The information model used to provide Serverswith the information needed to accept Access Tokensfrom AuthorizationServicesin Figure 32.

image035.png

Figure 32– The Model for Configuring Servers to use AuthorizationServices

If a Serveris also a Clientthat needs to access the AuthorizationService,the necessary KeyCredentialscan be provided with the push configuration management model (see 8.4).

This ObjectTyperepresents a folder that contains AuthorizationServiceConfiguration Objectswhich may be accessed via the Server. It is defined in Table 107.

Table 107– AuthorizationServicesFolderType Definition

Attribute

Value

BrowseName

0:AuthorizationServicesConfigurationFolderType

IsAbstract

False

References

NodeClass

BrowseName

TypeDefinition

Modelling Rule

Subtype of the 0:FolderTypedefined in OPC 10000-5.

0:HasComponent

Object

0:<ServiceName>

0:AuthorizationServiceConfigurationType

OptionalPlaceholder

Conformance Units

Authorization Service Configuration Server

This Objectis an instance of FolderType.It contains The AuthorizationServiceConfiguration Objectswhich may be accessed via the Server. It is the target of an HasComponentreference from the ServerConfiguration Object defined in 7.10.2. It is defined in Table 108.

Table 108– AuthorizationServices Object Definition

Attribute

Value

BrowseName

0:AuthorizationServices

TypeDefinition

0:AuthorizationServicesConfigurationFolderType defined in 9.6.2.

References

NodeClass

BrowseName

TypeDefinition

Modelling Rule

Conformance Units

Authorization Service Configuration Server

This ObjectTypeis the TypeDefinitionfor an Objectthat allows the configuration of an AuthorizationServiceused by a Server. It is defined in Table 109.

Table 109– AuthorizationServiceConfigurationType Definition

Attribute

Value

BrowseName

0:AuthorizationServiceConfigurationType

IsAbstract

False

References

NodeClass

BrowseName

DataType

TypeDefinition

Modelling Rule

Subtype of the 0:BaseObjectTypedefined in OPC 10000-5.

0:HasProperty

Variable

0:ServiceUri

0:String

0:PropertyType

Mandatory

0:HasProperty

Variable

0:ServiceCertificate

0:ByteString

0:PropertyType

Mandatory

0:HasProperty

Variable

0:IssuerEndpointUrl

0:String

0:PropertyType

Mandatory

Conformance Units

Authorization Service Configuration Server

The ServiceUri Propertyuniquely identifies the AuthorizationService.

The ServiceCertificate Propertyhas the Certificate(s)needed to verify Access Tokensissued by the AuthorizationService. The value is the complete chain of Certificate needed for verification (see OPC 10000-6for information on encoding chains).

The IssuerEndpointUrlis the value of the IssuerEndpointUrlin UserTokenPolicieswhich require the use of the AuthorizationService. This contents of the field depend on the AuthorizationService and are described in OPC 10000-6.