Search

17 result(s) for AuthorizationServices

• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  5.1.12 Compromising user credentials
  scope for OPC UA. It is essential that the CSMS take AuthorizationServices into account. OPC UA depends upon the site CSMS to protect against other attacks to gain user credentials
• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  6.12 OAuth2, JWT and User roles
  OAuth2, JWT and User roles OAuth2 defines a standard for AuthorizationServices that produce JSON Web Tokens (JWT), also known as AccessTokens . These JWTs are passed as an Issued Token ... CSMS for OAuth2. If a GDS is available in the system, it could provide AuthorizationServices as defined
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  6.2.1 Overview
  Overview Authorization Services provide Access Tokens to Clients on behalf of Users that they pass to a Server to be granted access to resources. In a basic model (as shown ... deciding who the user is). In more complex models, the Server relies on external Authorization Services to provide some of its authorization requirements. These Authorization Services act in concert with
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  6.2.2 Indirect handshake with an Identity Provider
  Indirect handshake with an Identity Provider Authorization Services (AS) provide access to identity providers which can validate the credentials provided by Clients . They then provide tokens which can be passed ... OAuth2 supports claims based authorization as described in OPC 10000-2 . Servers publish the Authorization Services (AS) they support in the UserTokenPolicies list return with GetEndpoints . The IssuedTokenType field specifies
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  6.2.3 Direct handshake with an Identity Provider
  Direct handshake with an Identity Provider Authorization Services require that Servers be registered with them because the Access Tokens can only be used with a single Server . This can introduce ... this model the user identities are still managed by a central Authorization Service . The interactions are shown in Figure 25 . Figure 25 - Direct handshake with an Identity Provider The UserTokenPolicy
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  7.40.6 IssuedIdentityToken
  Server . These tokens may be text or binary. OAuth2 defines a standard for Authorization Services that produce JSON Web Tokens (JWT). These JWTs are passed as an Issued Token ... parameter. Table 191 - IssuedIdentityToken Name Type Description IssuedIdentityToken structure The token provided by an Authorization Service . policyId String An identifier for the UserTokenPolicy that the token conforms to. The UserTokenPolicy
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  1 Scope
  GlobalDiscoveryServer. It also defines information models for Certificate management , KeyCredential m anagement and AuthorizationServices
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  7.7.5 Create Endpoint Workflow
  UserTokenSettings currently in the configuration. A new IssuedTokenType may also require a new AuthorizationServices record to be created as well. The Name of the new record can be any value
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  7.10.25 UserTokenSettingsDataType
  X509IdentityToken . AuthorizationServiceName 0:String The name of the corresponding entry in the AuthorizationServices list of the ApplicationConfiguration . This is the AuthorizationService which issues tokens accepted by the Server . Only specified
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  8.1 Overview
  allow the management and distribution of KeyCredentials which OPC UA Applications use to access AuthorizationServices and/or Brokers . An application that provides the KeyCredential management functions is called a KeyCredentialService ... Azure AD or LDAP. Note that KeyCredentials are secrets that are directly passed to AuthorizationServices and/or Brokers and are not Certificates with private keys. Certificate distribution is managed
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  8.3 Pull Management
  using a KeyCredentialManagement Object (see 8.5.4 ). It allows Clients to request credentials for AuthorizationServices or Brokers which are supported by the KeyCredentialService . The interactions between the Client and the KeyCredentialService
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  9.1 Overview
  Overview AuthorizationServices provide AccessTokens to Clients that may use them to access resources. A Server, such as a GDS , with AuthorizationService Capabilities may support one or more AuthorizationService Objects ... submits the request. This scenario is illustrated in Figure 29 . Figure 29 - Roles and AuthorizationServices When requesting AccessTokens from an AuthorizationService Object there are three primary use cases based
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  9.2 Roles and Privileges
  Roles and Privileges AuthorizationServices restrict access to many of the features they provide. These restrictions are described either by referring to well-known Roles which a Session must have access
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  9.3 Implicit
  rather than a URL as implied by the field name and requirements specific to AuthorizationServices are defined in Table 144 . Table 144 - Target Server UserTokenPolicy Parameters Name Description IssuerEndpointUrl
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  9.6.1 Overview
  Overview The information model for AuthorizationServices which allow Clients to request AccessTokens from a Server is shown in Figure 33 . Figure 33 - The Model for Requesting AccessTokens from AuthorizationServices
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  9.7.1 Overview
  information model used to provide Servers with the information used to accept AccessTokens from AuthorizationServices in Figure 34 . Figure 34 - The Model for Configuring Servers to use AuthorizationServices
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  9.7.5 AuthorizationServiceConfigurationDataType
  used as part of the ApplicationConfigurationDataType defined in 7.10.19 which allows multiple of AuthorizationServices in a Server to be updated at once. The Name of the record is the name ... Object. Note that when a new AuthorizationServiceConfiguration is added, Clients need to browse the AuthorizationServices folder to discover the NodeId assigned by the Server that is needed for Certificate Management