSplice supports SSL X.509 Certificate
Authentication. Other authentication mechanisms (such as user
ID/password authentication) may be available in a future release.
6.1.3.3.1. Element x509Authentication¶
Defines properties of x509 (SSL certificate) authentication.
Element subject
Full Path |
accessControlPolicy/users/user/authentication/x509Authentication/subject |
Format |
string |
Dimension |
none |
Default Value |
none |
Valid Values |
any |
Occurrences (min-max) |
0 - 1 |
Remarks |
The distinguished name (DN) of the certificate the user transmits to authenticate to the system (single elements of the distinguished name have to be separated by a comma). |
Note that the user’s certificate DN must be unique: ensure that
multiple users do not share the same client certificate DN.
6.1.4. Element resources/resource¶
The resources section contains a set of resources, in other
words, the objects to be protected.
A resource has a resource identification (made up of the resource’s type, id, and topic or partitions, respectively) and a classification (containing the resource’s secrecy and integrity level and a list of compartments). The classification is used for mandatory access control.
6.1.4.1. Element type¶
Defines the type of this resource. A resource can have the type
PARTITION or TOPIC.
Full Path |
accessControlPolicy/resources/resource/type |
Format |
string |
Dimension |
none |
Default Value |
none |
Valid Values |
“PARTITION” or “TOPIC” |
Occurrences (min-max) |
0 - 1 |
Remarks |
none |
6.1.4.2. Element id¶
Defines this resource’s id.
Full Path |
accessControlPolicy/resources/resource/id |
Format |
string |
Dimension |
none |
Default Value |
none |
Valid Values |
any valid topic or partition name of a DDS domain |
Occurrences (min-max) |
0 - 1 |
Remarks |
This is related to the type element value. |
6.1.4.3. Element topics/topic¶
The topics section contains a set of topics. This element is
only valid if the type of the resource is TOPIC. It lists all
valid topics that may be part of this partition.
Full Path |
accessControlPolicy/resources/resource/topics/topic |
Format |
string |
Dimension |
none |
Default Value |
none |
Valid Values |
any valid topic of a DDS domain |
Occurrences (min-max) |
0 - 1 |
Remarks |
Exists only if element type = PARTITION |
6.1.4.4. Element partitions/partition¶
The partitions section contains a set of partitions. This
element is only valid if the type of the resource is PARTITION.
It lists all valid partitions that may be part of this partition.
Full Path |
accessControlPolicy/resources/resource/partitions/partition |
Format |
string |
Dimension |
none |
Default Value |
none |
Valid Values |
any valid partition of a DDS domain |
Occurrences (min-max) |
0 - * |
Remarks |
Exists only if element type = TOPIC |
6.1.4.5. Element classification¶
A classification consists of this resource’s secrecy level, integrity level, and a set of compartments.
6.1.4.5.1. Element secrecyLevel¶
Defines this resource’s secrecy level.
Full Path |
accessControlPolicy/resources/resource/classification/secrecyLevel |
Format |
string |
Dimension |
none |
Default Value |
none |
Valid Values |
any, defined in accessControlPolicy/secrecyLevels |
Occurrences (min-max) |
0 - 1 |
Remarks |
none |
6.1.4.5.2. Element integrityLevel¶
Defines this resource’ integrity level.
Full Path |
accessControlPolicy/resources/resource/classification/integrityLevel |
Format |
string |
Dimension |
none |
Default Value |
none |
Valid Values |
any, defined in accessControlPolicy/integrityLevels |
Occurrences (min-max) |
0 - 1 |
Remarks |
none |
6.1.4.5.3. Element compartments/compartment¶
The compartments section contains a set of compartments this
resource is intended for.
Full Path |
accessControlPolicy/resources/resource/classification/compartments/compartment |
Format |
string |
Dimension |
none |
Default Value |
none |
Valid Values |
any |
Occurrences (min-max) |
0 - * |
Remarks |
none |
6.2. Access Control Example Configuration¶
The following XML shows an example access control policy.
<accessControlPolicy>
<secrecyLevels> <!-- for MAC -->
<secrecyLevel>UNCLASSIFIED</secrecyLevel>
<secrecyLevel>CONFIDENTIAL</secrecyLevel>
<secrecyLevel>SECRET</secrecyLevel>
<secrecyLevel>TOP_SECRET</secrecyLevel>
</secrecyLevels>
<integrityLevels> <!-- for MAC -->
<integrityLevel>LEVEL_0</integrityLevel>
<integrityLevel>LEVEL_1</integrityLevel>
<integrityLevel>LEVEL_2</integrityLevel>
</integrityLevels>
<users>
<user>
<id>user1</id>
<clearance> <!-- for MAC -->
<secrecyLevel>CONFIDENTIAL</secrecyLevel>
<integrityLevel>LEVEL_2</integrityLevel>
<compartments>
<compartment>US Only</compartment>
<compartment>Air Force</compartment>
<compartment>Radar</compartment>
</compartments>
</clearance>
<authentication>
<x509Authentication>
<subject>DN</subject>
</x509Authentication>
</authentication>
</user>
<user>
<id>user2</id>
<authentication>
<x509Authentication>
<subject>DN2</subject>
</x509Authentication>
</authentication>
</user>
</users>
<resources>
<resource>
<type>PARTITION</type>
<id>chat</id>
<topics>
<topic>ChatMessage</topic>
<topic>NamedMessage</topic>
</topics>
<classification> <!-- for MAC -->
<secrecyLevel>CONFIDENTIAL</secrecyLevel>
<integrityLevel>LEVEL_1</integrityLevel>
<compartments>
<compartment>US Only</compartment>
<compartment>Air Force</compartment>
</compartments>
</classification>
</resource>
<resource>
<type>TOPIC</type>
<id>pingpong</id>
<partitions>
<partition>PING</partition>
<partition>PONG</partition>
</partitions>
</resource>
<resource>
<type>TOPIC</type>
<id>topic1</id>
<partitions>
</partitions>
</resource>
</resources>
</accessControlPolicy>
