Recommended to be used to show explicit knowledge in the WoT Thing Description that a OPC UA server supports one or multiple endpoints with different security configuration settings.
This reflects the use case where an OPC UA server specifies which security option(s) should be used by specific client(s) via the WoT Thing Description.
To indicate this, in the WoT Thing Description, you should use OPCUASecurityChannelScheme by using the term uav:channelsec (i.e., "scheme": "uav:channelsec") and OPCUASecurityAuthenticationScheme by using the term uav: authentication (i.e., "scheme": "uav:authentication"). The ComboSecurityScheme from the WoT Thing Description 1.1 specification should be used to combine the schemes with allOf.
OPCUASecurityChannelScheme vocabulary terms:
|
Vocabulary term |
Description |
Assignment |
Type |
|
uav:securityMode |
Provides information about which modes are available from the supported endpoints of the OPC UA server:
|
required |
string |
|
uav:securityPolicy |
Provides information about which policy options are available from the supported endpoints of the OPC UA server:
Outdated (not recommended policies):
|
required |
string |
OPCUASecurityAuthenticationScheme vocabulary terms:
|
Vocabulary term |
Description |
Assignment |
Type |
|
uav:userIdentityToken |
Provides information about which policy options are available from the supported endpoints of the OPC UA server:
Similar for the AutoSecurityScheme, the login credentials such as user name and passwords or certificates are not shared in WoT Thing Descriptions and must be provided separately, e.g., through a separate credential store or by an explicit prompt to the client to enter the credentials for the session.
In the case of IssuedToken there may additional security schemes defined in the WoT Thing Description to describe an external authorization service such as OAuth2 (OAuth2SecurityScheme). To declare the combination of such a specific scheme with the OPCUASecurityScheme, the ComboSecurityScheme can be used with the term allOff (see WoT Thing Description 1.1 specification for more details). |
required |
String |
|
uav:issueToken |
Express a reference to a security scheme definition within the WoT Thing Description which should be applied to (e.g., OAuth2). |
optional |
String |
Examples:
Example usage of OPCUASecurityScheme in combination with an external OAuth2 authorization service:
Note that the terms of the OAuth2 and combo schemes are defined in the W3C WoT Thing Description 1.1 specifications.