The components of this parameter are defined in Table 196.

Table 196– UserTokenPolicy

Name

Type

Description

UserTokenPolicy

structure

Specifies a UserIdentityToken that aServer will accept.

policyId

String

An identifier for the UserTokenPolicy assigned by the Server.

The Clientspecifies this value when it constructs a UserIdentityToken that conforms to the policy.

This value is only unique within the context of a single Server.

tokenType

Enum

User TokenType

The type of user identity token required. The UserTokenType is defined in 7.43

A tokenType of ANONYMOUSindicates that the Serverdoes not require any user identification. In this case, the Client Application Instance Certificateis used as the user identification.

issuedTokenType

String

A URI for the type of token.

OPC 10000-6defines URIs for common issued token types.

Vendors may specify their own token types.

This field may only be specified if TokenTypeis ISSUEDTOKEN.

issuerEndpointUrl

String

An optional string which depends on the Authorization Service.

The meaning of this value depends on the issuedTokenType.Further details for the different token types are defined in OPC 10000-6.

For JWTs this is a JSON object with fields defined in OPC 10000-6.

securityPolicyUri

String

The security policy to use when encrypting or signing the UserIdentityTokenwhen it is passed to the Serverin the ActivateSessionrequest. Clause 7.41describes how this parameter is used.

The security policy for the SecureChannel is used if this value is null or empty.