Table 15defines the parameters for the Service.

Table 15– CreateSession Service Parameters

Name

Type

Description

Request

requestHeader

RequestHeader

Common request parameters. The authenticationTokenis always null.

The type RequestHeaderis defined in 7.33.

clientDescription

Application Description

Information that describes the Clientapplication.

The type ApplicationDescriptionis defined in 7.2.

serverUri

String

This value is only specified if the EndpointDescriptionhas a gatewayServerUri.

This value is the applicationUrifrom the EndpointDescriptionwhich is the applicationUrifor the underlying Server. The type EndpointDescriptionis defined in 7.14.

endpointUrl

String

The network address that the Clientused to access the Session Endpoint.

The HostNameportion of the URL should be one of the HostNamesfor the application that are specified in the Server’s ApplicationInstanceCertificate(see 7.3). The Servershall raise an AuditUrlMismatchEventType event if the URL does not match the Server’s HostNames. AuditUrlMismatchEventType event type is defined in OPC 10000-5.

The Serveruses this information for diagnostics and to determine the set of EndpointDescriptionsto return in the response.

sessionName

String

Human readable string that identifies the Session. The Servermakes this name and the sessionIdvisible in its AddressSpacefor diagnostic purposes. The Clientshould provide a name that is unique for the instance of the Client.

If this parameter is null or empty the Servershall assign a value.

clientNonce

ByteString

A random number that should never be used in any other request. This number shall have a minimum length of 32 bytes. Profiles may increase the required length. The Servershall use this value to prove possession of its Application Instance Certificatein the response.

clientCertificate

ApplicationInstance

Certificate

The Application Instance Certificateissued to the Client.

The ApplicationInstanceCertificatetype is defined in 7.3.

If the securityPolicyUriis None, the Servershall ignore the ApplicationInstanceCertificate.

A Clientshall prove possession by using the private key to sign the Nonceprovided by the Serverin the response. For SecureChannelsthat use the Application Instance Certificatethe Servershall verify that this Certificateis the same as the one it used to create the SecureChannel.

Requested

SessionTimeout

Duration

Requested maximum number of milliseconds that a Sessionshould remain open without activity. If the Clientfails to issue a Servicerequest within this interval, then the Servershall automatically terminate the Client Session.

maxResponse

MessageSize

UInt32

The maximum size, in bytes, for the body of any response message.

The Servershould return a Bad_ResponseTooLargeservice fault if a response message exceeds this limit.

The value zero indicates that this parameter is not used.

The transport protocols defined in OPC 10000-6may imply minimum message sizes.

More information on the use of this parameter is provided in 5.3.

Response

responseHeader

ResponseHeader

Common response parameters (see 7.34for ResponseHeadertype).

sessionId

NodeId

A unique NodeIdassigned by the Serverto the Session. This identifier is used to access the diagnostics information for the Sessionin the Server AddressSpace. It is also used in the audit logs and any events that report information related to the Session. The Sessiondiagnostic information is described in OPC 10000-5. Audit logs and their related events are described in 6.5.

authentication

Token

Session

AuthenticationToken

A unique identifier assigned by the Serverto the Session. This identifier shall be passed in the RequestHeaderof each request and is used with the SecureChannelIdto determine whether a Clienthas access to the Session. This identifier shall not be reused in a way that the Clientor the Serverhas a chance of confusing them with a previous or existing Session.

The SessionAuthenticationTokentype is described in 7.36.

revisedSessionTimeout

Duration

Actual maximum number of milliseconds that a Sessionshall remain open without activity. The Servershould attempt to honour the Clientrequest for this parameter, but may negotiate this value up or down to meet its own constraints.

serverNonce

ByteString

A random number that should never be used in any other request.

This number shall have a minimum length of 32 bytes.

The Clientshall use this value to prove possession of its Application Instance Certificatein the ActivateSessionrequest.

This value may also be used to prove possession of the userIdentityTokenit specified in the ActivateSessionrequest.

serverCertificate

ApplicationInstance

Certificate

The Application Instance Certificateissued to the Server.

A Servershall prove possession by using the private key to sign the Nonceprovided by the Clientin the request. For SecureChannelsthat use the Application Instance Certificatethe Clientshall verify that this Certificateis the same as the one it used to create the SecureChannel.

The ApplicationInstanceCertificatetype is defined in 7.3.

If the securityPolicyUriis Noneand none of the UserTokenPoliciesrequires encryption, the Clientshall ignore the ApplicationInstanceCertificate.

serverEndpoints []

EndpointDescription

List of Endpointsthat the Serversupports.

The Servershall return a set of EndpointDescriptionsavailable for the serverUrispecified in the request. All Endpointsare returned if the serverUriis null or empty. The EndpointDescriptiontype is defined in 7.14. The Clientshall verify this list with the list from a DiscoveryEndpointif it used a DiscoveryEndpointto fetch the EndpointDescriptions.

It is recommended that Serversonly include the server.applicationUri, endpointUrl, securityMode, securityPolicyUri, userIdentityTokens, transportProfileUriand securityLevelwith all other parameters set to null or empty. Only the recommended parameters shall be verified by the Client.

serverSoftware

Certificates []

SignedSoftware Certificate

This parameter is deprecated and the array shall be empty.

The SoftwareCertificatesare provided in the Server AddressSpaceas defined in OPC 10000-5.

serverSignature

SignatureData

This is a signature generated with the private key associated with the serverCertificate. This parameter is calculated by appending the clientNonceto the clientCertificateand signing the resulting sequence of bytes.

If the clientCertificatecontains a chain, the signature calculation shall be done only with the leaf Certificate. For backward compatibility a Clientshall check the signature with the full chain if the check with the leaf Certificatefails.

The SignatureAlgorithmshall be the AsymmetricSignatureAlgorithmspecified in the SecurityPolicyfor the Endpoint.

The SignatureDatatype is defined in 7.37.

maxRequest

MessageSize

UInt32

The maximum size, in bytes, for the body of any request message.

The Client Communication Stackshould return a Bad_RequestTooLargeerror to the application if a request message exceeds this limit.

The value zero indicates that this parameter is not used.

See OPC 10000-6for protocol specific minimum or default values.

5.3provides more information on the use of this parameter.