The UserNameIdentityTokenis used to pass simple username/password credentials to the Server.
This token shall be encrypted by the Clientif required by the SecurityPolicyof the UserTokenPolicy. The Servershould specify a SecurityPolicyfor the UserTokenPolicyif the SecureChannelhas a SecurityPolicyof Noneand no transport layer encryption is available. If Noneis specified for the UserTokenPolicyand SecurityPolicyis None then the password only contains the UTF-8 encoded password. The SecurityPolicyof the SecureChannelis used if no SecurityPolicyis specified in the UserTokenPolicy. The Servershall specify a SecurityPolicyfor the UserTokenPolicyif the SecureChannelhas a SecurityPolicyother than None and theMessageSecurityModeis not SIGNANDENCRYPT. See Table 193for possible combinations.
If the token is to be encrypted the password shall be converted to a UTF-8 ByteString, encryptedand then serialized according to the rules for the SecurityPolicy. When using an RSA based SecurityPolicythe password is encrypted and serialized as described in 7.41.2.4. When using the ECC based SecurityPoliciesthe password is encrypted and serialized as described in 7.41.2.5..
The Servershall decrypt the password and verify the ServerNonce.
If the SecurityPolicyis Nonethen the password only contains the UTF-8 encoded password. This configuration should not be used unless the network traffic is encrypted in some other manner such as a VPN. The use of this configuration without network encryption would result in a serious security fault, in that it would cause the appearance of a secure user access, but it would make the password visible in clear text.
Table 192defines the UserNameIdentityTokenparameter.
Table 192– UserNameIdentityToken
|
Name |
Type |
Description |
|
UserNameIdentityToken |
Structure |
UserName value. |
|
policyId |
String |
An identifier for the UserTokenPolicythat the token conforms to. The UserTokenPolicystructure is defined in 7.42. |
|
userName |
String |
A string that identifies the user. |
|
password |
ByteString |
The password for the user. The password can be an empty string. The format used for the encrypted data is described in 7.41.2.2. |
|
encryptionAlgorithm |
String |
A string containing the URI of the AsymmetricEncryptionAlgorithm. The URI string values are defined names that may be used as part of the security profiles specified in OPC 10000-7. This parameter is null or empty if the password is not encrypted. |
Table 193describes the dependencies for selecting the AsymmetricEncryptionAlgorithmfor the UserNameIdentityToken. The SecureChannel SecurityPolicyURI is specified in the EndpointDescriptionand used in subsequent OpenSecureChannel requests. The UserTokenPolicy SecurityPolicyURI is specified in the EndpointDescription. The encryptionAlgorithmis specified in the UserNameIdentityTokenor IssuedIdentityTokenprovided by the Clientin the ActivateSessioncall. The SecurityPolicyOther in the table refers to any SecurityPolicyother than None. The selection of the EncryptionAlgorithmis based on the UserTokenPolicy. The SecureChannel SecurityPolicyis used if the UserTokenPolicyis null or empty.
Table 193– EncryptionAlgorithm selection
|
SecureChannel SecurityPolicy |
SecureChannel SecurityMode |
UserTokenPolicy SecurityPolicy |
UserIdentityToken EncryptionAlgorithm |
|
Security Policy - None |
NONE |
Null or empty |
No encryption (a) |
|
Security Policy - None |
NONE |
Security Policy - None |
No encryption (a) |
|
Security Policy - None |
NONE |
Security Policy - Other |
Asymmetric algorithm for "Other" |
|
Security Policy - Other |
Other than NONE |
Null or empty |
Asymmetric algorithm for "Other" |
|
Security Policy - Other |
Other than NONE |
Security Policy - Yet another |
Asymmetric algorithm for "Yet another" |
|
Security Policy - Other |
Other than NONE |
Security Policy - Other |
Asymmetric algorithm for "Other" |
|
Security Policy - Other |
SIGNANDENCRYPT |
Security Policy - None |
No encryption but encrypted SecureChannel |
|
Security Policy - Other |
SIGN |
Security Policy - None |
Invalid configuration shall be rejected. |
|
(a)The use of this configuration without network encryption would result in a serious security fault. |
|||