.. include:: vars.rst

.. _section-sec-intro:

Introduction to RTI Security Plugins
====================================

.. only:: cpp98

   .. list-table::
      :name: TableModuleInfoCpp
      :widths: 20 80
      :header-rows: 0
      :class: longtable
      :stub-columns: 1

      * - Prerequisites
        - * |RTI_CONNEXT_TM| installed, including SDK (see the
            :link_connext_dds_pro_ig:`RTI Connext Installation Guide <>`)
          * |RTI_SP| installed (see the
            :link_connext_dds_secure_ig:`Security Plugins Installation Guide
            <>`)
          * Familiarity with |CONNEXT| (i.e., you’ve completed
            :link_connext_dds_pro_gsg_cpp98:`Introduction to Publish/Subscribe
            <intro_pubsub_cpp.html>`)
          * Familiarity with |CONNEXT| tools, such as
            |RTI_ADMINCONSOLE|
          * Familiarity with security concepts and techniques
            (digital certificates, public key infrastructure,
            private/public key pairs, authentication, encryption, etc.)
          * Familiarity with defining QoS profiles to |CONNEXT|
            applications in XML format
      * - Time to complete
        - 2 hours
      * - Concepts covered in this document
        - * Introduction to DDS Security and |RTI_SP|
          * Enabling Security Plugins in your |CONNEXT| applications
          * Dynamic linking against |RTI_SP| and OpenSSL
          * Translating the security requirements of your
            system to a |GovernanceDoc|
          * Publishing/Subscribing with different protection kinds
            (authentication, encryption, etc.)
          * Authenticating your applications with custom digital
            certificates and private keys
          * Defining privileges for your applications with |PermissionsDocs|

.. only:: cpp11

   .. list-table::
      :name: TableModuleInfoCpp11
      :widths: 20 80
      :header-rows: 0
      :class: longtable
      :stub-columns: 1

      * - Prerequisites
        - * |RTI_CONNEXT_TM| installed, including SDK (see the
            :link_connext_dds_pro_ig:`RTI Connext Installation Guide <>`)
          * |RTI_SP| installed (see the
            :link_connext_dds_secure_ig:`Security Plugins Installation Guide
            <>`)
          * Familiarity with |CONNEXT| (i.e., you’ve completed
            :link_connext_dds_pro_gsg_cpp11:`Introduction to Publish/Subscribe
            <intro_pubsub_cpp.html>`)
          * Familiarity with |CONNEXT| tools, such as |RTI_ADMINCONSOLE|
          * Familiarity with security concepts and techniques
            (digital certificates, public key infrastructure,
            private/public key pairs, authentication, encryption, etc.)
          * Familiarity with defining QoS profiles to |CONNEXT|
            applications in XML format
      * - Time to complete
        - 2 hours
      * - Concepts covered in this document
        - * Introduction to DDS Security and |RTI_SP|
          * Enabling Security Plugins in your |CONNEXT| applications
          * Dynamic linking against RTI Security Plugins and OpenSSL
          * Translating the security requirements of your
            system to a Governance Document
          * Publishing/Subscribing with different protection kinds
            (authentication, encryption, etc.)
          * Authenticating your applications with custom digital
            certificates and private keys
          * Defining privileges for your applications with Permissions Documents

|RTI_SP| allow you to address your databus
security requirements in a granular and pluggable way. To
support this, each of the |SP| covers a different aspect of security:

* **Authentication.** Provides the means to verify the identity
  of the application and/or user that invokes operations on DDS.
  Includes facilities to perform mutual authentication between
  |DPs| and establish a shared secret.
* **Access Control.** Provides the means to enforce policy decisions
  on what DDS-related operations an authenticated entity can perform.
  For example, which |DOMAINS| it can join, which |TOPICS| it can
  publish or subscribe to, etc.
* **Cryptography.** Implements (or interfaces with libraries that
  implement) all cryptographic operations including encryption,
  decryption, hashing, digital signatures, etc. This includes the
  means to derive keys from a shared secret.
* **Logging.** Supports auditing of all DDS security-relevant
  events.

The `OMG DDS Security specification
<https://www.omg.org/spec/DDS-SECURITY/>` defines a set of builtin
plugins for providing interoperable authentication, access control,
cryptography, and a logging |TOPIC|. The |SP| are the |CONNEXT|
implementation of these OMG DDS Security builtin interoperability
plugins. This way, the |SP| offer a DDS Security solution that can
interoperate with DDS implementations from other vendors.

.. figure:: /../shared_content/static/plugins-architecture.png
    :alt:
    :scale: 50%
    :name: FigureLayers
    :align: center

    Architecture of an application using |SP|. All the
    currently available security plugins (Authentication,
    Access Control, Cryptography and Logging) are implemented
    in a single nddssecurity library.

.. _section-sec-key-features:

Key Features
------------

* The OMG DDS Security specification decouples the different security aspects
  in a set of plugins:

  * **Authentication:** Ensures that DDS entities are authenticated.
  * **Access Control:** Enforces access control for |DOMAINS|, |TOPICS|, etc.
  * **Cryptography:** Maintains data integrity and confidentiality.
  * **Logging:** Supports auditing of all DDS security-relevant events,
    allowing you to increase the system’s visibility, which may help track and
    improve system’s availability.
* The |SP| can potentially run over any transport, including the builtin
  UDP transport with multicast and TCP transport.
* Secure multicast support enables efficient and scalable distribution of data
  to many |SUBs|.
* You can customize the |SP| to accommodate proprietary or FIPS 140-2
  compliant cryptography solutions, take advantage of custom security hardware
  or change the behavior of the plugins in any number of ways. The |SP| SDK
  enables you to customize the |SP| to meet your system's security
  requirements.
* The OMG DDS Security specification addresses the security aspect of the
  communication in a one-to-many, friendly, data-centric way, enabling
  applications to define different security policies based on the nature of
  the shared data. This aligns with the decentralized nature of DDS and
  asserts its benefits:

  * No single point of failure
  * High performance and scalability

* The |SP| support all of the cryptographic algorithms specified by
  the OMG DDS Security specification. For more information about the supported
  algorithms, refer to :link_connext_dds_secure_um:`Supported Cryptographic Algorithms
  in the Security Plugins User's Manual
  <p1_welcome/overview.html#supported-cryptographic-algorithms>`.


.. _section-sec-intro-paths:

Paths Mentioned in Documentation
--------------------------------

.. include:: ../../../connext_doc.1.0/srcDoc/getting_started/paths.txt