The information model used to provide Serverswith the information needed to accept Access Tokensfrom Authorization Servicesin Figure 24.

image028.png

Figure 25– The Model for Configuring Servers to use Authorization Services

If a Serveris also a Clientthat needs to access the Authorization Service,the necessary KeyCredentialscan be provided with the push configuration management model (see 8.3).

This Objectis an instance of FolderType.It contains The AuthorizationServiceConfiguration Objectswhich may be accessed via the Server. It is the target of an HasComponentreference from the ServerConfiguration Object defined in 7.7.2. It is defined in Table 61.

Table 66– AuthorizationServices Object Definition

Attribute

Value

BrowseName

AuthorizationServices

Namespace

CORE (see 3.3)

TypeDefinition

FolderTypedefined in OPC 10000-5.

References

NodeClass

BrowseName

TypeDefinition

Modelling Rule

This ObjectTypeis the TypeDefinitionfor an Objectthat allows the configuration of an Authorization Serviceused by a Server. It is defined in Table 67.

Table 67– AuthorizationServiceConfigurationType Definition

Attribute

Value

BrowseName

AuthorizationServiceConfigurationType

Namespace

CORE (see 3.3)

IsAbstract

False

References

NodeClass

BrowseName

DataType

TypeDefinition

Modelling Rule

Subtype of the BaseObjectTypedefined in OPC 10000-5.

HasProperty

Variable

ServiceUri

String

PropertyType

Mandatory

HasProperty

Variable

ServiceCertificate

ByteString

PropertyType

Mandatory

HasProperty

Variable

IssuerEndpointUrl

String

PropertyType

Mandatory

The ServiceUri Propertyuniquely identifies the Authorization Service.

The ServiceCertificate Propertyhas the Certificate(s)needed to verify Access Tokensissued by the Authorization Service. The value is the complete chain of Certificate needed for verification (see OPC 10000-6for information on encoding chains).

The IssuerEndpointUrlis the value of the IssuerEndpointUrlin UserTokenPolicieswhich require the use of the Authorization Service. This contents of the field depend on the Authorization Service and are described in OPC 10000-6.