Search

30 result(s) for CreateSession

• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  5.3 Service results
  chances of a fatal error by exchanging their message size limits in the CreateSession service. This will allow either party to avoid sending a message that causes a communication fault
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  5.5.1 Overview
  comparing the information returned from the DiscoveryEndpoint to the information returned in the CreateSession response. A Client shall verify that: The ApplicationUri specified in the Server Certificate is the same ... ApplicationUri provided in the EndpointDescription returned from CreateSession response . The Server Certificate returned in CreateSession response is the same as the Certificate used to create the SecureChannel . The EndpointDescriptions returned
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  5.5.4.1 Description
  first establish a SecureChannel with the Gateway Server . Then the Client shall call the CreateSession service and pass the serverUri specified in the EndpointDescription to the Gateway Server . The Gateway
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  5.6.2.1 Description
  then Clients and Servers shall verify that the same Certificates are used in the CreateSession and ActivateSession Services . Certificates are not provided and shall not be verified if the securityPolicyUri
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  5.7.2.1 Description
  Server Certificate matches the ApplicationUri provided in the EndpointDescription returned by the CreateSession response. If it does not match, the Client shall close the Session . The Server shall check that ... ApplicationUri specified in the clientDescription matches the Client Certificate . If it does not match, CreateSession shall return Bad_CertificateUriInvalid. The Session created with this Service shall not be used until
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  5.7.3.1 Description
  issued by the Client before it issues any Service request other than CloseSession after CreateSession . Failure to do so shall cause the Server to close the Session . Whenever the Client ... Service the Client shall prove that it is the same application that called the CreateSession Service . The Client does this by creating a signature with the private key associated with
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  5.7.4.1 Description
  request if the SecureChannel is not the same as the one associated with the CreateSession request
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  6.1.4 Creating a SecureChannel
  verify that the ServerCertificate in the EndpointDescription is a trusted Certificate before it calls CreateSession . The second security risk comes from a third party that alters the contents ... list of EndpointDescriptions returned from the GetEndpoints Service with list returned in the CreateSession response . The exact mechanisms for using the SecurityToken to sign and encrypt Messages exchanged over
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  6.1.8 Calculating Signatures used in CreateSession and ActivateSession
  Calculating Signatures used in CreateSession and ActivateSession There are a number of Signatures which Client and Server applications may need to calculate when calling CreateSession and ActivateSession . The new Signature ... SecureChannel be used in the calculation. Certificates that are passed as parameters in CreateSession are used to calculate the Signatures . Channel bound Signatures are only used with SecurityPolicies with SecureChannelEnhancements
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  6.5.6 Auditing for Session Service Set
  base EventType or the appropriate subtype, depending on the service that was invoked. The CreateSession service shall generate AuditCreateSessionEventType events or sub-types of it. The ActivateSession service shall generate
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  7.1 AdditionalParametersType
  passed in addition to basic types such as Strings. Note that the calls to CreateSession / ActivateSession are made before the Client can read the Server's current NamespaceArray . This means
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  7.35 SessionAuthenticationToken
  SessionAuthenticationToken is a subtype of NodeId . A Server returns a SessionAuthenticationToken in the CreateSession response. The Client then sends this value with every request which allows the Server to verify ... sender of the request is the same as the sender of the original CreateSession request. For the purposes of this discussion, a Server consists of application (code) and a Communication
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  7.40.2.2 Legacy Encrypted Token Secret Format
  token data. serverNonce Byte [*] The last ServerNonce returned by the Server in the CreateSession or ActivateSession response
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  7.40.2.3 EncryptedSecret Format
  structured for different SecurityPolicies . Nonce ByteString This is the last serverNonce returned in the CreateSession or ActivateSession Response when a UserIdentityToken is passed with the ActivateSession Request . If used outside
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  7.40.2.4 RsaEncryptedSecret DataType
  EncryptingKey . Nonce ByteString A Nonce . This is the last ServerNonce returned in the CreateSession or ActivateSession Response when proving a UserIdentityToken passed in the ActivateSession Request . In other contexts, this
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  7.40.2.5 EccEncryptedSecret DataType
  receiver. Nonce ByteString A Nonce . This is the last ServerNonce returned in the CreateSession or ActivateSession Response when proving a UserIdentityToken passed in the ActivateSession Request . In other contexts, this
• OPC-10000-5 – OPC Unified Architecture - Part 5: Information Model
  6.3.4 SessionsDiagnosticsSummaryType
  ClientName> . The BrowseName could be derived from the sessionName defined in the CreateSession Service ( OPC 10000-4 ) or some other server-specific mechanisms. It is of the ObjectType SessionDiagnosticsObjectType
• OPC-10000-5 – OPC Unified Architecture - Part 5: Information Model
  6.4.7 AuditSessionEventType
  Session/" and the Service or cause that generates the Event (e.g. CreateSession , ActivateSession or CloseSession ). The SessionId shall contain the SessionId of the session that the Service call ... issued on In the CreateSession Service this shall be set to the newly created SessionId . If no session context exists (e.g. for a failed CreateSession Service call) the SessionId shall
• OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings
  6.1 Security Handshake and Security Policies
  SecureChannel . The handshake shown also applies when using Session-less Service invocations, however the CreateSession steps are omitted. Figure 10 - Security handshake when Creating a Session Each SecurityProtocol mapping specifies ... SecureChannel are required for the SecurityPolicy . Specifically, Channel-bound Signature calculations in CreateSession / ActivateSession ; Chained symmetric key derivation when renewing SecureChannels . If FALSE or the parameter is not specified
• OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings
  6.2.6 Certificate Chains
  chain whenever they pass a Certificate. This includes GetEndpoints , SecureChannel negotiation and during the CreateSession / ActivateSession handshake. All OPC UA applications shall accept partial or complete chains in any field
• OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings
  6.8.2 UserIdentityToken Encryption
  Client and Server exchange EphemeralKeys and there is no mechanism in the current CreateSession / ActivateSession handshake to do this. For that reason, EphemeralKeys are returned in the AdditionalHeader field ... ResponseHeader of the CreateSession and ActivateSession responses. An overview of the handshake is shown in Figure 16 . Figure 16 - ECC CreateSession/ActivateSession Handshake The UserTokenPolicies are returned in the GetEndpoints response
• OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings
  7.1.5 Error handling
  security risk and it is necessary to immediately close the SecureChannel . For example, calling CreateSession on a SecureChannel that does not allow Sessions . The numeric values for these error codes
• OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings
  7.4.1 Overview
  specified, however, it only affects the algorithms used for signing the Nonces during the CreateSession / ActivateSession handshake. A SecurityPolicy of None indicates that the Nonces are not signed. The SecurityMode ... HTTPS transport and require application authentication shall check application Certificates during the CreateSession / ActivateSession handshake. HTTPS Certificates can be automatically generated; however, this will cause problems for Client s operating
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  6.4 Application Registration Workflow
  configuration tool. Connect For the connection management with the GDS the services OpenSecureChannel , CreateSession and ActivateSession are used to create a connection with MessageSecurityMode SignAndEncrypt and a user that
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  7.6 Pull Management Workflow
  connection for option (2). For the connection management with the CertificateManager the Services OpenSecureChannel , CreateSession and ActivateSession are used to create a connection with MessageSecurityMode SignAndEncrypt and an Anonymous user
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  9.3 Implicit
  with the "Authorization Server" may be created explicitly with a call to CreateSession or it can be implicit via a Session -less Method Call. With this use case
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  A.1 Firewalls and Discovery
  that has multiple HostNames shall look at the EndpointUrl passed to the GetEndpoints or CreateSession services and return EndpointDescriptions with URLs that use the same HostName . A Server with multiple
• OPC-10000-81 – OPC Unified Architecture - Part 81: UAFX Connecting Devices and Information Model
  6.5.3 EstablishControl method
  ConnectionEndpoint or the ApplicationUri of a Client connection as provided in the CreateSession Service Call (see OPC 10000-4). If this parameter is a null string, it shall default
• OPC-10000-81 – OPC Unified Architecture - Part 81: UAFX Connecting Devices and Information Model
  6.5.5 ReassignControl method
  ConnectionEndpoint or the ApplicationUri of a Client connection as provided in the CreateSession Service Call (see OPC 10000-4). It cannot be null. LockStatus 0 - OK -1 - E_NotLocked
• OPC-30300 – Using Generic Trust Anchor (GTA) API with OPC UA - Part 1: Generic Trust Anchor (GTA) API Profile for OPC UA
  5.6 CreateSession and ActivateSession
  CreateSession and ActivateSession CreateSession and ActivateSession are used to establish Sessions based on the UserIdentity . CreateSession and ActivateSession can be supported by the following TrustAnchor capabilities: Computation of asymmetric cryptographic ... private keys corresponding to an application certificate, can effectively be protected by TrustAnchor capabilities. CreateSession and ActivateSession use these keys to authenticate the identity of the client resp. server identity