UA Part 12: Discovery and Global Services - 9.6 Information Model for Configuring Servers

The information model used to provide Servers with the information needed to accept Access Tokens from Authorization Services in Figure 24.

Figure 25 – The Model for Configuring Servers to use Authorization Services

If a Server is also a Client that needs to access the Authorization Service, the necessary KeyCredentials can be provided with the push configuration management model (see 8.3).

This Object is an instance of FolderType. It contains The AuthorizationServiceConfiguration Objects which may be accessed via the Server. It is the target of an HasComponent reference from the ServerConfiguration Object defined in 7.7.2. It is defined in Table 61.

Table 66 – AuthorizationServices Object Definition

This ObjectType is the TypeDefinition for an Object that allows the configuration of an Authorization Service used by a Server. It is defined in Table 67.

Table 67 – AuthorizationServiceConfigurationType Definition

Attribute	Value
BrowseName	AuthorizationServiceConfigurationType
Namespace	CORE (see 3.3)
IsAbstract	False
References	NodeClass	BrowseName	DataType	TypeDefinition	Modelling Rule
Subtype of the BaseObjectType defined in OPC 10000-5.
HasProperty	Variable	ServiceUri	String	PropertyType	Mandatory
HasProperty	Variable	ServiceCertificate	ByteString	PropertyType	Mandatory
HasProperty	Variable	IssuerEndpointUrl	String	PropertyType	Mandatory

The ServiceCertificate Property has the Certificate(s) needed to verify Access Tokens issued by the Authorization Service. The value is the complete chain of Certificate needed for verification (see OPC 10000-6 for information on encoding chains).

The IssuerEndpointUrl is the value of the IssuerEndpointUrl in UserTokenPolicies which require the use of the Authorization Service. This contents of the field depend on the Authorization Service and are described in OPC 10000-6.