3.2.2. RTI Security Plugins

3.2.2.1. Configuration Changes

3.2.2.1.1. Enabling Key Revisions requires a Governance Rule

Note

If you are migrating to 7.6.0 or above, then this migration step is not applicable because starting in 7.6.0, Key Revisions are enabled by default.

This release of the Security Plugins introduces the enable_key_revision Governance Rule, as defined in the OMG DDS Security 1.2 specification. If you are currently setting the dds.participant.trust_plugins.key_revision_max_history_depth property to a value other than 0 in your DomainParticipantQos, then starting in this release you must also set the enable_key_revision Domain Rule to true in your Governance Document. Here is an example:

<domain_access_rules>
    <domain_rule>
        <domains>
            <id_range>
                <min>0</min>
            </id_range>
        </domains>
        <allow_unauthenticated_participants>false</allow_unauthenticated_participants>
        <enable_join_access_control>true</enable_join_access_control>
        <enable_key_revision>true</enable_key_revision> <!-- Add this line here. -->
        <discovery_protection_kind>ENCRYPT</discovery_protection_kind>

Then, you must re-sign the Governance Document with the Permissions Certificate Authority.

If you need to use the same Governance Document in both 7.5.0 and an older release, then you may add must_interpret="false" as described in Keeping Governance and Permissions Compatibility Across Different Security Plugins Versions in the RTI Security Plugins User’s Manual:

<enable_key_revision must_interpret="false">true</enable_key_revision>

3.2.2.1.2. Key Revision Max History Depth must be at least 8

If you are currently setting the dds.participant.trust_plugins.key_revision_max_history_depth property value to 7, then starting in this release you must now increase this value to at least 8, since 8 is the new minimum value if you are not setting the property value to 0.

3.2.2.2. SDK Changes

This release of the Security Plugins introduces changes in the Service Plugin Interface (SPI). If you have implemented custom plugins, you may need to update them for compatibility. See the Service Plugin Interface (SPI) Notes section of the Security Plugins SDK documentation for more information. In your Connext installation, find the documentation inside the security-buildsrc/doc folder.