Search

15 result(s) for UserIdentityTokens

• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  5.5.1 Overview
  different order. For the content, the fields ApplicationUri , EndpointUrl , SecurityMode , SecurityPolicyUri , UserIdentityTokens , TransportProfileUri and SecurityLevel shall be compared for exact match. All other fields are ignored for the comparison
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  5.5.4.1 Description
  SecurityPolicy tell the Client how to secure messages sent via the SecureChannel . The UserIdentityTokens tell the Client which type of user credentials shall be passed to the Server
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  5.7.2.2 Parameters
  SecureChannel . It is recommended that Servers only include the server . applicationUri , endpointUrl , securityMode, securityPolicyUri , userIdentityTokens , transportProfileUri and securityLevel with all other parameters set to null or empty. Only the recommended
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  5.7.3.2 Parameters
  UserIdentityToken is an extensible parameter type defined in 7.40 . The EndpointDescription specifies what UserIdentityTokens the Server shall accept. Null or empty user token shall always be interpreted as anonymous. userTokenSignature
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  6.1.7 Continuous security checks
  Continuous security checks ApplicationInstanceCertificates or UserIdentityTokens may expire, get invalid or may be rejected on Client or Server side. ApplicationInstanceCertificates verification shall be executed every time the SecurityToken is renewed ... informed about removal of user identities or should frequently check if the UserIdentityTokens is still valid or if the authorization for a UserIdentityTokens was changed
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  7.14 EndpointDescription
  URIs and the S ecurityPolicies associated with them are defined in OPC 10000-7 . userIdentityTokens [] UserTokenPolicy The user identity tokens that the Server will accept. The Client shall pass ... UserIdentityTokens in the ActivateSession request. The UserTokenPolicy type is described in 7.41 . transportProfileUri String The URI of the Transport Profile supported by the Endpoint . OPC 10000-7 defines URIs
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  7.40.2.1 Overview
  recommended that applications never set the SecurityPolicy to None for UserIdentityTokens that include a secret because these secrets could be used by an attacker to gain access to the system ... leakage of information useful to attackers, Servers shall ensure that the process of validating UserIdentityTokens completes in a fixed interval independent of whether an error occurs or not. The process
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  7.40.2.2 Legacy Encrypted Token Secret Format
  added by Clients and ensure that all padding bytes are zeros. Servers shall reject UserIdentityTokens with invalid padding. Administrators shall be able to configure Servers to accept UserIdentityTokens with invalid ... without any Nonce is passed to the Server . Table 182 describes how to serialize UserIdentityTokens before applying encryption. Table 182 - Legacy UserIdentityToken Encrypted Token Secret Format Name Type Description Length
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  7.41 UserTokenPolicy
  allowed, however, the Client shall only use a ServerCertificate which it trusts to encrypt UserIdentityTokens with tokenType USERNAME or ISSUEDTOKEN. If the SecurityMode is not None , USERNAME and ISSUEDTOKEN UserTokenPolicies
• OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings
  6.2.1 General
  which identifies a user associated with a Session . Clause 6.2.3 describes Certificates used as UserIdentityTokens
• OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings
  6.5.2.1 General
  General JSON Web Token (JWT) UserIdentityTokens can be passed to the Server using the IssuedIdentityToken . The body of the token is a string that contains the JWT as defined
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  7.10.25 UserTokenSettingsDataType
  Table 116 . The UserTokenSettingsDataType in the is used to configure how to validate UserIdentityTokens . If a CertificateGroup is specified it refers to the TrustList used to verify credentials by either ... UserIdentityToken when it is passed to the Server in the ActivateSession request. For X509 UserIdentityTokens this value shall specify the SecurityPolicy that matches the Certificates that the Server will accept
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  9.6.4 AuthorizationServiceType
  updating the target Server if the ServiceCertificate is revoked. The UserTokenPolicies Property specifies the UserIdentityTokens which are accepted by the RequestAccessToken or FinishRequestToken Methods. The SupportedRoles Property specifies the system
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  9.6.9 GetServiceDescription
  Certificates used to to validate the AccessTokens provided by the AuthorizationService. UserTokenPolicies The UserIdentityTokens accepted by the AuthorizationService. Method Result Codes (defined in Call Service) Result Code Description Bad_UserAccessDenied
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  G.1 Application Setup with PullManagement
  shall not provide any secrets, such as passwords, to the CertificateManager . It may use UserIdentityTokens , such as X509IdentityTokens , that do not require a secret to be sent to a potentially