The SecuredApplication element specifies the security settings for an application. The elements contained in a SecuredApplication are described in Table E.1.
When an instance of a SecuredApplication is imported into an application the application updates its configuration based on the information contained within it. If unrecoverable errors occur during import an application does not make any changes to its configuration and report the reason for the error.
The mechanism used to import or export the configuration depends on the application. Applications ensure that only authorized users are able to access this feature.
The SecuredApplication element may reference X.509 v3 Certificates which are contained in physical stores. Each application needs to decide whether it uses shared physical stores which the administrator can control directly by changing the location or private stores that can only be accessed via the import/export utility. If the application uses private stores, then the contents of these private stores are copied to the export file during export. If the import file references shared physical stores, then the import/export utility copies the contents of those stores to the private stores.
The import/export utility does not export private keys. If the administrator wishes to assign a new public-private key to the application the administrator places the private key in a store where it can be accessed by the import/export utility. The import/export utility is then responsible for ensuring it is securely moved to a location where the application can access it.
Table E.1 – SecuredApplication
|ApplicationName||String||A human readable name for the application. Applications allow this value to be read or changed.|
|ApplicationUri||String||A globally unique identifier for the instance of the application. Applications allow this value to be read or changed.|
|ApplicationType||ApplicationType||The type of application. May be one of * Server_0; * Client_1; * ClientAndServer_2; * DiscoveryServer_3; Application do not provide this value.Applications do not allow this value to be changed.|
|ProductName||String||A name for the product. Application provide this value.Applications do not allow this value to be changed.|
|ConfigurationMode||String||Indicates how the application should be configured. An empty or missing value indicates that the configuration file can be edited directly. The location of the configuration file is not provided in this case. Any other value is a URI that identifies the configuration utility. The vendor documentation explains how to use this utility. Application provide this value.Applications do not allow this value to be changed.|
|LastExportTime||UtcTime||When the configuration was exported by the import/export utility. It may be omitted if applications allow direct editing of the security configuration.|
|ConfigurationFile||String||The full path to a configuration file used by the application. applications do not provide this value if an import/export utility is used. Applications do not allow this value to be changed.Permissions set on this file control who has rights to change the configuration of the application.|
|ExecutableFile||String||The full path to an executable file for the application. Applications may not provide this value. Applications do not allow this value to be changed. Permissions set on this file control who has rights to launch the application.|
|ApplicationCertificate||CertificateIdentifier||The identifier for the Application Instance Certificate. Applications allow this value to be read or changed. This identifier may reference a Certificate store that contains the private key. If the private key is not accessible to outside applications this value contain the X.509 v3 Certificate for the application. If the configuration utility assigns a new private key this value reference the store where the private key is placed. The import/export utility may delete this private key if it moves it to a secure location accessible to the application. Applications allow Administrators to enter the password required to access the private key during the import operation. The exact mechanism depends on the application.Applications report an error if the ApplicationCertificate is not valid.|
|TrustedCertificateStore||CertificateStore Identifier||The location of the CertificateStore containing the Certificates of applications or Certificate Authorities (CAs) which can be trusted. Applications allow this value to be read or changed. This value is a reference to a physical store which can be managed separately from the application. applications that support shared physical stores check this store for changes whenever they validate a Certificate. The Administrator is responsible for verifying the signature on all Certificates placed in this store. This means the application may trust Certificates in this store even if they cannot be verified back to a trusted root. Administrators place any CA certificates used to verify the signature in the IssuerStore or the IssuerList. This will allow applications to properly verify the signatures. The application check the revocation status of the Certificates in this store if the Certificate was issued by a CA. The application looks for the offline Certificate Revocation List (CRL) for a CA in the store where it found the CA Certificate. The location of an online CRL for CA is specified with the CRLDistributionPoints (OID= 220.127.116.11) X.509 v3 Certificate extension.The ValidationOptions parameter is used to specify which revocation list should be used for CAs in this store.|
|TrustedCertificates||CertificateList||A list of Certificates for applications for CAs that can be trusted. Applications allow this value to be read or changed. The value is an explicit list of Certificates which is private to the application. It is used when the application does not support shared physical Certificate stores or when Administrators need to specify ValidationOptions for individual Certificates. If the TrustedCertificateStore and the TrustedCertificates parameters are both specified, then the application uses the TrustedCertificateStore for checking trust relationships. The TrustedCertificates parameter is only used to lookup ValidationOptions for individual Certificates. It may also be used to provide CRLs for CA certificates.If the TrustedCertificateStore is not specified, then TrustedCertificates parameter contains the complete X.509 v3 Certificate for each entry.|
|IssuerStore||CertificateStore Identifier||The location of the CertificateStore containing CA Certificates which are not trusted but are needed to check signatures on Certificates. Applications allow this value to be read or changed. This value is a reference to a physical store which can be managed separately from the application. Applications that support shared physical stores check this store for changes whenever they validate a Certificate.This store may also contain CRLs for the CAs.|
|IssuerCertificates||CertificateList||A list of Certificates for CAs which are not trusted but are needed to check signatures on Certificates. Applications allow this value to be read or changed. The value is an explicit list of Certificates which is private to the application. It is used when the application does not support shared physical Certificate stores or when Administrators need to specify ValidationOptions for individual Certificates.If the IssuerStore and the IssuerCertificates parameters are both specified, then the application uses the IssuerStore for checking signatures. The IssuerCertificates parameter is only used to lookup ValidationOptions for individual Certificates. It may also be used to provide CRLs for CA certificates.|
|RejectedCertificatesStore||CertificateStore Identifier||The location of the shared CertificateStore containing the Certificates of applications which were rejected. Applications allow this value to be read or changed. Applications add the DER encoded Certificate into this store whenever it rejects a Certificate because it is untrusted or if it failed one of the validation rules which can be suppressed (see Clause E.6).Applications do not add a Certificate to this store if it was rejected for a reason that cannot be suppressed (e.g. Certificate revoked).|
|BaseAddresses||String ||A list of URLs for the Endpoints supported by a Server. Applications allow these values to be read or changed. If a Server does not support the scheme for a URL it ignores it. This list can have multiple entries for the same URL scheme. The first entry for a scheme is the base URL. The rest are assumed to be DNS aliases that point to the first URL. It is the responsibility of the Administrator to configure the network to route these aliases correctly.|
|SecurityProfileUris||SecurityProfile ||A list of SecurityPolicyUris supported by a Server. The URIs are defined as security Profiles in OPC 10000-7. Applications allow these values to be read or changed. Applications allow the Enabled flag to be changed for each SecurityProfile that it supports. If the Enabled flag is false, the Server do not allow connections using the SecurityProfile.If a Server does not support a SecurityProfile it ignores it.|
|Extensions||xs:any ||A list of vendor defined Extensions attached to the security settings. Applications ignore Extensions that they do not recognize.Applications that update a file containing Extensions do not delete or modify extensions that they do not recognize.|