Search

16 result(s) for ClientCertificate

• OPC-10000-3 – OPC Unified Architecture - Part 3: Address Space Model
  4.9.1 Overview
  used to separate authentication (determining who a Client is) from authorization (determining what the Client is allowed to do). By separating these tasks Servers can allow centralized services to manage ... user groups. Application identity mappings are based on the ApplicationUri specified in the Client Certificate . Application identity can only be enforced if the Client proves possession of a trusted Certificate
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  5.7.2.1 Description
  SecureChannel . It shall also provide a SecureChannelId which uniquely identifies the SecureChannel or the Client Certificate used to establish the SecureChannel . The Server uses one of these to identify ... Session . The Server shall check that the ApplicationUri specified in the clientDescription matches the Client Certificate . If it does not match, CreateSession shall return Bad_CertificateUriInvalid. The Session created with
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  5.7.2.2 Parameters
  Server shall use this value to prove possession of its ApplicationInstanceCertificate in the response. clientCertificate ApplicationInstance Certificate The ApplicationInstanceCertificate issued to the Client . The ApplicationInstanceCertificate type is defined ... calculated using the method in 6.1.8 . The SignatureData type is defined in 7.36 . The clientCertificate shall be validated according to the rules in 6.1.3 even if the Server chooses
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  5.7.3.1 Description
  Client does this by creating a signature with the private key associated with the clientCertificate specified in the CreateSession request. The data to sign is described in 6.1.8 . Once used
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  6.1.8 Calculating Signatures used in CreateSession and ActivateSession
  Client SecureChannel Certificate ( Client ChannelCertificate ); The Server Application Certificate ( ServerCertificate ); The Client Application Certificate ( ClientCertificate ); The ServerNonce returned in CreateSession or ActivateSession ; The ClientNonce passed in CreateSession ; The ChannelThumbprint ... ClientSignature (see 5.7.3 ) ChannelThumbprint | ServerNonce | HASH(ServerCertificate) | HASH(Server ChannelCertificate) | HASH(Client ChannelCertificate) | ClientNonce ClientCertificate UserTokenSignature (see 5.7.3 ) ChannelThumbprint | ServerNonce | HASH(ServerCertificate) | HASH(Server ChannelCertificate) | HASH(ClientCertificate) | HASH(Client ChannelCertificate
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  7.35 SessionAuthenticationToken
  with a particular Session . This identifier is used in conjunction with the SecureChannelId or Client Certificate to authenticate incoming messages. It is the secret form of the sessionId for internal ... verify the sender of the message and it uses the SecureChannelId or the Client Certificate to identify the sender to the Server . In these cases, the SessionAuthenticationToken is a NodeId
• OPC-10000-5 – OPC Unified Architecture - Part 5: Information Model
  6.4.6 AuditOpenSecureChannelEventType
  defined in 6.4.5 , which means it inherits the InstanceDeclarations of that Node. HasProperty Variable ClientCertificate ByteString PropertyType Mandatory HasProperty Variable ClientCertificateThumbprint String PropertyType Mandatory HasProperty Variable RequestType SecurityTokenRequestType PropertyType Mandatory ... defined for this EventType reflect parameters of the Service call that triggers the Event . ClientCertificate is the clientCertificate parameter of the OpenSecureChannel Service call. ClientCertificateThumbprint is a thumbprint
• OPC-10000-5 – OPC Unified Architecture - Part 5: Information Model
  6.4.8 AuditCreateSessionEventType
  inherits the InstanceDeclarations of that Node. HasProperty Variable SecureChannelId String PropertyType Mandatory HasProperty Variable ClientCertificate ByteString PropertyType Mandatory HasProperty Variable ClientCertificateThumbprint String PropertyType Mandatory HasProperty Variable RevisedSessionTimeout Duration PropertyType Mandatory ... AuditCreateSessionEventType, AuditActivateSessionEventType and their subtypes) and the SecureChannel Service Set (AuditChannelEventType and its subtypes). ClientCertificate is the clientCertificate parameter of the CreateSession Service call. ClientCertificateThumbprint is a thumbprint
• OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings
  6.2.1 General
  when they are used as part of an Internet based application. The ServerCertificate and ClientCertificate parameters used in the abstract OpenSecureChannel service are typically instances of the ApplicationInstance Certificate DataType
• OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings
  6.7.4 Establishing a SecureChannel
  OpenSecureChannel request to the Server . The Server shall validate the Message and the ClientCertificate and return an OpenSecureChannel response. Some of the parameters defined for the OpenSecureChannel service are specified
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  7.3 Pull Management
  ways to authenticate Clients : The CertificateManager is pre-configured with information about the Client Certificate that allows the CertificateManager to know that the Client can request Certificates even if anonymous ... have a manual process where an administrator reviews each request before issuing a Certificate . The Client provides user credentials. A Client shall not provide a secret (e.g. a password
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  7.9.5 FinishRequest
  again. Recovering from this error is done by: If the Client originally called StartSigningRequest it can retrieve the Certificate by calling GetCertificates (see 7.9.8 ); If the Client originally called StartNewKeyPairRequest ... CertificateAuthorityAdmin Role, the ApplicationAdmin Privilege , or the ApplicationSelfAdmin Privilege (see 7.2 ). In addition, the Client Certificate shall be the same as the one used to call StartSigningRequest or StartNewKeyPairRequest
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  7.10.19 ApplicationConfigurationDataType
  configuration update is rejected. The TrustList associated with that CertificateGroup shall trust the Client Certificate used for the current Session. Updates to the configuration are applied in the following order ... single record type updates are applied in the order they appear in the array. Client shall put updates in this order: Delete => Insert => Replace. For Insert/Replace operations
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  9.6.8 RefreshToken
  AuthorizationService using a cached RefreshToken. The CurrentRefreshToken shall only be accepted if the ClientCertificate used to create the SecureChannel is the same as the ClientCertificate used when the FinishRequestToken Method
• OPC-10000-18 – OPC Unified Architecture - Part 18: Role-Based Security
  4.4.1 RoleType definition
  true: The UserIdentityToken complies with Identities. The Applications Property is not configured or the Client Certificate complies with the Applications settings. The Endpoints Property is not configured or the Endpoint ... excluded from this Role . Each element in the array is an ApplicationUri from a Client Certificate which is trusted by the Server . If Applications has entries in the array
• OPC-10000-18 – OPC Unified Architecture - Part 18: Role-Based Security
  4.4.3 IdentityMappingRuleType
  string. The criteriaType applies for any Client application with a trusted ApplicationInstance Certificate . The Client Certificate shall be trusted by the Server and the Session shall use at least ... communication channel. If the criteriaType is Application , the criteria is the ApplicationUri from the Client Certificate used for the Session . The Client Certificate shall be trusted by the Server