The information model used to provide Serverswith the information needed to accept Access Tokensfrom Authorization Servicesin Figure 24.
Figure 25– The Model for Configuring Servers to use Authorization Services
If a Serveris also a Clientthat needs to access the Authorization Service,the necessary KeyCredentialscan be provided with the push configuration management model (see 8.3).
This Objectis an instance of FolderType.It contains The AuthorizationServiceConfiguration Objectswhich may be accessed via the Server. It is the target of an HasComponentreference from the ServerConfiguration Object defined in 7.7.2. It is defined in Table 61.
Table 66– AuthorizationServices Object Definition
Attribute |
Value |
|||
BrowseName |
AuthorizationServices |
|||
Namespace |
CORE (see 3.3) |
|||
TypeDefinition |
FolderTypedefined in OPC 10000-5. |
|||
References |
NodeClass |
BrowseName |
TypeDefinition |
Modelling Rule |
This ObjectTypeis the TypeDefinitionfor an Objectthat allows the configuration of an Authorization Serviceused by a Server. It is defined in Table 67.
Table 67– AuthorizationServiceConfigurationType Definition
Attribute |
Value |
||||
BrowseName |
AuthorizationServiceConfigurationType |
||||
Namespace |
CORE (see 3.3) |
||||
IsAbstract |
False |
||||
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Modelling Rule |
Subtype of the BaseObjectTypedefined in OPC 10000-5. |
|||||
HasProperty |
Variable |
ServiceUri |
String |
PropertyType |
Mandatory |
HasProperty |
Variable |
ServiceCertificate |
ByteString |
PropertyType |
Mandatory |
HasProperty |
Variable |
IssuerEndpointUrl |
String |
PropertyType |
Mandatory |
The ServiceUri Propertyuniquely identifies the Authorization Service.
The ServiceCertificate Propertyhas the Certificate(s)needed to verify Access Tokensissued by the Authorization Service. The value is the complete chain of Certificate needed for verification (see OPC 10000-6for information on encoding chains).
The IssuerEndpointUrlis the value of the IssuerEndpointUrlin UserTokenPolicieswhich require the use of the Authorization Service. This contents of the field depend on the Authorization Service and are described in OPC 10000-6.