DDSSEC13 — Support dynamic certificates and permissions

Update the class id minor version in all tokens

From 1.2 to 1.3.

Fix the class ids for several of the secuerity tokens

The class_id attribute in various Tokens includes the Plugin Name and a version number. The intention was that the version number would track the specification version so that it could be used to understand the format of the Token. However, this is not done consistently. Furthermore, when there are multiple tokens with the same class id, they are differentiated by appending the '+' character and a suffix. This is not done in all cases.

We will fix the following irregularities:

Add the IdentityCredentialToken type

The class_id for the token will be DDS:Auth:PKI-DH:1.3+IdCred.

Fix the PermissionsCredentialToken property name

From dds.pem.cert to c.perm.

Changes to the Governance Document

Add the <identity_credential_authority_validation> xml complex optional type with two <ocsp> and <crl> optional elements. Their possible values are AUTO, REQUIRED, and IGNORED.

New authentication properties

• Added the dds.sec.auth.ocsp_responder_uri property for configuring the OCSP responder.
• Added the dds.sec.auth.crl property for configuring the Certificate Revocation List.

Changes to the Security Plugins Interface

Authentication plugin

• get_identity_credential_token
• return_identity_credential_token
• set_remote_identity_credential_token
• set_remote_identity_status_token
• set_property_qos
• validate_status

Access Control plugin

• set_remote_permissions_credential_token
• set_property_qos
• validate_status

Cryptography plugin

• set_property_qos

Changes to the listener classes

• on_status_changed operation for the AccessControlListener interface
• Add the AccessControlStatusKind enum with PERMISSIONS_CREDENTIAL as the only value currently possible.
• Modify the AuthStatusKind enum kind so that besides the current IDENTITY_STATUS value, it also supports IDENTITY_CREDENTIAL, IDENTITY_VALIDATION_CONTEXT, and ALL.