Search

20 result(s) for KeyCredential

• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  3.1.11 KeyCredential
  KeyCredential a unique identifier and a secret used to access an AuthorizationService or a Broker . Note 1 to entry: a user name and password is an example of a KeyCredential
• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  4.1 OPC UA security environment
  shown in Figure 1 . OPC UA also defines global services such as Certificate management, KeyCredential management, AuthorizationService , and GlobalDiscoveryServer (GDS) to help manage security and other global functionality. Figure
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  7.10.25 UserTokenSettingsDataType
  Anonymous TokenTypes . The KeyCredentialName is only specified for IssuedIdentityTokens and refers to a KeyCredential needed to access network resources used to validate IssuedIdentityTokens . Table 116 - UserTokenSettingsDataType Structure Name Type Description
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  8.1 Overview
  Overview KeyCredential management functions allow the management and distribution of KeyCredentials which OPC UA Applications use to access AuthorizationServices and/or Brokers . An application that provides the KeyCredential management functions ... combined with the GDS into a single application. There are two primary models for KeyCredential management: pull and PushManagement . In PullManagement , the application acts as a Client and uses
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  8.2 Roles and Privileges
  KeyCredentialService Name Description KeyCredentialAdmin This Role grants rights to request or revoke any KeyCredential . SecurityAdmin This Role grants the right to change the security configuration of a KeyCredentialService. The well
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  8.5.1 Overview
  well-known Object that appears in the AddressSpace of any Server which supports KeyCredential management. Figure 27 - The Address Space used for Pull KeyCredential Management
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  8.5.4 KeyCredentialServiceType
  HasComponent Method 2:Revoke Defined in 8.5.7 . Optional Conformance Units Pull Model for KeyCredential ServicePull Model for KeyCredential Service The ResourceUri Property uniquely identifies the resource that accepts the KeyCredentials ... FinishRequest Method is used to complete a request created by calling StartRequest . If the KeyCredential is available it is returned. If request is not yet completed it returns Bad_NothingToDo
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  8.5.5 StartRequest
  StartRequest StartRequest is used to request a new KeyCredential . The KeyCredential secret may be encrypted with the public key of the Certificate supplied in the request. The SecurityPolicyUri specifies ... Certificate should be provided. PublicKey A Public Key used to encrypt the returned KeyCredential secret. For RSA SecurityPolicies this is the DER encoded form of an X.509 v3 Certificate
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  8.5.6 FinishRequest
  FinishRequest FinishRequest is used to retrieve a KeyCredential . If a Certificate was provided in the request, then the KeyCredential secret is encrypted using an asymmetric encryption algorithm specified ... EccEncryptedSecret DataType is used. The Signing Certificate is owned by the source of the KeyCredential. The KeyCredentialService determines the most appropriate Certificate to use. If the return code
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  8.5.7 Revoke
  Revoke The Revoke Method is used to revoke a KeyCredential used by a Client or Server . KeyCredentials shall be deleted when revoked. This Method shall be called from an encrypted ... Signature Revoke ( [in] String CredentialId ); Argument Description CredentialId The unique identifier for the KeyCredential . Method Result Codes (defined in Call Service) Result Code Description Bad_InvalidArgument The CredentialId is does
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  8.5.9 KeyCredentialRequestedAuditEventType
  KeyCredentialRequestedAuditEventType This event is raised when a new KeyCredential request has been accepted or rejected by the Server . This can be the result of a StartRequest Method call. Its representation ... Rule Subtype of the 0: KeyCredentialAuditEventType defined in 8.5.8 . Conformance Units Pull Model for KeyCredential Service This EventType inherits all Properties of the KeyCredentialAuditEventType
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  8.5.10 KeyCredentialDeliveredAuditEventType
  KeyCredentialDeliveredAuditEventType This event is raised when a KeyCredential is delivered by the Server to an application. This is the result of a FinishRequest Method completing. Its representation in the AddressSpace ... Rule Subtype of the 0: KeyCredentialAuditEventType defined in 8.5.8 . Conformance Units Pull Model for KeyCredential Service This EventType inherits all Properties of the KeyCredentialAuditEventType
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  8.5.11 KeyCredentialRevokedAuditEventType
  KeyCredentialRevokedAuditEventType This event is raised when a KeyCredential is revoked. This is the result of a RevokeKeyCredential Method completing. Its representation in the AddressSpace is formally defined in Table ... Rule Subtype of the 0: KeyCredentialAuditEventType defined in 8.5.8 . Conformance Units Pull Model for KeyCredential Service This EventType inherits all Properties of the KeyCredentialAuditEventType
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  8.6.1 Overview
  well-known Object that appears in the AddressSpace of any Server which supports KeyCredential management. Figure 28 - The Address Space used for Push KeyCredential Management
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  8.6.6 GetEncryptingKey
  Method is used to request a key that can be used to encrypt a KeyCredential . This Method shall be called from an encrypted SecureChannel and from a Client that ... ByteString PublicKey [out] String RevisedSecurityPolicyUri ); Argument Description CredentialId The unique identifier associated with the KeyCredential . RequestedSecurityPolicyUri The SecurityPolicy used to encrypt the secret. If not specified the Server chooses
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  8.6.7 UpdateCredential
  UpdateCredential The UpdateCredential Method is used to update a KeyCredential used by a Server . The KeyCredential secret may be encrypted using the key returned by GetEncryptingKey . The SecurityPolicyUri species ... needs to be presented when using the CredentialSecret. CredentialSecret The secret associated with the KeyCredential . CertificateThumbprint The SHA1 hash of the Certificate used to encrypt the secret. For RSA SecurityPolicies
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  8.6.8 DeleteCredential
  DeleteCredential The DeleteCredential Method is used to delete a KeyCredential used by a Server . This Method shall be called from an encrypted SecureChannel and from a Client that has access
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  8.6.9 KeyCredentialUpdatedAuditEventType
  KeyCredentialUpdatedAuditEventType This event is raised when a KeyCredential is updated. This Event and its subtypes report sensitive security related information. Servers shall only report these Events to Clients which ... Rule Subtype of the 0: KeyCredentialAuditEventType defined in 8.5.8 . Conformance Units Push Model for KeyCredential Service This EventType inherits all Properties of the KeyCredentialAuditEventType
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  8.6.10 KeyCredentialDeletedAuditEventType
  KeyCredentialDeletedAuditEventType This event is raised when a KeyCredential is updated. This is the result of a DeleteCredential Method completing. Its representation in the AddressSpace is formally defined in Table ... Rule Subtype of the 0: KeyCredentialAuditEventType defined in 8.5.8 . Conformance Units Push Model for KeyCredential Service This EventType inherits all Properties of the KeyCredentialAuditEventType
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  9.2 Roles and Privileges
  SecureChannel is used to determine the identity of the OPC UA Application. A KeyCredential (see 8 ) provided as a UserIdentityToken may also be used to determine if the Client