The X509IdentityToken is used to pass an X.509 v3 Certificate which is issued by the user.
This token shall always be accompanied by a Signature in the userTokenSignature parameter of ActivateSession if required by the SecurityPolicy. The Server should specify a SecurityPolicy for the UserTokenPolicy if the SecureChannel has a SecurityPolicy of None.
Table 194 defines the X509IdentityToken parameter.
Table 194 – X.509 v3 Identity Token
|
Name |
Type |
Description |
|
X509IdentityToken |
structure |
X.509 v3 value. |
|
policyId |
String |
An identifier for the UserTokenPolicy that the token conforms to. The UserTokenPolicy structure is defined in 7.42. Servers that provide a null or empty PolicyId shall accept null or empty and treat them as equal. |
|
certificateData |
ByteString |
The X.509 v3 Certificate in DER format. |