StartRequest is used to request a new KeyCredential.
The KeyCredential secret may be encrypted with the public key of the Certificate supplied in the request. The SecurityPolicyUri specifies the security profile used for the encryption.
This Method shall be called from an encrypted SecureChannel and from a Client that has access to the KeyCredentialAdmin Role, the ApplicationAdmin Privilege, or the ApplicationSelfAdmin Privilege (see 8.2).
Signature
StartRequest (
[in] String applicationUri
[in] ByteString publicKey
[in] String securityPolicyUri
[in] NodeId[] requestedRoles
[out] NodeId requestId
);
Argument |
Description |
applicationUri |
The applicationUri of the application receiving the KeyCredentials. The request is rejected applicationUri does not uniquely identify an application known to the GDS (see 6.6.6). If the requestor is not the same as the application used to create the Secure Channel then a Certificate should be provided. |
publicKey |
A Public Key used to encrypt the returned KeyCredential secret. For RSA SecurityPolicies this is the DER encoded form of an X.509 v3 Certificate as described in OPC 10000-6. For ECC SecurityPolicies this is an ephemeral key created by the owner of the KeyCredentials. Not specified if no encryption is required. If the securityPolicyUri is provided this field shall be provided. |
securityPolicyUri |
The SecurityPolicy used to encrypt the secret. If the certificate is provided this field shall be provided. |
requestedRoles |
A list of Roles which should be assigned to the KeyCredential. If not provided the Server chooses suitable defaults. The Server ignores Roles which it does not recognize or if the caller is not authorized to request access to the Role. |
requestId |
A unique identifier for the request. This identifier shall be passed to the FinishRequest (see 8.5.6). |
Method Result Codes (defined in Call Service)
Result Code |
Description |
Bad_NotFound |
The applicationUri is not known to the GDS. |
Bad_ConfigurationError |
The applicationUri is used by multiple records in the GDS. |
Bad_CertificateInvalid |
The Certificate is invalid. |
Bad_SecurityPolicyRejected |
The SecurityPolicy is unrecognized or not allowed or does not match the Certificate. |
Bad_UserAccessDenied |
The current user does not have the rights required. |
Table 83 specifies the AddressSpace representation for the StartRequest Method.
Table 83 – StartRequest Method AddressSpace Definition
Attribute |
Value |
||||
BrowseName |
2:StartRequest |
||||
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
ModellingRule |
0:HasProperty |
Variable |
0:InputArguments |
0:Argument[] |
0:PropertyType |
Mandatory |
0:HasProperty |
Variable |
0:OutputArguments |
0:Argument[] |
0:PropertyType |
Mandatory |