6. DDS-Security¶

Vortex Link is able to route secured traffic between applications using standard DDS Security. Vortex Link will not try to authenticate applications nor decode encrypted messages. It will simply route authentication messages, crypto tokens and encrypted messages between secured applications so that they can authenticate each other and exchange encrypted messages end-to-end.

So Vortex Link does not need to be configured with any certificate or security plugin and does not need to be trusted (it will not decode encrypted messages).

6.1. Limitations¶

Vortex Link can only route data between participants configured with allow_unauthenticated_participants set to false.

Vortex Link can only route data between participants configured with rtps_protection_kind set to NONE.

If the participants are configured with discovery_protection_kind set to ENCRYPT, SIGN, ENCRYPT_WITH_ORIGIN_AUTHENTICATION or SIGN_WITH_ORIGIN_AUTHENTICATION, then Vortex Link can only route data on topics configured with enable_discovery_protection set to false.

Vortex Link can route data on topics configured with any data_protection_kind.

Vortex Link can route data on topics configured with any metadata_protection_kind. But, if metadata_protection_kind is set to ENCRYPT or ENCRYPT_WITH_ORIGIN_AUTHENTICATION, Vortex Link will forward encrypted messages to all participants that have matching entities with the participant that is source of the message (even if the matching entities are on a different topic than the topic of the encrypted meessage). This will lead to poor scalability and extra resources consumption.

6. DDS-Security¶

6.1. Limitations¶

Table Of Contents

Previous topic

Next topic

This Page