The information model used to provide Serverswith the information needed to accept Access Tokensfrom AuthorizationServicesin Figure 32.
Figure 32– The Model for Configuring Servers to use AuthorizationServices
If a Serveris also a Clientthat needs to access the AuthorizationService,the necessary KeyCredentialscan be provided with the push configuration management model (see 8.4).
This ObjectTyperepresents a folder that contains AuthorizationServiceConfiguration Objectswhich may be accessed via the Server. It is defined in Table 107.
Table 107– AuthorizationServicesFolderType Definition
Attribute |
Value |
|||
BrowseName |
0:AuthorizationServicesConfigurationFolderType |
|||
IsAbstract |
False |
|||
References |
NodeClass |
BrowseName |
TypeDefinition |
Modelling Rule |
Subtype of the 0:FolderTypedefined in OPC 10000-5. |
||||
0:HasComponent |
Object |
0:<ServiceName> |
0:AuthorizationServiceConfigurationType |
OptionalPlaceholder |
|
||||
Conformance Units |
||||
Authorization Service Configuration Server |
This Objectis an instance of FolderType.It contains The AuthorizationServiceConfiguration Objectswhich may be accessed via the Server. It is the target of an HasComponentreference from the ServerConfiguration Object defined in 7.10.2. It is defined in Table 108.
Table 108– AuthorizationServices Object Definition
Attribute |
Value |
|||
BrowseName |
0:AuthorizationServices |
|||
TypeDefinition |
0:AuthorizationServicesConfigurationFolderType defined in 9.6.2. |
|||
References |
NodeClass |
BrowseName |
TypeDefinition |
Modelling Rule |
|
||||
Conformance Units |
||||
Authorization Service Configuration Server |
This ObjectTypeis the TypeDefinitionfor an Objectthat allows the configuration of an AuthorizationServiceused by a Server. It is defined in Table 109.
Table 109– AuthorizationServiceConfigurationType Definition
Attribute |
Value |
||||
BrowseName |
0:AuthorizationServiceConfigurationType |
||||
IsAbstract |
False |
||||
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Modelling Rule |
Subtype of the 0:BaseObjectTypedefined in OPC 10000-5. |
|||||
0:HasProperty |
Variable |
0:ServiceUri |
0:String |
0:PropertyType |
Mandatory |
0:HasProperty |
Variable |
0:ServiceCertificate |
0:ByteString |
0:PropertyType |
Mandatory |
0:HasProperty |
Variable |
0:IssuerEndpointUrl |
0:String |
0:PropertyType |
Mandatory |
|
|||||
Conformance Units |
|||||
Authorization Service Configuration Server |
The ServiceUri Propertyuniquely identifies the AuthorizationService.
The ServiceCertificate Propertyhas the Certificate(s)needed to verify Access Tokensissued by the AuthorizationService. The value is the complete chain of Certificate needed for verification (see OPC 10000-6for information on encoding chains).
The IssuerEndpointUrlis the value of the IssuerEndpointUrlin UserTokenPolicieswhich require the use of the AuthorizationService. This contents of the field depend on the AuthorizationService and are described in OPC 10000-6.