StartRequest is used to request a new KeyCredential.
The KeyCredential secret may be encrypted with the public key of the Certificate supplied in the request. The SecurityPolicyUri specifies the security profile used for the encryption.
This Method requires an encrypted channel and that the Client provides credentials with administrative rights for the application requesting the credentials.
StartRequest ( [in] String applicationUri, [in] ByteString certificate, [in] String securityPolicyUri, [in] NodeId requestedRoles, [out] NodeId requestId );
|applicationUri||The applicationUri of the application receiving the KeyCredentials.
The request is rejected applicationUri does not uniquely identify an application known to the GDS (see 6.3.6).
If the requestor is not the same as the application used to create the Secure Channel then a Certificate should be provided.
|certificate||The Certificate containing the key used to encrypt the returned KeyCredential secret. This is the DER encoded form of an X.509 v3 Certificate as described in OPC 10000-6. Not specified if no encryption is required.
If the securityPolicyUri is provided this field shall be provided.
|securityPolicyUri||The SecurityPolicy used to encrypt the secret.
If the certificate is provided this field shall be provided.
|requestedRoles||A list of Roles which should be assigned to the KeyCredential.
If not provided the Server chooses suitable defaults.
The Server ignores Roles which it does not recognize or if the caller is not authorized to request access to the Role.
|requestId||A unique identifier for the request.
This identifier shall be passed to the FinishRequest (see 8.4.5).
Method Result Codes (defined in Call Service)
|Bad_NotFound||The applicationUri is not known to the GDS.|
|Bad_ConfigurationError||The applicationUri is used by multiple records in the GDS.|
|Bad_CertificateInvalid||The Certificate is invalid.|
|Bad_SecurityPolicyRejected||The SecurityPolicy is unrecognized or not allowed or does not match the Certificate.|
|Bad_UserAccessDenied||The current user does not have the rights required.|
Table 48 specifies the AddressSpace representation for the StartRequest Method.
Table 48 – StartRequest Method AddressSpace Definition