The UserNameIdentityToken is used to pass simple username/password credentials to the Server.
This token shall be encrypted by the Client if required by the SecurityPolicy of the UserTokenPolicy. The Server should specify a SecurityPolicy for the UserTokenPolicy if the SecureChannel has a SecurityPolicy of None and no transport layer encryption is available. If None is specified for the UserTokenPolicy and SecurityPolicy is None then the password only contains the UTF-8 encoded password. The SecurityPolicy of the SecureChannel is used if no SecurityPolicy is specified in the UserTokenPolic y. The Server shall specify a SecurityPolicy for the UserTokenPolicy if the SecureChannel has a SecurityPolicy other than None and the MessageSecurityMode is not SIGNANDENCRYPT. See Table 189 for possible combinations.
If the token is to be encrypted the password shall be converted to a UTF-8 ByteString, encrypted and then serialized according to the following rules. When using an RSA based SecurityPolicy and the password exceeds 64 bytes, it is encrypted and serialized as described in 7.40.2.4. For passwords that do not exceed 64 bytes, it is encrypted and serialized as described in 7.40.2.2. When using the ECC based SecurityPolicies the password is encrypted and serialized as described in 7.40.2.5.
The Server shall decrypt the password and verify the ServerNonce.
If the SecurityPolicy is None then the password only contains the UTF-8 encoded password. This configuration should not be used unless the network traffic is encrypted in some other manner such as a VPN. The use of this configuration without network encryption would result in a serious security fault, in that it would cause the appearance of a secure user access, but it would make the password visible in clear text.
Table 188 defines the UserNameIdentityToken parameter.
Table 188 – UserNameIdentityToken
|
Name |
Type |
Description |
|
UserNameIdentityToken |
Structure |
UserName value. |
|
policyId |
String |
An identifier for the UserTokenPolicy that the token conforms to. The UserTokenPolicy structure is defined in 7.41. Servers that provide a null or empty PolicyId shall accept null or empty and treat them as equal. |
|
userName |
String |
A string that identifies the user. |
|
password |
ByteString |
A representation of the password which may be encrypted. See Table 189 for details on determining when encryption is required and what algorithms to use. If no encryption is used, it is the password as UTF-8 encoded text. The format used for the encrypted data is described in 7.40.2.2. |
|
encryptionAlgorithm |
String |
A string containing the URI of the AsymmetricEncryptionAlgorithm. The URI string values are defined names that may be used as part of the security profiles specified in OPC 10000-7. This parameter is null or empty if the password is not encrypted. For SecurityPolicies with SecureChannelEnhancement =TRUE, the Client shall set this field to null or empty and Servers shall ignore any value specified. |
Table 189 describes the dependencies for selecting the AsymmetricEncryptionAlgorithm for the UserNameIdentityToken and IssuedIdentityToken. The SecureChannel SecurityPolicy URI is specified in the EndpointDescription and used in subsequent OpenSecureChannel requests. The UserTokenPolicy SecurityPolicy URI is specified in the EndpointDescription. The encryptionAlgorithm is specified in the UserNameIdentityToken or IssuedIdentityToken provided by the Client in the ActivateSession call. The SecurityPolicy Other in the table refers to any SecurityPolicy other than None. The selection of the EncryptionAlgorithm is based on the UserTokenPolicy. The SecureChannel SecurityPolicy is used if the UserTokenPolicy is null or empty. If the SecurityMode is not NONE, it is recommended to use the same SecurityPolicy for the SecureChannel and the user token.
Table 189 – EncryptionAlgorithm selection
|
SecureChannel SecurityPolicy |
SecureChannel SecurityMode |
UserTokenPolicy SecurityPolicy |
EncryptionAlgorithm Used |
|
Security Policy - None |
NONE |
Null or empty |
No encryption (a) |
|
Security Policy - None |
NONE |
Security Policy - None |
No encryption (a) |
|
Security Policy - None |
NONE |
Security Policy - Other |
Asymmetric algorithm for "Other" |
|
Security Policy - Other |
Other than NONE |
Null or empty |
Asymmetric algorithm for "Other" |
|
Security Policy - Other |
Other than NONE |
Security Policy - Yet another |
Asymmetric algorithm for "Yet another" (b) |
|
Security Policy - Other |
Other than NONE |
Security Policy - Other |
Asymmetric algorithm for "Other" |
|
Security Policy - Other |
SIGNANDENCRYPT |
Security Policy - None |
No encryption but encrypted SecureChannel (c) |
|
Security Policy - Other |
SIGN |
Security Policy - None |
Invalid configuration shall be rejected. |
|
(a)The use of this configuration without network encryption would result in a serious security fault. (b)This configuration should not be used. (c)This configuration should be avoided since compromised SecureChannel keys could result in leaked passwords. |
|||