Search

Scope: Core (OPC-10000-*) All specs

33 result(s) for SecurityPolicyUri

OPC-10000-4 – OPC Unified Architecture - Part 4: Services

5.5.1 Overview

different order. For the content, the fields ApplicationUri , EndpointUrl , SecurityMode , SecurityPolicyUri , UserIdentityTokens , TransportProfileUri and SecurityLevel shall be compared for exact match. All other fields are ignored for the comparison
OPC-10000-4 – OPC Unified Architecture - Part 4: Services

5.5.4.1 Description

shall be passed to the Server in the ActivateSession request (see 5.7.3 ). If the securityPolicyUri is None and none of the UserTokenPolicies requires encryption, the Client shall ignore the ApplicationInstanceCertificate ... securityPolicyUri is not None or one of the UserTokenPolicies requires encryption, the Server shall include the ApplicationInstanceCertificate in the EndpointDescription . Each EndpointDescription also specifies a URI for the Transport Profile
OPC-10000-4 – OPC Unified Architecture - Part 4: Services

5.6.2.1 Description

with the receiver's public key. These requirements for OpenSecureChannel only apply if the securityPolicyUri is not None. If the protocol defined in OPC 10000-6 requires that ApplicationInstanceCertificates ... ActivateSession Services . Certificates are not provided and shall not be verified if the securityPolicyUri is None. If the securityPolicyUri is not None, a Client shall verify the HostName specified
OPC-10000-4 – OPC Unified Architecture - Part 4: Services

5.6.2.2 Parameters

private key for this Certificate . The ApplicationInstanceCertificate type is defined in 7.3 . If the securityPolicyUri is None, the Server shall ignore the ApplicationInstanceCertificate . requestType Enum SecurityToken RequestType The type ... behaviour depends on the mapping used and is described in the OPC 10000-6 . securityPolicyUri String The URI for SecurityPolicy to use when securing messages sent over the SecureChannel
OPC-10000-4 – OPC Unified Architecture - Part 4: Services

5.7.2.2 Parameters

ApplicationInstanceCertificate issued to the Client . The ApplicationInstanceCertificate type is defined in 7.3 . If the securityPolicyUri is None, the Server shall ignore the ApplicationInstanceCertificate . If the SecurityMode is not None ... used to create the SecureChannel . The ApplicationInstanceCertificate type is defined in 7.3 . If the securityPolicyUri is None and none of the UserTokenPolicies requires encryption, the Client shall ignore the ApplicationInstanceCertificate
OPC-10000-4 – OPC Unified Architecture - Part 4: Services

7.15 EphemeralKeyType

size of the Public Key is specified by the current SecurityPolicyUri . signature ByteString The Signature calculated using the ApplicationInstanceCertificate used with the current SecureChannel .. The value of the Public ... field is the data used to calculate the Signature . The SecurityPolicyUri used to generate the EphemeralKey is the SecurityPolicyUri used to calculate the signature
OPC-10000-4 – OPC Unified Architecture - Part 4: Services

7.40.2.3 EncryptedSecret Format

encrypted with the public key associated with the EncryptingCertificate before it is serialized. The SecurityPolicyUri is used to determine what algorithms were used to encrypt and sign the data. Valid ... payload is always encrypted using the symmetric encryption algorithm specified by the SecurityPolicyUri . The KeyData provides the keys needed for symmetric encryption. The structure of the KeyData depends
OPC-10000-4 – OPC Unified Architecture - Part 4: Services

7.41 UserTokenPolicy

JWTs this is a JSON object with fields defined in OPC 10000-6 . securityPolicyUri String The security policy to use when encrypting or signing the UserIdentityToken when it is passed ... than one ISSUEDTOKEN UserTokenPolicy for each unique issuerEndpointUrl . If the tokenType is CERTIFICATE, the securityPolicyUri may be any valid SecurityPolicy. The choice of SecurityPolicy is system specific and depends
OPC-10000-5 – OPC Unified Architecture - Part 5: Information Model

6.4.6 AuditOpenSecureChannelEventType

HasProperty Variable ClientCertificateThumbprint String PropertyType Mandatory HasProperty Variable RequestType SecurityTokenRequestType PropertyType Mandatory HasProperty Variable SecurityPolicyUri String PropertyType Mandatory HasProperty Variable SecurityMode MessageSecurityMode PropertyType Mandatory HasProperty Variable RequestedLifetime Duration PropertyType Mandatory ... details on thumbprints. RequestType is the requestType parameter of the OpenSecureChannel Service call. SecurityPolicyUri is the securityPolicyUri parameter of the OpenSecureChannel Service call. SecurityMode is the securityMode parameter
OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings

6.7.2.3 Security Header

Asymmetric algorithm Security header Name Data Type Description SecurityPolicyUriLength Int32 The length of the SecurityPolicyUri in bytes. This value shall not exceed 255 bytes. If a URI is not specified ... this value may be 0 or -1. Other negative values are invalid. SecurityPolicyUri Byte [] The URI of the Security Policy used to secure the Message . This field is encoded
OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings

6.7.6 Deriving keys

hash function such as SHA256. The hash function to use depends on the SecurityPolicyUri
OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings

6.8.2 UserIdentityToken Encryption

Handshake The UserTokenPolicies are returned in the GetEndpoints response. A UserTokenPolicy may specify a SecurityPolicyUri that is different than the SecureChannel (see OPC 10000-4 ). For example, an EndpointDescription providing ... SecurityPolicyUri does not specify RSA SecurityPolicyUris in the UserTokenPolicies . When a Client calls CreateSession via a SecureChannel based on an ECC or RSA_DH SecurityPolicy the Client specifies the ECDHPolicyUri
OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings

6.8.3 ECC and RSA-DH Encrypted Secret

specified by the SecurityPolicy . The encryption uses the symmetric encryption algorithm specified by the SecurityPolicyUri . The encrypting key and initialization vector are generated by using the EphemeralKey s to create
OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings

7.5.1 Overview

used to construct the OPC UA messages sent via the WebSocket . The SecurityMode and SecurityPolicyUri of the Endpoint control the security applied to the messages sent via the WebSocket. This
OPC-10000-11 – OPC Unified Architecture - Part 11: Historical Access

5.5.2 External Historical Event Node

HasProperty Variable EndpointUrl String PropertyType Optional HasProperty Variable SecurityMode MessageSecurityMode PropertyType Optional HasProperty Variable SecurityPolicyUri String PropertyType Optional HasProperty Variable IdentityTokenPolicy UserTokenPolicy PropertyType Optional HasProperty Variable TransportProfileUri String PropertyType Optional ... that describes the type of security to apply to the messages in this connection. SecurityPolicyUri a string that describes the URI for SecurityPolicy used when securing messages for this connection
OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services

7.10.23 ServerEndpointDataType

GetEndpoints is called. The basic algorithm generates an EndpointDescription for each valid combination of SecurityPolicyUri, SecurityMode and Certificate (specified in the SecuritySettings ). The EndpointDescription returned to Clients includes ... process for all enabled Endpoints. The UserTokenSettings array may specify a UserTokenPolicy with a SecurityPolicyUri . Any UserTokenSetting that is not valid for ServerCertificate associated with a generated EndpointDescription is rejected
OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services

7.10.24 SecuritySettingsDataType

valid for one of the Certificates associated with the CertificateGroup are ignored. If a SecurityPolicyUri is valid for more than one Certificate in the CertificateGroup, then an EndpointDescription is generated
OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services

8.5.5 StartRequest

encrypted with the public key of the Certificate supplied in the request. The SecurityPolicyUri specifies the security profile used for the encryption. This Method shall be called from an encrypted ... ApplicationSelfAdmin Privilege (see 8.2 ) . Signature StartRequest ( [in] String ApplicationUri [in] ByteString PublicKey [in] String SecurityPolicyUri [in] NodeId[] RequestedRoles [out] NodeId RequestId ); Argument Description ApplicationUri The ApplicationUri of the application receiving
OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services

8.5.6 FinishRequest

then the KeyCredential secret is encrypted using an asymmetric encryption algorithm specified by the SecurityPolicyUri provided in the request. The CredentialId is the identifier, such as a user name, which ... form of one of the EncryptedSecret DataTypes defined in OPC 10000-4 . If the SecurityPolicyUri requires an RSA Certificate then the RsaEncryptedSecret DataType is used. If the SecurityPolicyUri requires
OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services

8.6.6 GetEncryptingKey

PublicKey The Public Key used to encrypt the secret. The format depends on the SecurityPolicyUri . RevisedSecurityPolicyUri The SecurityPolicy used to encrypt the secret. It also specifies the contents
OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services

8.6.7 UpdateCredential

Server . The KeyCredential secret may be encrypted using the key returned by GetEncryptingKey . The SecurityPolicyUri species the algorithm used for encryption. The format of the encrypted data is described ... Signature UpdateCredential( [in] String CredentialId [in] ByteString CredentialSecret [in] String CertificateThumbprint [in] String SecurityPolicyUri ); Argument Description CredentialId The CredentialId is the identifier, such as a user name, which often needs
OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services

9.6.5 RequestAccessToken (Deprecated)

Session -less Method Call ) to determine privileges. If the associated UserTokenPolicy provides a SecurityPolicyUri , then the IdentityToken is encrypted and digitally signed using the format defined for UserIdentityToken secrets
OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub

6.2.12.2 SecurityGroupDataType

SecurityGroup in a PubSub configuration of an OPC UA Application . If the SecurityPolicyUri or the KeyLifetime of an existing SecurityGroup are modified, all existing keys of the SecurityGroup are invalidated ... than two times the KeyLifetime it shall stop processing messages with the expired key. SecurityPolicyUri String The SecurityPolicy used for the SecurityGroup . MaxFutureKeyCount UInt32 The maximum number of future keys
OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub

7.2.4.4.3.1 General

Method returns a sequence of key data with a length that depends on the SecurityPolicyUri , which is also returned by the Method . The layout of the key data is defined
OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub

7.2.4.4.3.2 AES-CTR

entire NetworkMessage including any encrypted data. The signature algorithm is specified by the SecurityPolicyUri in OPC 10000-7 . When a Subscriber or a Publisher receives a NetworkMessage , it shall verify
OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub

8.3.2 GetSecurityKeys Method

StartingTokenIds. Signature GetSecurityKeys ( [in] String SecurityGroupId, [in] IntegerId StartingTokenId, [in] UInt32 RequestedKeyCount, [out] String SecurityPolicyUri, [out] IntegerId FirstTokenId, [out] ByteString[] Keys, [out] Duration TimeToNextKey, [out] Duration KeyLifetime ); Argument Description SecurityGroupId ... Security Key Service permits, then the SKS shall return the maximum it allows. SecurityPolicyUri The URI for the set of algorithms and key lengths used to secure the messages
OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub

8.5.1 SecurityGroupFolderType definition

Property shall be provided at the root SecurityGroupFolder . The default SecurityPolicyUri is the first array element
OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub

8.5.2 AddSecurityGroup Method

Method on the Server . Signature AddSecurityGroup ( [in] String SecurityGroupName, [in] Duration KeyLifetime, [in] String SecurityPolicyUri, [in] UInt32 MaxFutureKeyCount, [in] UInt32 MaxPastKeyCount, [out] String SecurityGroupId, [out] NodeId SecurityGroupNodeId ); Argument Description SecurityGroupName ... caller should get the revised value by reading the KeyLifetime of the created SecurityGroup . SecurityPolicyUri The SecurityPolicy used for the SecurityGroup . If a null or empty String is passed
OPC-10000-81 – OPC Unified Architecture - Part 81: UAFX Connecting Devices and Information Model

9.2.2 ServerAddressType definition

HasComponent Variable 4:SecurityMode 0:MessageSecurityMode 0:SelectionListType M 0:HasComponent Variable 4:SecurityPolicyUri 0:String 0:SelectionListType M 0:HasComponent Variable 4:ServerUri 0:UriString 0:SelectionListType M ConformanceUnits ... will be reflected in the ServerAddressDataType structure, which will be used for Connection establishment. SecurityPolicyUri is a string that contains the security policy to use when establishing secure communication
OPC-10000-81 – OPC Unified Architecture - Part 81: UAFX Connecting Devices and Information Model

9.3.2 SecurityKeyServerAddressType definition

HasComponent Variable 4:Address 0:UriString 0:SelectionListType M 0:HasComponent Variable 4:SecurityPolicyUri 0:String 0:SelectionListType M 0:HasComponent Variable 4:ServerUri 0:UriString 0:SelectionListType ... will be reflected in the SecurityKeyServerAddressDataType structure, which will be used in Connection establishment. SecurityPolicyUri is a string that contains the security policy to use when establishing secure communication
OPC-10000-81 – OPC Unified Architecture - Part 81: UAFX Connecting Devices and Information Model

10.46 ServerAddressDataType

MessageSecurityMode to be used for establishing a secure communication to the Address . SecurityPolicyUri 0:String SecurityPolicyUri is a string that contains the security policy to use when establishing the secure
OPC-10000-81 – OPC Unified Architecture - Part 81: UAFX Connecting Devices and Information Model

13.2.1 Locating Server

Roles (this may require user authentication or specific application certificates) If SecurityPolicyUri contains "BestAvailable", the EndpointDescription with the highest SecurityLevel of the ones supported by the Client ... SecurityMode (see 9.2.2 ) shall be chosen. Otherwise, the EndpointDescription matching the requested SecurityMode and SecurityPolicyUri (see 9.2.2 ) shall be chosen. The complete process, including NodeId resolution, is illustrated in Figure
OPC-10000-81 – OPC Unified Architecture - Part 81: UAFX Connecting Devices and Information Model

F.1.11 ServerAddressConfDataType

True SecurityModeModify 0:Boolean Flag indicating if the SecurityMode options can be modified. True SecurityPolicyUri 0:String SecurityPolicyUri is a string that contains the security policy to use when establishing ... secure communication. False SecurityPolicyUriSelection 0:String[] Selection list options for SecurityPolicyUri . True SecurityPolicyUriModify 0:Boolean Flag indicating if the SecurityPolicyUri options can be modified. True ServerUri 0:UriString ServerUri