The information model used to provide Servers with the information needed to accept Access Tokens from AuthorizationServices in Figure 32.
Figure 32 – The Model for Configuring Servers to use AuthorizationServices
If a Server is also a Client that needs to access the AuthorizationService, the necessary KeyCredentials can be provided with the push configuration management model (see 8.4).
This ObjectType represents a folder that contains AuthorizationServiceConfiguration Objects which may be accessed via the Server. It is defined in Table 110.
Table 110 – AuthorizationServicesFolderType Definition
|
Attribute |
Value |
|||
|
BrowseName |
0:AuthorizationServicesConfigurationFolderType |
|||
|
IsAbstract |
False |
|||
|
References |
NodeClass |
BrowseName |
TypeDefinition |
Modelling Rule |
|
Subtype of the 0:FolderType defined in OPC 10000-5. |
||||
|
0:HasComponent |
Object |
0:<ServiceName> |
0:AuthorizationServiceConfigurationType |
OptionalPlaceholder |
|
|
||||
|
Conformance Units |
||||
|
Authorization Service Configuration Server |
||||
This Object is an instance of FolderType. It contains The AuthorizationServiceConfiguration Objects which may be accessed via the Server. It is the target of an HasComponent reference from the ServerConfiguration Object defined in 7.10.3. It is defined in Table 111.
Table 111 – AuthorizationServices Object Definition
|
Attribute |
Value |
|||
|
BrowseName |
0:AuthorizationServices |
|||
|
TypeDefinition |
0:AuthorizationServicesConfigurationFolderType defined in 9.6.2. |
|||
|
References |
NodeClass |
BrowseName |
TypeDefinition |
Modelling Rule |
|
|
||||
|
Conformance Units |
||||
|
Authorization Service Configuration Server |
||||
This ObjectType is the TypeDefinition for an Object that allows the configuration of an AuthorizationService used by a Server. It is defined in Table 112.
Table 112 – AuthorizationServiceConfigurationType Definition
|
Attribute |
Value |
||||
|
BrowseName |
0:AuthorizationServiceConfigurationType |
||||
|
IsAbstract |
False |
||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Modelling Rule |
|
Subtype of the 0:BaseObjectType defined in OPC 10000-5. |
|||||
|
0:HasProperty |
Variable |
0:ServiceUri |
0:String |
0:PropertyType |
Mandatory |
|
0:HasProperty |
Variable |
0:ServiceCertificate |
0:ByteString |
0:PropertyType |
Mandatory |
|
0:HasProperty |
Variable |
0:IssuerEndpointUrl |
0:String |
0:PropertyType |
Mandatory |
|
|
|||||
|
Conformance Units |
|||||
|
Authorization Service Configuration Server |
|||||
The ServiceUri Property uniquely identifies the AuthorizationService.
The ServiceCertificate Property has the Certificate(s) needed to verify Access Tokens issued by the AuthorizationService. The value is the complete chain of Certificate needed for verification (see OPC 10000-6 for information on encoding chains).
The IssuerEndpointUrl is the value of the IssuerEndpointUrl in UserTokenPolicies which require the use of the AuthorizationService. This contents of the field depend on the AuthorizationService and are described in OPC 10000-6.