2.2.2. RTI Security Plugins

2.2.2.1. Configuration Changes

2.2.2.1.1. Enabling Key Revisions requires a Governance Rule

This release of the Security Plugins introduces the enable_key_revision Governance Rule, as defined in the OMG DDS Security 1.2 specification. If you are currently setting the dds.participant.trust_plugins.key_revision_max_history_depth property to a value other than 0 in your DomainParticipantQos, then starting in this release you must also set the enable_key_revision Domain Rule to true in your Governance Document. Here is an example:

<domain_access_rules>
    <domain_rule>
        <domains>
            <id_range>
                <min>0</min>
            </id_range>
        </domains>
        <allow_unauthenticated_participants>false</allow_unauthenticated_participants>
        <enable_join_access_control>true</enable_join_access_control>
        <enable_key_revision>true</enable_key_revision> <!-- Add this line here. -->
        <discovery_protection_kind>ENCRYPT</discovery_protection_kind>

Then, you must re-sign the Governance Document with the Permissions Certificate Authority.

2.2.2.1.2. Key Revision Max History Depth must be at least 8

If you are currently setting the dds.participant.trust_plugins.key_revision_max_history_depth property value to 7, then starting in this release you must now increase this value to at least 8, since 8 is the new minimum value if you are not setting the property value to 0.

2.2.2.2. SDK Changes

This release of the Security Plugins introduces changes in the Service Plugin Interface (SPI). If you have implemented custom plugins, you may need to update them for compatibility. See the Service Plugin Interface (SPI) Notes section of the Security Plugins SDK documentation for more information. In your Connext installation, find the documentation inside the security-buildsrc/doc folder.