Search

20 result(s) for UserTokenPolicy

• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  7.41 UserTokenPolicy
  UserTokenPolicy The components of this parameter are defined in Table 192 . Table 192 - UserTokenPolicy Name Type Description UserTokenPolicy structure Specifies a UserIdentityToken that a Server will accept . policyId String ... identifier for the UserTokenPolicy assigned by the Server . The identifier may be null or empty. Null or empty are equal. The identifier shall be unique across the UserTokenPolicies assigned
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  6.1.8 Calculating Signatures used in CreateSession and ActivateSession
  validated. For UserTokenSignatures the rules above apply except the SecurityPolicy for the selected UserTokenPolicy specifies the signing algorithm. For SecurityPolicies with SecureChannelEnhancements =FALSE, the legacy Signature calculation method is used
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  6.2.3 Direct handshake with an Identity Provider
  shown in Figure 25 . Figure 25 - Direct handshake with an Identity Provider The UserTokenPolicy returned from the Server provides the URL of the Authorization Service and the identity provider
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  7.14 EndpointDescription
  ecurityPolicies associated with them are defined in OPC 10000-7 . userIdentityTokens [] UserTokenPolicy The user identity tokens that the Server will accept. The Client shall pass one of the UserIdentityTokens ... ActivateSession request. The UserTokenPolicy type is described in 7.41 . transportProfileUri String The URI of the Transport Profile supported by the Endpoint . OPC 10000-7 defines URIs for the Transport Profiles
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  7.40.2.1 Overview
  passing it to the Server . Each UserIdentityToken allowed by an Endpoint shall have a UserTokenPolicy specified in the EndpointDescription . The UserTokenPolicy specifies what SecurityPolicy to use when encrypting or signing ... UserIdentityToken types and the token formats supported by the Endpoint are identified by the UserTokenPolicy defined in 7.41 . To prevent the leakage of information useful to attackers, Servers shall ensure
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  7.40.3 AnonymousIdentityToken
  Type Description AnonymousIdentityToken Structure An anonymous user identity. policyId String An identifier for the UserTokenPolicy that the token conforms to. The UserTokenPolicy structure is defined in 7.41 . Servers that provide
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  7.40.4 UserNameIdentityToken
  token shall be encrypted by the Client if required by the SecurityPolicy of the UserTokenPolicy . The Server should specify a SecurityPolicy for the UserTokenPolicy if the SecureChannel has a SecurityPolicy ... None and no transport layer encryption is available. If None is specified for the UserTokenPolicy and SecurityPolicy is None then the password only contains the UTF-8 encoded password
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  7.40.5 X509IdentityTokens
  ActivateSession if required by the SecurityPolicy . The Server should specify a SecurityPolicy for the UserTokenPolicy if the SecureChannel has a SecurityPolicy of None. The Server shall specify a SecurityPolicy ... UserTokenPolicy if the Server supports multiple CertificateKeyAlgorithms for SecureChannels and/or UserTokenPolicies . In addition, the Server shall provide a distinct UserTokenPolicy for each CertificateKeyAlgorithm supported. X509IdentityTokens have an validity period
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  7.40.6 IssuedIdentityToken
  token shall be encrypted by the Client if required by the SecurityPolicy of the UserTokenPolicy . The Server should specify a SecurityPolicy for the UserTokenPolicy if the SecureChannel has a SecurityPolicy ... binary), signed and encrypted according the rules specified for the tokenType of the associated UserTokenPolicy (see 7.41 ). If the SecurityPolicy is None then the tokenData only contains
• OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings
  6.5.2.2 User Token Policy
  User Token Policy Servers that support JWT authentication shall provide a UserTokenPolicy which specifies the Authorization Service which provides the token and the parameters used to access that service ... issuerEndpointUrl . The contents of this JSON object are described in Table 55 . The general UserTokenPolicy settings for JWT are defined in Table 54 . Table 54 - JWT UserTokenPolicy Name Description tokenType
• OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings
  6.5.2.3 Access Tokens
  string Yes Shall be the resourceId specified in the UserTokenPolicy (see 6.5.2.2 ). This is usually the Server ApplicationUri . exp number Yes The expiration time of the token. It shall
• OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings
  6.5.3.2 Authorization Code
  IETF RFC 6749 , 4.1. A requestType of "authorization_code" in the UserTokenPolicy (see 6.5.2 ) means the Authorization Service supports the authorization code flow
• OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings
  6.5.3.4 Client Credentials
  IETF RFC 6749 , Clause 4.4. A requestType of "client_credentials" in the UserTokenPolicy (see 6.5.2 ) means the Authorization Service supports the client credentials flow
• OPC-10000-6 – OPC Unified Architecture - Part 6: Mappings
  6.8.2 UserIdentityToken Encryption
  allows a Client to provide an encrypted UserIdentityToken using a SecurityPolicy specified by a UserTokenPolicy supported by the current Endpoint . With ECC, encryption requires that the Client and Server exchange ... Figure 16 - ECC CreateSession/ActivateSession Handshake The UserTokenPolicies are returned in the GetEndpoints response. A UserTokenPolicy may specify a SecurityPolicyUri that is different than the SecureChannel
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  7.10.23 ServerEndpointDataType
  repeating the process for all enabled Endpoints. The UserTokenSettings array may specify a UserTokenPolicy with a SecurityPolicyUri . Any UserTokenSetting that is not valid for ServerCertificate associated with a generated EndpointDescription
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  7.10.25 UserTokenSettingsDataType
  UserTokenSettingsDataType This type is used to serialize the configuration for a UserTokenPolicy . It is defined in Table 116 . The UserTokenSettingsDataType in the is used to configure how to validate UserIdentityTokens
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  9.3 Implicit
  Server" is the Server that the Client wishes to access. It publishes a UserTokenPolicy that indicates that it accepts AccessTokens from an "Authorization Server". The parameters needed ... Authorization Server" are stored in the IssuerEndpointUrl field of the UserTokenPolicy and are defined in OPC 10000-6 . These parameters are specified as a JSON object rather than
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  9.4 Explicit
  Server" is the Server that the Client wishes to access. It publishes a UserTokenPolicy that indicates that it accepts AccessTokens from an "Authorization Server". The parameters needed ... connect to the "Authorization Server" are stored in the UserTokenPolicy (see Table 144 ). With this use case, the Client reads the UserTokenPolicies Property of the AuthorizationService by reading
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  9.6.5 RequestAccessToken (Deprecated)
  request if using a Session -less Method Call ) to determine privileges. If the associated UserTokenPolicy provides a SecurityPolicyUri , then the IdentityToken is encrypted and digitally signed using the format defined ... Server . The recommended source of this value is the ResourceId in the UserTokenPolicy provided by the Server that the caller wants to connect to (see OPC 10000-6 ). AccessToken
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  9.6.6 StartRequestToken
  usually the ApplicationUri for a Server . Shall be the ResourceId specified in the UserTokenPolicy . This is usually the Server ApplicationUri. PolicyId The PolicyId from an element in the UserTokenPolicies array ... allowed UserTokenPolicies . Bad_NonceInvalid The RequestorData is not valid for the specified UserTokenPolicy . Bad_UserAccessDenied The current user does not have the rights required. Bad_SecurityModeInsufficient The SecureChannel