StartRequest is used to request a new KeyCredential.

The KeyCredential secret may be encrypted with the public key of the Certificate supplied in the request. The SecurityPolicyUri specifies the security profile used for the encryption.

This Method requires an encrypted channel and that the Client provides credentials with administrative rights for the application requesting the credentials.

Signature

StartRequest (

[in] String applicationUri,

[in] ByteString certificate,

[in] String securityPolicyUri,

[in] NodeId[] requestedRoles,

[out] NodeId requestId

);

Argument

Description

applicationUri

The applicationUri of the application receiving the KeyCredentials.

The request is rejected applicationUri does not uniquely identify an application known to the GDS (see 6.3.6).

If the requestor is not the same as the application used to create the Secure Channel then a Certificate should be provided.

certificate

The Certificate containing the key used to encrypt the returned KeyCredential secret. This is the DER encoded form of an X.509 v3 Certificate as described in OPC 10000-6. Not specified if no encryption is required.

If the securityPolicyUri is provided this field shall be provided.

securityPolicyUri

The SecurityPolicy used to encrypt the secret.

If the certificate is provided this field shall be provided.

requestedRoles

A list of Roles which should be assigned to the KeyCredential.

If not provided the Server chooses suitable defaults.

The Server ignores Roles which it does not recognize or if the caller is not authorized to request access to the Role.

requestId

A unique identifier for the request.

This identifier shall be passed to the FinishRequest (see 8.4.5).

Method Result Codes (defined in Call Service)

Result Code

Description

Bad_NotFound

The applicationUri is not known to the GDS.

Bad_ConfigurationError

The applicationUri is used by multiple records in the GDS.

Bad_CertificateInvalid

The Certificate is invalid.

Bad_SecurityPolicyRejected

The SecurityPolicy is unrecognized or not allowed or does not match the Certificate.

Bad_UserAccessDenied

The current user does not have the rights required.

Table 48 specifies the AddressSpace representation for the StartRequest Method.

Table 48 – StartRequest Method AddressSpace Definition

Attribute

Value

BrowseName

StartRequest

References

NodeClass

BrowseName

DataType

TypeDefinition

ModellingRule

HasProperty

Variable

InputArguments

Argument[]

PropertyType

Mandatory

HasProperty

Variable

OutputArguments

Argument[]

PropertyType

Mandatory