Search

Scope: Core (OPC-10000-*) All specs

38 result(s) for SecurityMode

OPC-10000-4 – OPC Unified Architecture - Part 4: Services

5.5.1 Overview

they may be in a different order. For the content, the fields ApplicationUri , EndpointUrl , SecurityMode , SecurityPolicyUri , UserIdentityTokens , TransportProfileUri and SecurityLevel shall be compared for exact match. All other fields
OPC-10000-4 – OPC Unified Architecture - Part 4: Services

5.6.2.2 Parameters

SecureChannel . The concrete security protocol definition in OPC 10000-6 chooses the concrete DataType . securityMode Enum MessageSecurityMode The type of security to apply to the messages. The type MessageSecurityMode type ... defined in 7.20 . A SecureChannel may need to be created even if the securityMode is NONE . The exact behaviour depends on the mapping used and is described
OPC-10000-4 – OPC Unified Architecture - Part 4: Services

5.7.2.1 Description

given request. The Communication Stack shall, at a minimum, provide the SecurityPolicy and SecurityMode used by the SecureChannel . It shall also provide a SecureChannelId which uniquely identifies the SecureChannel ... uthenticationToken for different types of Communication Stack . Depending upon on the SecurityPolicy and the SecurityMode of the SecureChannel, the exchange of ApplicationInstanceCertificates and Nonces may be optional and the signatures
OPC-10000-4 – OPC Unified Architecture - Part 4: Services

5.7.2.2 Parameters

securityPolicyUri is None, the Server shall ignore the ApplicationInstanceCertificate . If the SecurityMode is not None, a Client shall prove possession by using the private key to create a Signature using ... Nonce provided by the Server in the response. If the SecurityMode is not None, the Server shall verify that this ApplicationInstanceCertificate is the same as the one it used
OPC-10000-4 – OPC Unified Architecture - Part 4: Services

5.7.3.1 Description

currently associated with the Session . Lastly, the Server shall verify that the SecurityPolicy and SecurityMode are the same as the original SecureChannel . Once the Server accepts the new SecureChannel
OPC-10000-4 – OPC Unified Architecture - Part 4: Services

6.1.8 Calculating Signatures used in CreateSession and ActivateSession

HASH(ServerCertificate) | HASH(Server ChannelCertificate) | HASH(ClientCertificate) | HASH(Client ChannelCertificate) | ClientNonce UserCertificate UserTokenSignature when SecurityMode is None. ServerNonce | HASH(ServerCertificate) | ClientNonce UserCertificate The HASH() function is specified by the CertificateThumbprintAlgorithm
OPC-10000-4 – OPC Unified Architecture - Part 4: Services

7.14 EndpointDescription

Certificate The ApplicationInstanceCertificate issued to the Server . The ApplicationInstanceCertificate type is defined in 7.3 . securityMode Enum MessageSecurityMode The type of security to apply to the messages. The type MessageSecurityMode type ... defined in 7.20 . A SecureChannel may need to be created even if the securityMode is NONE. The exact behaviour depends on the mapping used and is described
OPC-10000-4 – OPC Unified Architecture - Part 4: Services

7.40.4 UserNameIdentityToken

SecureChannel SecurityPolicy is used if the UserTokenPolicy is null or empty. If the SecurityMode is not NONE, it is recommended to use the same SecurityPolicy for the SecureChannel ... user token. Table 189 - EncryptionAlgorithm selection SecureChannel SecurityPolicy SecureChannel SecurityMode UserTokenPolicy SecurityPolicy EncryptionAlgorithm Used Security Policy - None NONE Null or empty No encryption (a) Security Policy - None NONE Security Policy
OPC-10000-4 – OPC Unified Architecture - Part 4: Services

7.41 UserTokenPolicy

encryption algorithms can only be returned in EndpointDescription with an RSA ServerCertificate. If the SecurityMode is None, SecurityPolicies based on ECC or RSA_DH are not allowed and Clients shall ... ServerCertificate which it trusts to encrypt UserIdentityTokens with tokenType USERNAME or ISSUEDTOKEN. If the SecurityMode is not None , USERNAME and ISSUEDTOKEN UserTokenPolicies should specify the same SecurityPolicy as the EndpointDescription
OPC-10000-5 – OPC Unified Architecture - Part 5: Information Model

6.4.6 AuditOpenSecureChannelEventType

HasProperty Variable RequestType SecurityTokenRequestType PropertyType Mandatory HasProperty Variable SecurityPolicyUri String PropertyType Mandatory HasProperty Variable SecurityMode MessageSecurityMode PropertyType Mandatory HasProperty Variable RequestedLifetime Duration PropertyType Mandatory HasProperty Variable CertificateErrorEventId ByteString PropertyType Optional ... OpenSecureChannel Service call. SecurityPolicyUri is the securityPolicyUri parameter of the OpenSecureChannel Service call. SecurityMode is the securityMode parameter of the OpenSecureChannel Service call. RequestedLifetime is the requestedLifetime parameter
OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings

4 Overview

TCP/IP, TLS or HTTP . The SecureChannel layer is always present even if the SecurityMode is None . In this situation, no security is applied but the SecurityProtocol implementation shall maintain ... unique identifier. Users and administrators are expected to understand that a SecureChannel with SecurityMode set to None cannot be trusted unless the application is operating on a physically secure network
OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings

5.1.15 Messages

exactly one Message . The Padding should only be used over SecureChannels with a SecurityMode of SignAndEncrypt . The content of the Padding is ignored
OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings

6.1 Security Handshake and Security Policies

Figure 10 . SecurityProtocols shall support three SecurityModes : None , Sign and SignAndEncrypt . If the SecurityMode is None then no security is used and the security handshake shown in Figure
OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings

6.7.4 Establishing a SecureChannel

Secure Conversation OpenSecureChannel Service Name Data Type Request RequestHeader RequestHeader ClientProtocolVersion UInt32 RequestType SecurityTokenRequestType SecurityMode MessageSecurityMode ClientNonce ByteString RequestedLifetime UInt32 Response ResponseHeader ResponseHeader ServerProtocolVersion UInt32 SecurityToken ChannelSecurityToken SecureChannelId UInt32 TokenId ... millisecond timeouts are not supported. The OpenSecureChannel Messages are signed and encrypted if the SecurityMode is not None (even if the SecurityMode is Sign). The Nonces shall be cryptographic random
OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings

6.7.7 Verifying Message Security

receiver shall also verify that the Message was secured properly as required by the SecurityMode specified in the OpenSecureChannel request. After the security validation is complete the receiver shall verify
OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings

7.4.1 Overview

ActivateSession handshake. A SecurityPolicy of None indicates that the Nonces are not signed. The SecurityMode is set to Sign unless the SecurityPolicy is None ; in this case the SecurityMode shall
OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings

7.5.1 Overview

security protocol used to construct the OPC UA messages sent via the WebSocket . The SecurityMode and SecurityPolicyUri of the Endpoint control the security applied to the messages sent
OPC-10000-11 – OPC Unified Architecture - Part 11: Historical Access

5.5.2 External Historical Event Node

HasProperty Variable Server String PropertyType Optional HasProperty Variable EndpointUrl String PropertyType Optional HasProperty Variable SecurityMode MessageSecurityMode PropertyType Optional HasProperty Variable SecurityPolicyUri String PropertyType Optional HasProperty Variable IdentityTokenPolicy UserTokenPolicy PropertyType Optional ... String that provides the URL for the Endpoint used for the connection. SecurityMode is a MessageSecurityMode enumeration that describes the type of security to apply to the messages in this
OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services

7.10.24 SecuritySettingsDataType

CertificateGroup, then an EndpointDescription is generated for each Certificate. EndpointDescriptions generated with a None SecurityMode only use the SecurityPolicyUris and the CertificateGroupName to restrict the SecurityPolicies that may be used
OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub

5.4.1.2 Message sending

defined on the PubSubConnection . The structure of this message is protocol specific. If the SecurityMode (see 6.2.5.2 ) requires message security, the SecurityGroupId (see 6.2.5.3 ) is used to fetch the SecurityPolicy ... This information is used to encrypt and/or sign the NetworkMessage as required by the SecurityMode . The final step is delivery of the NetworkMessage to the Message Oriented Middleware through
OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub

6.2.5.2 SecurityMode

SecurityMode The SecurityMode indicates the level of security applied to the NetworkMessages published by a WriterGroup or received by a ReaderGroup . The MessageSecurityMode DataType is defined
OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub

6.2.5.3 SecurityGroupId

Server . It is unique within a SKS. The parameter is null if the SecurityMode is NONE . If the SecurityMode is not NONE the SecurityGroupId identifies the SecurityGroup . The SecurityGroup defines ... SecurityPolicy and the security keys used for the NetworkMessage security. The PubSubGroup defines the SecurityMode for the NetworkMessages sent by the group
OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub

6.2.5.4 SecurityKeyServices

EndpointDescription DataType is defined in OPC 10000-4 . The parameter is null if the SecurityMode is NONE . Each element in the array is an Endpoint for an SKS that ... DiscoveryEndpoints provided by the SKS. ServerCertificate ApplicationInstance Certificate Shall be null or empty. SecurityMode MessageSecurityMode The value shall be SIGNANDENCRYPT. SecurityPolicyUri String ApplicationType SERVER The URI for SecurityPolicy
OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub

6.2.9.10 SecurityGroupId

SecurityGroupId The parameter is defined in 6.2.5.3 . The parameter shall be null if the SecurityMode is INVALID
OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub

6.2.9.11 SecurityKeyServices

SecurityKeyServices The parameter is defined in 6.2.5.4 . The parameter shall be null if the SecurityMode is INVALID . The parameter is only used to overwrite the SecurityKeyServices parameter of the ReaderGroup
OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub

7.2.4.3 Error handling

exception is the security configuration. A Subscriber shall drop all messages where the configured SecurityMode has a lower number than the received SecurityMode . E.g. if the Subscriber is configured ... SecurityMode SIGN it shall drop messages with NONE . A Subscriber may process messages with a higher SecurityMode e.g. it is allowed to process messages with SecurityMode SIGN
OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub

7.2.4.4.2 NetworkMessage layout

setting of the Publisher controls the flags in the fields UADPFlags and ExtendedFlags1 . The SecurityMode setting of the Publisher controls the security enabled flag of the ExtendedFlags1 . The setting ... enabled, the NetworkMessage header includes the SecurityHeader , otherwise the SecurityHeader is omitted. If the SecurityMode in the configuration is SIGN or SIGNANDENCRYPT , this flag shall be set. Bit 5: Timestamp
OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub

9.1.3.7.2 PubSubConfigurationRefMask

WriterGroupDataType , the following structure fields are used for the match, the others are ignored. SecurityMode SecurityGroupId SecurityKeyServices MaxNetworkMessageSize PublishingInterval KeepAliveTime Priority HeaderLayoutUri TransportSettings MessageSettings For the ReaderGroupDataType , the following structure ... fields are used for the match, the others are ignored. SecurityMode SecurityGroupId SecurityKeyServices MaxNetworkMessageSize TransportSettings MessageSettings For the ConnectionProperties and GroupProperties only the entries are compared for the match that
OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub

9.1.6.2 PubSubGroupType

DataType TypeDefinition Modelling Rule Subtype of BaseObjectType defined in OPC 10000-5 . HasProperty Variable SecurityMode MessageSecurityMode PropertyType Mandatory HasProperty Variable SecurityGroupId String PropertyType Optional HasProperty Variable SecurityKeyServices EndpointDescription[] PropertyType Optional ... KeyValuePair[] PropertyType Mandatory HasComponent Object Status PubSubStatusType Mandatory Conformance Units PubSub Model Base The SecurityMode is defined in 6.2.5.2 . The SecurityGroupId is defined in 6.2.5.3 . If the SecurityMode
OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub

9.1.8.2 DataSetReaderType

HasProperty Variable KeyFrameCount UInt32 PropertyType Mandatory HasProperty Variable HeaderLayoutUri String PropertyType Mandatory HasProperty Variable SecurityMode MessageSecurityMode PropertyType Optional HasProperty Variable SecurityGroupId String PropertyType Optional HasProperty Variable SecurityKeyServices EndpointDescription[] PropertyType Optional ... KeyFrameCount is defined in 6.2.9.7 . The HeaderLayoutUri is defined in 6.2.9.8 . The SecurityMode is defined in 6.2.9.9 . If present or if the value is not INVALID , it overwrites the settings
OPC-10000-81 – OPC Unified Architecture - Part 81: UAFX Connecting Devices and Information Model

6.13.3.2 PubSubCommunicationFlowConfigurationType definition

HasComponent Variable 4:Qos 4:CommunicationFlowQosDataType 0:SelectionListType O 0:HasComponent Variable 4:SecurityMode 0:MessageSecurityMode 0:SelectionListType O 0:HasComponent Variable 4:SecurityGroupId 0:String 0:SelectionListType ... ReceiveQos may be overridden by a < SubscriberConfiguration > (see 6.13.3.3 ). SecurityMode specifies the security mode to be used for the information flow. For the definition of SecurityMode
OPC-10000-81 – OPC Unified Architecture - Part 81: UAFX Connecting Devices and Information Model

9.2.2 ServerAddressType definition

HasComponent Variable 4:Address 0:UriString 0:SelectionListType M 0:HasComponent Variable 4:SecurityMode 0:MessageSecurityMode 0:SelectionListType M 0:HasComponent Variable 4:SecurityPolicyUri 0:String 0:SelectionListType ... will be reflected in the ServerAddressDataType structure, which will be used for Connection establishment. SecurityMode is the MessageSecurityMode to be used for establishing a secure communication to the Address
OPC-10000-81 – OPC Unified Architecture - Part 81: UAFX Connecting Devices and Information Model

9.3.2 SecurityKeyServerAddressType definition

reflected in the SecurityKeyServerAddressDataType structure, which will be used in Connection establishment. NOTE SecurityMode is not needed since communication with the SKS shall always be SIGNANDENCRYPT . ServerUri is a string
OPC-10000-81 – OPC Unified Architecture - Part 81: UAFX Connecting Devices and Information Model

10.46 ServerAddressDataType

form "scheme://hostname[:port][/path]" as defined in OPC 10000-12 . SecurityMode 0:MessageSecurityMode SecurityMode is the MessageSecurityMode to be used for establishing a secure communication
OPC-10000-81 – OPC Unified Architecture - Part 81: UAFX Connecting Devices and Information Model

13.2.1 Locating Server

FindServers , GetEndpoints , OpenSecureChannel , CreateSession and ActivateSession on the Server Address with the specified SecurityMode (see 9.2.2 for the description of the provided Server information). Figure 65 - Client connection process ... highest SecurityLevel of the ones supported by the Client and matching the requested SecurityMode (see 9.2.2 ) shall be chosen. Otherwise, the EndpointDescription matching the requested SecurityMode and SecurityPolicyUri
OPC-10000-81 – OPC Unified Architecture - Part 81: UAFX Connecting Devices and Information Model

E.4.1 Overview

have an influence on the communication model, including Address , PublishingInterval , QoS , MessageReceiveTimeout, ReceiveQos and SecurityMode (see 6.13.3 for additional details). Some of these settings can be complex to apply, such
OPC-10000-81 – OPC Unified Architecture - Part 81: UAFX Connecting Devices and Information Model

F.1.7 PubSubCommunicationFlowConfigurationConfDataType

True QosModify 0:Boolean Flag indicating if the Qos options can be modified. True SecurityMode 0:MessageSecurityMode The optional SecurityMode specifies the security mode to be used for the information ... flow. True SecurityModeSelection 0:MessageSecurityMode[] Selection list options for SecurityMode. True SecurityModeModify 0:Boolean Flag indicating if the SecurityMode options can be modified. True SecurityGroupId 0:String The optional SecurityGroupId
OPC-10000-81 – OPC Unified Architecture - Part 81: UAFX Connecting Devices and Information Model

F.1.11 ServerAddressConfDataType

True AddressModify 0:Boolean Flag indicating if the Address options can be modified. True SecurityMode 0:MessageSecurityMode SecurityMode is the MessageSecurityMode to be used for establishing a secure communication ... Address . False SecurityModeSelection 0:MessageSecurityMode[] Selection list options for SecurityMode . True SecurityModeModify 0:Boolean Flag indicating if the SecurityMode options can be modified. True SecurityPolicyUri 0:String SecurityPolicyUri