This ObjectType is the TypeDefinition for an Object that allows the management of KeyCredentials. It is defined in Table 82.

Table 82 – KeyCredentialServiceType Definition

Attribute

Value

BrowseName

2:KeyCredentialServiceType

IsAbstract

False

References

NodeClass

BrowseName

DataType

TypeDefinition

Modelling Rule

Subtype of the BaseObjectType defined in OPC 10000-5.

0:HasProperty

Variable

2:ResourceUri

0:String

0:PropertyType

Mandatory

0:HasProperty

Variable

2:ProfileUris

0:String[]

0:PropertyType

Mandatory

0:HasProperty

Variable

2:SecurityPolicyUris

0:String[]

0:PropertyType

Optional

0:HasComponent

Method

2:StartRequest

Defined in 8.5.5.

Mandatory

0:HasComponent

Method

2:FinishRequest

Defined in 8.5.6.

Mandatory

0:HasComponent

Method

2:Revoke

Defined in 8.5.7.

Optional

Conformance Units

GDS Key Credential Service Pull Model

The ResourceUri Property uniquely identifies the resource that accepts the KeyCredentials provided by the KeyCredentialService Object.

The ProfileUris Property specifies URIs assigned in OPC 10000-7 to the authentication mechanism used to communicate with the resource that accepts KeyCredentials provided by the Object. For example, it could specify that the resource returns JWTs using OAuth2 HTTP based APIs. As another example, it could specify an MQTT broker that expects a username/password.

The SecurityPolicyUris Property is the list of SecurityPolicies that may be used when encrypting the KeyCredentials. One of these URIs is passed in the StartRequest Method. If not present, The Server shall support all of the SecurityPoliciesUris returned by GetEndpoints,

The StartRequest Method is used to initiate a request for new KeyCredentials for an application. This request may complete immediately or it can require offline approval by an administrator.

The FinishRequest Method is used to complete a request created by calling StartRequest . If the KeyCredential is available it is returned. If request is not yet completed it returns Bad_NothingToDo.

The Revoke Method is used to revoke a previously issued KeyCredential.