Search

18 result(s) for AccessTokens

• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  3.1.43 SecurityKeyService
  SecurityKeyService Server that accepts AccessTokens issued by the Authorization Service and returns security keys that can be used to access the specified Resource Note 1 to entry: The keys
• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  6.12 OAuth2, JWT and User roles
  defines a standard for AuthorizationServices that produce JSON Web Tokens (JWT), also known as AccessTokens . These JWTs are passed as an Issued Token to an OPC UA Server which uses
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  6.2.1 Overview
  Overview Authorization Services provide Access Tokens to Clients on behalf of Users that they pass to a Server to be granted access to resources. In a basic model (as shown
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  6.2.3 Direct handshake with an Identity Provider
  Identity Provider Authorization Services require that Servers be registered with them because the Access Tokens can only be used with a single Server . This can introduce a lot of complexity ... system. It validates the credentials provided by the Client and returns an Identity Access Token which identifies the user. The Identity Access Token is passed to the Application Authorization Service
• OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings
  6.5.2.2 User Token Policy
  String Depends on authorityProfileUri A path relative to the base URL used to request Access Tokens . If the authorityProfileUri is OPCUA, then this is the NodeId of the AuthorizationService Object ... understood by the Server . If not specified, the Client may be able to access any Scope supported by the Authorization Service . This field is equivalent to the "scopes_supported
• OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings
  6.5.2.3 Access Tokens
  Access Tokens The JWT supports signatures using asymmetric cryptography which implies that Servers which accept the Access Token must have access to the Certificate used by the Authorization Service ... Access Tokens shall have a signature created by the token issuer. Access Tokens expire and all Servers should revoke any privileges granted to the Session when the Access Token expires
• OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings
  6.5.3.1 General
  Framework (see IETF RFC 6749 ) provides a web-based mechanism to request claims-based Access Tokens from an Authorization Service (AS) that is supported by many major companies providing cloud ... infrastructure. These Access Tokens are passed to a Server by a Client in a UserIdentityToken as described in OPC 10000-4 . The OpenID Connect specification (see OpenID ) builds
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  9.1 Overview
  Overview AuthorizationServices provide AccessTokens to Clients that may use them to access resources. A Server, such as a GDS , with AuthorizationService Capabilities may support one or more AuthorizationService Objects ... This scenario is illustrated in Figure 29 . Figure 29 - Roles and AuthorizationServices When requesting AccessTokens from an AuthorizationService Object there are three primary use cases based on where the UserIdentityToken
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  9.2 Roles and Privileges
  Description AccessToken Requestor This Privilege grants an OPC UA Application the right to request AccessTokens . The Certificate used to create the SecureChannel is used to determine the identity
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  9.3 Implicit
  Client wishes to access. It publishes a UserTokenPolicy that indicates that it accepts AccessTokens from an "Authorization Server". The parameters needed to connect to the "Authorization Server ... Target Server is configured out-of-band with the Certificate used to validate the AccessTokens issued by the Authorization Server
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  9.4 Explicit
  Client wishes to access. It publishes a UserTokenPolicy that indicates that it accepts AccessTokens from an "Authorization Server". The parameters needed to connect to the "Authorization Server
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  9.6.1 Overview
  Overview The information model for AuthorizationServices which allow Clients to request AccessTokens from a Server is shown in Figure 33 . Figure 33 - The Model for Requesting AccessTokens from AuthorizationServices
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  9.6.4 AuthorizationServiceType
  Property contains the Certificate required to check any Signature that is included with the AccessTokens. The ServiceCertificate may be a complete chain (see OPC 10000-6 for information on encoding ... chains). CRLs are not used by the target Server when verifying AccessTokens . It is the responsibility of the AuthorizationService to verify that the ServiceCertificate is not revoked or otherwise invalid
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  9.6.9 GetServiceDescription
  GetServiceDescription The GetServiceDescription Method is used to read the metadata needed to request AccessTokens from the AuthorizationService . Signature GetServiceDescription ( [out] String ServiceUri [out] ByteString ServiceCertificate [out] UserTokenPolicy[] UserTokenPolicies ); Argument Description ... AuthorizationService . ServiceCertificate The complete chain of Certificates used to to validate the AccessTokens provided by the AuthorizationService. UserTokenPolicies The UserIdentityTokens accepted by the AuthorizationService. Method Result Codes (defined in Call
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  9.7.1 Overview
  Overview The information model used to provide Servers with the information used to accept AccessTokens from AuthorizationServices in Figure 34 . Figure 34 - The Model for Configuring Servers to use AuthorizationServices
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  9.7.4 AuthorizationServiceConfigurationType
  uniquely identifies the AuthorizationService . The ServiceCertificate Property has the Certificate(s) used to verify AccessTokens issued by the AuthorizationService . The value is the complete chain of Certificate used for verification
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  9.7.5 AuthorizationServiceConfigurationDataType
  AuthorizationService . ServiceCertificates 0:ServiceCertificateDataType[] A list of Certificates used by the AuthorizationService to verify AccessTokens . Certificate 0:ByteString The Certificate needed to verify AccessTokens issued by the AuthorizationService. Issuers ... chain is revoked. ValidFrom 0:UtcTime When the Certificate may be used to verify AccessTokens . If null then the Certificate can be used any time after ValidFrom field within
• OPC-10000-18 – OPC Unified Architecture - Part 18: Role-Based Security
  4.4.3 IdentityMappingRuleType
  Access Token . OPC 10000-6 provides details on how groups are added to Access Tokens . If the issuedTokenType of the Access Token is " http://opcfoundation.org/UA/UserToken#JWT" , the criteria contain