diff --git a/etc/cyclonedds.xsd b/etc/cyclonedds.xsd index 867f95b..3bd9a64 100644 --- a/etc/cyclonedds.xsd +++ b/etc/cyclonedds.xsd @@ -7,7 +7,7 @@ CycloneDDS configuration - + @@ -17,17 +17,18 @@ CycloneDDS configuration <p>The General element specifying Domain related settings.</p> - - - - - - - - - - - + + + + + + + + + + + + <p>This element is used to set thread properties.</p> @@ -38,8 +39,8 @@ CycloneDDS configuration - - + + @@ -146,6 +147,405 @@ though there is no good reason not to.</li></ul> + + + +<p>This element is used to configure Cyclone DDS with the DDS Security +specification plugins and settings.</p> + + + + + + + + + + + + +<p>This element configures the Access Control plugin of the DDS Security +specification.</p> + + + + + + + +RELOFF (cfg.access_control_plugin), pf_string, BLURB("<p>This element +specifies the library to be loaded as the DDS Security Access Control +plugin.</p> + + + + + + +RELOFF (cfg.access_control_plugin.library_finalize), pf_string, +BLURB("<p>This element names the finalization function of Access Control +plugin. This function is called to let the plugin release its +resources.</p> + + + + + + +RELOFF (cfg.access_control_plugin.library_init), pf_string, +BLURB("<p>This element names the initialization function of Access +Control plugin. This function is called after loading the plugin library +for instantiation purposes. Init function must return an object that +implements DDS Security Access Control interface.</p> + + + + + + +RELOFF (cfg.access_control_plugin.library_path), pf_string, +BLURB("<p>This element points to the path of Access Control plugin +library.</p> + +<p>It can be either absolute path excluding file extension ( +/usr/lib/dds_security_ac ) or single file without extension ( +dds_security_ac ).</p> + +<p>If single file is supplied, the library located by way of the current +working directory, or LD_LIBRARY_PATH for Unix systems, and PATH for +Windows systems.</p> + + + + + + + + + + + + + + +RELOFF (cfg.access_control_properties.governance), pf_string, +BLURB("<p>URI to the shared Governance Document signed by the Permissions +CA in S/MIME format</p> + +<p>URI schemes: file, data</p><br> + +<p>Examples file URIs:</p> + +<p><Governance>file:governance.smime</Governance></p> + +<p><Governance>file:/home/myuser/governance.smime</Governance></p><br> + +<p><Governance><![CDATA[data:,MIME-Version: 1.0</p> + +<p>Content-Type: multipart/signed; +protocol="application/x-pkcs7-signature"; micalg="sha-256"; +boundary="----F9A8A198D6F08E1285A292ADF14DD04F"</p> + +<p>This is an S/MIME signed message </p> + +<p>------F9A8A198D6F08E1285A292ADF14DD04F</p> + +<p><?xml version="1.0" encoding="UTF-8"?></p> + +<p><dds xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"</p> + +<p>xsi:noNamespaceSchemaLocation="omg_shared_ca_governance.xsd"></p> + +<p><domain_access_rules></p> + +<p> . . . </p> + +<p></domain_access_rules></p> + +<p></dds></p> + +<p>...</p> + +<p>------F9A8A198D6F08E1285A292ADF14DD04F</p> + +<p>Content-Type: application/x-pkcs7-signature; name="smime.p7s"</p> + +<p>Content-Transfer-Encoding: base64</p> + +<p>Content-Disposition: attachment; filename="smime.p7s"</p> + +<p>MIIDuAYJKoZIhv ...al5s=</p> + +<p>------F9A8A198D6F08E1285A292ADF14DD04F-]]</Governance></p> + + + + + + +RELOFF (cfg.access_control_properties.permissions), pf_string, +BLURB("<p>URI to the DomainParticipant permissions document signed by the +Permissions CA in S/MIME format</p> + +<p>The permissions document specifies the permissions to be applied to a +domain.</p><br> + +<p>Example file URIs:</p> + +<p><Permissions>file:permissions_document.p7s</Permissions></p> + +<p><Permissions>file:/path_to/permissions_document.p7s</Permissions></p> + +<p>Example data URI:</p> + +<p><Permissions><![CDATA[data:,.........]]</Permissions></p> + + + + + + +RELOFF (cfg.access_control_properties.permissions_ca), pf_string, +BLURB("<p>URI to a X509 certificate for the PermissionsCA in PEM +format.</p> + +<p>Supported URI schemes: file, data</p> + +<p>The file and data schemas shall refer to a X.509 v3 certificate (see +X.509 v3 ITU-T Recommendation X.509 (2005) [39]) in PEM format.</p><br> + +<p>Examples:</p><br> + +<p><PermissionsCA>file:permissions_ca.pem</PermissionsCA></p> + +<p><PermissionsCA>file:/home/myuser/permissions_ca.pem</PermissionsCA></p><br> + +<p><PermissionsCA>data:<strong>,</strong>-----BEGIN CERTIFICATE-----</p> + +<p>MIIC3DCCAcQCCQCWE5x+Z ... PhovK0mp2ohhRLYI0ZiyYQ==</p> + +<p>-----END CERTIFICATE-----</PermissionsCA></p> + + + + + + +<p>This element configures the Authentication plugin of the DDS Security +specification.</p> + + + + + + + + +RELOFF (cfg.authentication_plugin), pf_string, BLURB("<p>This element +specifies the library to be loaded as the DDS Security Access Control +plugin.</p> + + + + + + +RELOFF (cfg.authentication_plugin.library_finalize), pf_string, +BLURB("<p>This element names the finalization function of Authentication +plugin. This function is called to let the plugin release its +resources.</p> + + + + + + +RELOFF (cfg.authentication_plugin.library_init), pf_string, +BLURB("<p>This element names the initialization function of +Authentication plugin. This function is called after loading the plugin +library for instantiation purposes. Init function must return an object +that implements DDS Security Authentication interface.</p> + + + + + + +RELOFF (cfg.authentication_plugin.library_path), pf_string, +BLURB("<p>This element points to the path of Authentication plugin +library.</p> + +<p>It can be either absolute path excluding file extension ( +/usr/lib/dds_security_auth ) or single file without extension ( +dds_security_auth ).</p> + +<p>If single file is supplied, the library located by way of the current +working directory, or LD_LIBRARY_PATH for Unix systems, and PATH for +Windows systems.</p> + + + + + + + + + + + + + + + +RELOFF (cfg.authentication_properties.identity_ca), pf_string, +BLURB("<p>URI to the X509 certificate [39] of the Identity CA that is the +signer of Identity Certificate.</p> + +<p>Supported URI schemes: file, data</p> + +<p>The file and data schemas shall refer to a X.509 v3 certificate (see +X.509 v3 ITU-T Recommendation X.509 (2005) [39]) in PEM format.</p> + +<p>Examples:</p> + +<p><IdentityCA>file:identity_ca.pem</IdentityCA></p> + +<p><IdentityCA>data:,-----BEGIN CERTIFICATE-----<br> + +MIIC3DCCAcQCCQCWE5x+Z...PhovK0mp2ohhRLYI0ZiyYQ==<br> + +-----END CERTIFICATE-----</IdentityCA></p> + + + + + + +RELOFF (cfg.authentication_properties.identity_certificate), pf_string, +BLURB("<p>Identity certificate that will be used for identifying all +participants in the OSPL instance.<br>The content is URI to a X509 +certificate signed by the IdentityCA in PEM format containing the signed +public key.</p> + +<p>Supported URI schemes: file, data</p> + +<p>Examples:</p> + +<p><IdentityCertificate>file:participant1_identity_cert.pem</IdentityCertificate></p> + +<p><IdentityCertificate>data:,-----BEGIN CERTIFICATE-----<br> + +MIIDjjCCAnYCCQDCEu9...6rmT87dhTo=<br> + +-----END CERTIFICATE-----</IdentityCertificate></p> + + + + + + +RELOFF (cfg.authentication_properties.password), pf_string, BLURB("<p>A +password used to decrypt the private_key.</p> + +The value of the password property shall be interpreted as the Base64 +encoding of the AES-128 key that shall be used to decrypt the private_key +using AES128-CBC.</p> + +If the password property is not present, then the value supplied in the +private_key property must contain the unencrypted private key. </p> + + + + + + +RELOFF (cfg.authentication_properties.private_key), pf_string, +BLURB("<p>URI to access the private Private Key for all of the +participants in the OSPL federation.</p> + +<p>Supported URI schemes: file, data</p> + +<p>Examples:</p> + +<p><PrivateKey>file:identity_ca_private_key.pem</PrivateKey></p> + +<p><PrivateKey>data:,-----BEGIN RSA PRIVATE KEY-----<br> + +MIIEpAIBAAKCAQEA3HIh...AOBaaqSV37XBUJg==<br> + +-----END RSA PRIVATE KEY-----</PrivateKey></p> + + + + + + +RELOFF (cfg.authentication_properties.trusted_ca_dir), pf_string, +BLURB("<p>Trusted CA Directory which contains trusted CA certificates as +separated files.</p> + + + + + + +<p>This element configures the Cryptographic plugin of the DDS Security +specification.</p> + + + + + + +RELOFF (cfg.cryptography_plugin), pf_string, BLURB("<p>This element +specifies the library to be loaded as the DDS Security Cryptographic +plugin.</p> + + + + + + +RELOFF (cfg.cryptography_plugin.library_finalize), pf_string, +BLURB("<p>This element names the finalization function of Cryptographic +plugin. This function is called to let the plugin release its +resources.</p> + + + + + + +RELOFF (cfg.cryptography_plugin.library_init), pf_string, BLURB("<p>This +element names the initialization function of Cryptographic plugin. This +function is called after loading the plugin library for instantiation +purposes. Init function must return an object that implements DDS +Security Cryptographic interface.</p> + + + + + + +RELOFF (cfg.cryptography_plugin.library_path), pf_string, BLURB("<p>This +element points to the path of Cryptographic plugin library.</p> + +<p>It can be either absolute path excluding file extension ( +/usr/lib/dds_security_crypto ) or single file without extension ( +dds_security_crypto ).</p> + +<p>If single file is supplied, the library located by way of the current +working directory, or LD_LIBRARY_PATH for Unix systems, and PATH for +Windows systems.</p> + + + + + + + + +