Search

34 result(s) for SecurityGroup

• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  3.1.42 SecurityGroup
  SecurityGroup Publisher(s) and Subscriber (s) that utilize a shared security context Note 1 to entry: This context could include share keys
• OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub
  3.1.9 SecurityGroup
  SecurityGroup grouping of security settings and security keys used to access messages from a Publisher Note 1 to entry: A SecurityGroup is an abstraction that represents the security settings ... security keys that can be used to access messages from a Publisher . A SecurityGroup is identified with a unique identifier called the SecurityGroupId . The SecurityGroupId is unique within the Security
• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  4.3.2.2 Message flooding
  attacker could be one in which the publisher is not a member of the SecurityGroup and one in which it is a member. For malformed Messages, an attacker could
• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  4.5.3.2 Broker-less
  well as user Authentication . This approach allows all applications ( Publishers and/or Subscribers ) in a SecurityGroup to share information. An SKS could be part of a Publisher or Subscriber . It could ... replaced periodically, where the period is determined by the number of Publishers in a SecurityGroup and the frequency of messages. To ensure that Publishers and Subscribers can maintain communication, they
• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  5.1.2.2 Message flooding
  checked to eliminate any message that is well formed, but not from the desired SecurityGroup . PubSub can also be configured for unicast instead of multicast, which allows the network infrastructure
• OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub
  5.3.5 Message security
  side. The keys used for message security are managed in the context of a SecurityGroup . The basic concepts of a SecurityGroup are described in 5.3.7 . This standard defines a general
• OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub
  5.3.7 SecurityGroup
  SecurityGroup A SecurityGroup is an abstraction that represents the message security settings and security keys for a subset of NetworkMessages exchanged between Publishers and Subscribers . The security keys are used ... manages SecurityGroups and maintains a mapping between Roles and their access Permissions for a SecurityGroup . This mapping defines if a Publisher or Subscriber has access to the security keys
• OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub
  5.4.5.1 General
  typically used by a central SKS to push the security keys for a SecurityGroup into a Publisher or Subscriber . The Method is exposed by Publishers or Subscribers that have
• OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub
  5.4.5.2 SecurityGroup Management
  SecurityGroup Management The SKS is the entity with knowledge of SecurityGroups and it maintains a mapping between Roles and SecurityGroups . The related User Authorization model is defined ... mechanism to set Permissions for Roles on a Node . The Permissions on a SecurityGroup Object is used to determine if a Role has access to the keys for the SecurityGroup
• OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub
  5.4.5.3 Key acquisition handshakes
  Subscriber creates an encrypted connection and provides credentials that allow it access to the SecurityGroup . Then it passes the identifier of the SecurityGroup to the GetSecurityKeys Method that verifies ... Publisher or Subscriber and provides credentials that allow it to provide keys for a SecurityGroup . Then it passes the identifier of the SecurityGroup and the keys used to secure messages
• OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub
  6.2.5.3 SecurityGroupId
  SecurityGroupId The SecurityGroupId with DataType String is the identifier for a SecurityGroup in the Security Key Server . It is unique within a SKS. The parameter is null if the SecurityMode ... NONE . If the SecurityMode is not NONE the SecurityGroupId identifies the SecurityGroup . The SecurityGroup defines the SecurityPolicy and the security keys used for the NetworkMessage security. The PubSubGroup defines
• OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub
  6.2.5.4 SecurityKeyServices
  more Security Key Servers (SKS) that manage the security keys for the SecurityGroup assigned to the PubSubGroup . The EndpointDescription DataType is defined in OPC 10000-4 . The parameter is null ... combination of SecurityGroupId and SKS ApplicationUri is the unique key for a SecurityGroup in a PubSub application. Table 40 - SecurityKeyService parameter content Field Type Definition for the values EndpointUrl String
• OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub
  6.2.12.2 SecurityGroupDataType
  SecurityGroupDataType This Structure DataType is used to represent the configuration of a SecurityGroup in a PubSub configuration of an OPC UA Application . If the SecurityPolicyUri or the KeyLifetime ... existing SecurityGroup are modified, all existing keys of the SecurityGroup are invalidated. The behaviour is described for the InvalidateKeys Method in 8.4.2 . The SecurityGroupDataType is formally defined in Table
• OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub
  7.2.4.4.2 NetworkMessage layout
  IntegerId The ID of the security token that identifies the security key in a SecurityGroup . The relation to the SecurityGroup is done through DataSetWriterIds contained in the NetworkMessage
• OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub
  8.1 Overview
  provided. If the PubSub configuration functionality is provided, the PublishSubscribeType is used instead. A SecurityGroup manages keys used for securing PubSub NetworkMessages . The SecurityGroups are organized by the SecurityGroupFolderType
• OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub
  8.3.1 PubSubKeyServiceType definition
  type and can be used directly. The SecurityGroups folder organizes the Objects representing the SecurityGroup configuration. The KeyPushTargets folder organizes the Objects representing the PubSubKeyPushTarget configuration
• OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub
  8.3.2 GetSecurityKeys Method
  GetSecurityKeys Method This Method is used to retrieve the security keys for a SecurityGroup . This Method is required to access the security keys of a PubSubGroup where the SecurityGroup manages ... information necessary to access the Server that implements the GetSecurityKeys Method for the SecurityGroup is also contained in the SecurityKeyServices setting of WriterGroup, ReaderGroup and DataSetReader . The GetSecurityKeys Method
• OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub
  8.3.3 GetSecurityGroup Method
  SecurityGroupId . It is used by a security administration tool to get the SecurityGroup Object for configuration of access permissions for the keys. The SecurityGroupId is the identifier for the SecurityGroup ... Publishers , Subscribers and the key Server . This Method returns the NodeId of the corresponding SecurityGroup Object Node providing the configuration and diagnostic options for a SecurityGroup . Signature GetSecurityGroup ( [in] String
• OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub
  8.4.1 SecurityGroupType definition
  RolePermissions contained in the SecurityGroupDataType controls the access to the security keys for the SecurityGroup through the Method GetSecurityKeys . The GetSecurityKeys Method is defined in 8.3.2 . The Permission to access ... Optional Conformance Units PubSub Model SKS The Property SecurityGroupId contains the identifier for the SecurityGroup used in the key exchange Methods GetSecurityKeys and SetSecurityKeys in the PubSubGroupType . The Property KeyLifetime
• OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub
  8.4.2 InvalidateKeys Method
  InvalidateKeys Method This Method invalidates the current and all future keys of this SecurityGroup . The keys will be replaced by new keys; indicated by a new current SecurityTokenId ... shall be incremented beyond the SecurityTokenId of the last invalidated future key. If the SecurityGroup is related to one or more PubSubKeyPushTargets , the SKS shall push
• OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub
  8.4.3 ForceKeyRotation Method
  KeyLifetime , i.e. it initiates an unplanned key rotation . The future keys of this SecurityGroup remain valid. InvalidateKeys makes all keys invalid immediately and most likely this causes communication interruptions ... without breaking communication e.g. for removing applications from a UDP multicast group. If the SecurityGroup is related to one or more PushTargets , the SKS shall push an updated
• OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub
  8.5.2 AddSecurityGroup Method
  UInt32 MaxPastKeyCount, [out] String SecurityGroupId, [out] NodeId SecurityGroupNodeId ); Argument Description SecurityGroupName Name of the SecurityGroup to add. KeyLifetime The lifetime of a key in milliseconds. If 0 is passed ... caller should get the revised value by reading the KeyLifetime of the created SecurityGroup . SecurityPolicyUri The SecurityPolicy used for the SecurityGroup . If a null or empty String is passed
• OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub
  8.5.3 RemoveSecurityGroup Method
  Server . See 8.3.2 for details on the lifetime of keys previously issued for this SecurityGroup . Signature RemoveSecurityGroup ( [in] NodeId SecurityGroupNodeId ); Argument Description SecurityGroupNodeId NodeId of the SecurityGroupType Object to remove
• OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub
  8.6.2 Behaviour
  Behaviour The first push is started at the time a SecurityGroup is assigned to the PubSubKeyPushTarget . The assignment is done with the Method ConnectSecurityGroups or with a successful update ... push is described in 5.4.5.3 . In a period of half the KeyLifetime of a SecurityGroup , the SKS shall open a secure communication to each related PubSubKeyPushTargets and shall call SetSecurityKeys
• OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub
  8.6.3 ConnectSecurityGroups
  that the SKS shall use the push model to distribute the keys of the SecurityGroup to the PubSubKeyPushTarget . The SKS shall push keys following this assignment. If an assignment does ... already exist, the entry is ignored. If the assignment for a SecurityGroup already exists, a Good_EntryReplaced should be returned for that SecurityGroup and a new push of the existing
• OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub
  9.1.3.3 SetSecurityKeys
  SetSecurityKeys This Method is used to push the security keys for a SecurityGroup into a Publisher or Subscriber . It is used if Publisher or Subscriber have no OPC UA Client ... FutureKeys, [in] Duration TimeToNextKey, [in] Duration KeyLifetime ); Argument Description SecurityGroupId The identifier for the SecurityGroup . SecurityPolicyUri The URI for the set of algorithms and key lengths used to secure
• OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub
  9.1.3.7.2 PubSubConfigurationRefMask
  referenced SubscribedDataSet . ReferenceSecurityGroup 11 The element operation is applied to the referenced SecurityGroup . The access to the security groups may require different user credentials than access to the communication configuration
• OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub
  A.2.1.5 Header layout for NetworkMessages with integrity (signing)
  IntegerId The ID of the security token that identifies the security key in a SecurityGroup . NonceLength Byte 8 MessageNonce Byte[8] A number used exactly once for a given security
• OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub
  A.2.1.6 Header layout for NetworkMessages with integrity and confidentiality (signing and encryption)
  IntegerId The ID of the security token that identifies the security key in a SecurityGroup . NonceLength Byte 8 MessageNonce Byte[8] A number used exactly once for a given security
• OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub
  A.2.2.5 Header layout for NetworkMessages with integrity (signing)
  IntegerId The ID of the security token that identifies the security key in a SecurityGroup . NonceLength Byte The length of the Nonce used to initialize the encryption algorithm. MessageNonce Byte
• OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub
  A.2.2.6 Header layout for NetworkMessages with integrity and confidentiality (signing and encryption)
  IntegerId The ID of the security token that identifies the security key in a SecurityGroup . NonceLength Byte The length of the Nonce used to initialize the encryption algorithm. MessageNonce Byte
• OPC-10000-17 – OPC Unified Architecture - Part 17: Alias Names
  D.1.3 PubSub AliasName Notification Configuration
  that is associated with the published messages. It is the unique identifier for a SecurityGroup within an SKS. The SecurityKeyServices that is associated with the published messages. The Address that
• OPC-10000-17 – OPC Unified Architecture - Part 17: Alias Names
  D.3.3 Header layout for NetworkMessages with integrity (signing)
  IntegerId The ID of the security token that identifies the security key in a SecurityGroup . NonceLength Byte The length of the Nonce used to initialize the encryption algorithm. MessageNonce Byte
• OPC-10000-81 – OPC Unified Architecture - Part 81: UAFX Connecting Devices and Information Model
  E.5 Interaction with an SKS
  using AddPushTarget and ConnectSecurityGroups . The SKS will not return an error if the SecurityGroup or the PubSubKeyPushTarget (with the same parameters) is added multiple times. After the SKS configuration