UA Part 12: Discovery and Global Services - 9.6 Information Model for Configuring Servers

The information model used to provide Serverswith the information needed to accept Access Tokensfrom Authorization Servicesin Figure 24.

Figure 25– The Model for Configuring Servers to use Authorization Services

If a Serveris also a Clientthat needs to access the Authorization Service,the necessary KeyCredentialscan be provided with the push configuration management model (see 8.3).

This Objectis an instance of FolderType.It contains The AuthorizationServiceConfiguration Objectswhich may be accessed via the Server. It is the target of an HasComponentreference from the ServerConfiguration Object defined in 7.7.2. It is defined in Table 61.

Table 66– AuthorizationServices Object Definition

This ObjectTypeis the TypeDefinitionfor an Objectthat allows the configuration of an Authorization Serviceused by a Server. It is defined in Table 67.

Table 67– AuthorizationServiceConfigurationType Definition

Attribute	Value
BrowseName	AuthorizationServiceConfigurationType
Namespace	CORE (see 3.3)
IsAbstract	False
References	NodeClass	BrowseName	DataType	TypeDefinition	Modelling Rule
Subtype of the BaseObjectTypedefined in OPC 10000-5.
HasProperty	Variable	ServiceUri	String	PropertyType	Mandatory
HasProperty	Variable	ServiceCertificate	ByteString	PropertyType	Mandatory
HasProperty	Variable	IssuerEndpointUrl	String	PropertyType	Mandatory

The ServiceCertificate Propertyhas the Certificate(s)needed to verify Access Tokensissued by the Authorization Service. The value is the complete chain of Certificate needed for verification (see OPC 10000-6for information on encoding chains).

The IssuerEndpointUrlis the value of the IssuerEndpointUrlin UserTokenPolicieswhich require the use of the Authorization Service. This contents of the field depend on the Authorization Service and are described in OPC 10000-6.