Table 15 defines the parameters for the Service.

Table 15 – CreateSession Service Parameters

Name

Type

Description

Request

requestHeader

RequestHeader

Common request parameters. The authenticationToken is always null.

The type RequestHeader is defined in 7.33.

clientDescription

Application Description

Information that describes the Client application.

The type ApplicationDescription is defined in 7.2.

serverUri

String

This value is only specified if the EndpointDescription has a gatewayServerUri.

This value is the applicationUri from the EndpointDescription which is the applicationUri for the underlying Server. The type EndpointDescription is defined in 7.14.

endpointUrl

String

The network address that the Client used to access the Session Endpoint.

The HostName portion of the URL should be one of the HostNames for the application that are specified in the Server’s ApplicationInstanceCertificate (see 7.3). The Server shall raise an AuditUrlMismatchEventType event if the URL does not match the Server’s HostNames. AuditUrlMismatchEventType event type is defined in OPC 10000-5.

The Server uses this information for diagnostics and to determine the set of EndpointDescriptions to return in the response.

sessionName

String

Human readable string that identifies the Session. The Server makes this name and the sessionId visible in its AddressSpace for diagnostic purposes. The Client should provide a name that is unique for the instance of the Client.

If this parameter is null or empty the Server shall assign a value.

clientNonce

ByteString

A random number that should never be used in any other request. This number shall have a minimum length of 32 bytes. Profiles may increase the required length. The Server shall use this value to prove possession of its Application Instance Certificate in the response.

clientCertificate

ApplicationInstance

Certificate

The Application Instance Certificate issued to the Client.

The ApplicationInstanceCertificate type is defined in 7.3.

If the securityPolicyUri is None, the Server shall ignore the ApplicationInstanceCertificate.

A Client shall prove possession by using the private key to sign the Nonce provided by the Server in the response. For SecureChannels that use the Application Instance Certificate the Server shall verify that this Certificate is the same as the one it used to create the SecureChannel.

Requested

SessionTimeout

Duration

Requested maximum number of milliseconds that a Session should remain open without activity. If the Client fails to issue a Service request within this interval, then the Server shall automatically terminate the Client Session.

maxResponse

MessageSize

UInt32

The maximum size, in bytes, for the body of any response message.

The Server should return a Bad_ResponseTooLarge service fault if a response message exceeds this limit.

The value zero indicates that this parameter is not used.

The transport protocols defined in OPC 10000-6 may imply minimum message sizes.

More information on the use of this parameter is provided in 5.3.

Response

responseHeader

ResponseHeader

Common response parameters (see 7.34 for ResponseHeader type).

sessionId

NodeId

A unique NodeId assigned by the Server to the Session. This identifier is used to access the diagnostics information for the Session in the Server AddressSpace. It is also used in the audit logs and any events that report information related to the Session. The Session diagnostic information is described in OPC 10000-5. Audit logs and their related events are described in 6.5.

authentication

Token

Session

AuthenticationToken

A unique identifier assigned by the Server to the Session. This identifier shall be passed in the RequestHeader of each request and is used with the SecureChannelId to determine whether a Client has access to the Session. This identifier shall not be reused in a way that the Client or the Server has a chance of confusing them with a previous or existing Session.

The SessionAuthenticationToken type is described in 7.36.

revisedSessionTimeout

Duration

Actual maximum number of milliseconds that a Session shall remain open without activity. The Server should attempt to honour the Client request for this parameter, but may negotiate this value up or down to meet its own constraints.

serverNonce

ByteString

A random number that should never be used in any other request.

This number shall have a minimum length of 32 bytes.

The Client shall use this value to prove possession of its Application Instance Certificate in the ActivateSession request.

This value may also be used to prove possession of the userIdentityToken it specified in the ActivateSession request.

serverCertificate

ApplicationInstance

Certificate

The Application Instance Certificate issued to the Server.

A Server shall prove possession by using the private key to sign the Nonce provided by the Client in the request. For SecureChannels that use the Application Instance Certificate the Client shall verify that this Certificate is the same as the one it used to create the SecureChannel.

The ApplicationInstanceCertificate type is defined in 7.3.

If the securityPolicyUri is None and none of the UserTokenPolicies requires encryption, the Client shall ignore the ApplicationInstanceCertificate.

serverEndpoints []

EndpointDescription

List of Endpoints that the Server supports.

The Server shall return a set of EndpointDescriptions available for the serverUri specified in the request. All Endpoints are returned if the serverUri is null or empty. The EndpointDescription type is defined in 7.14. The Client shall verify this list with the list from a DiscoveryEndpoint if it used a DiscoveryEndpoint to fetch the EndpointDescriptions.

It is recommended that Servers only include the server.applicationUri, endpointUrl, securityMode, securityPolicyUri, userIdentityTokens, transportProfileUri and securityLevel with all other parameters set to null or empty. Only the recommended parameters shall be verified by the Client.

serverSoftware

Certificates []

SignedSoftware Certificate

This parameter is no longer used and the array shall be empty.

The SoftwareCertificates are provided in the Server AddressSpace as defined in OPC 10000-5.

serverSignature

SignatureData

This is a signature generated with the private key associated with the serverCertificate. This parameter is calculated by appending the clientNonce to the clientCertificate and signing the resulting sequence of bytes.

If the clientCertificate contains a chain, the signature calculation shall be done only with the leaf Certificate. For backward compatibility a Client shall check the signature with the full chain if the check with the leaf Certificate fails.

The SignatureAlgorithm shall be the AsymmetricSignatureAlgorithm specified in the SecurityPolicy for the Endpoint.

The SignatureData type is defined in 7.37.

maxRequest

MessageSize

UInt32

The maximum size, in bytes, for the body of any request message.

The Client Communication Stack should return a Bad_RequestTooLarge error to the application if a request message exceeds this limit.

The value zero indicates that this parameter is not used.

See OPC 10000-6 for protocol specific minimum or default values.

5.3 provides more information on the use of this parameter.