8 KeyCredential Management ToC Previous Next

8.4 Information Model for Pull Management ToC Previous Next

8.4.4 StartRequest ToC Previous Next

StartRequest is used to request a new KeyCredential.

The KeyCredential secret may be encrypted with the public key of the Certificate supplied in the request. The SecurityPolicyUri specifies the security profile used for the encryption.

This Method requires an encrypted channel and that the Client provides credentials with administrative rights for the application requesting the credentials.


StartRequest (
[in]  String 	    applicationUri,
[in]  ByteString certificate,
[in]  String 	    securityPolicyUri,
[in]  NodeId[]   requestedRoles,
[out] NodeId 	    requestId

Argument Description
applicationUri The applicationUri of the application receiving the KeyCredentials.
The request is rejected applicationUri does not uniquely identify an application known to the GDS (see 6.3.6).
If the requestor is not the same as the application used to create the Secure Channel then a Certificate should be provided.
certificate The Certificate containing the key used to encrypt the returned KeyCredential secret. This is the DER encoded form of an X.509 v3 Certificate as described in OPC 10000-6. Not specified if no encryption is required.
If the securityPolicyUri is provided this field shall be provided.
securityPolicyUri The SecurityPolicy used to encrypt the secret.
If the certificate is provided this field shall be provided.
requestedRoles A list of Roles which should be assigned to the KeyCredential.
If not provided the Server chooses suitable defaults.
The Server ignores Roles which it does not recognize or if the caller is not authorized to request access to the Role.
requestId A unique identifier for the request.
This identifier shall be passed to the FinishRequest (see 8.4.5).

Method Result Codes (defined in Call Service)

Result Code Description
Bad_NotFound The applicationUri is not known to the GDS.
Bad_ConfigurationError The applicationUri is used by multiple records in the GDS.
Bad_CertificateInvalid The Certificate is invalid.
Bad_SecurityPolicyRejected The SecurityPolicy is unrecognized or not allowed or does not match the Certificate.
Bad_UserAccessDenied The current user does not have the rights required.

Table 48 specifies the AddressSpace representation for the StartRequest Method.

Table 48 – StartRequest Method AddressSpace Definition

Attribute Value
BrowseName StartRequest
References NodeClass BrowseName DataType TypeDefinition ModellingRule
HasProperty Variable InputArguments Argument[] PropertyType Mandatory
HasProperty Variable OutputArguments Argument[] PropertyType Mandatory

Previous Next