Difference between revisions of "uaCap:Security AppAuthent"

From UaCapabilities
Jump to: navigation, search
Line 1: Line 1:
 
{{CapabilityUri|/Security/ApplicationAuthentication}}
 
{{CapabilityUri|/Security/ApplicationAuthentication}}
 
 
'''Description'''
 
'''Description'''
 
<br>
 
<br>

Revision as of 11:45, 10 February 2015

URN:          https://opcfoundation.org/wiki/index.php/Security/ApplicationAuthentication

Description
Application authentication allows OPC UA applications to identify each other. Each OPC UA application instance has a digital certificate (instance certificate) assigned that is exchanged during connection setup. The receiver of the certificate checks whether it trusts the certificate. This trust check is accomplished using the concept of TrustLists. TrustLists can be managed by vendor-specific means or by OPC UA Certificate Management.
If HTTPS is used, application authentication is not available. If authentication is required with this transport, it must be based on user credentials.

Usage Considerations

  • Ensures that a server only allows a trusted client to connect and that a client only communicates with trusted servers.
  • Requires that a PKI infrastructure is in place.
  • Not available with HTTPS.

Conformance Testing

Client Server

Application authentication is integral part of the security policies (except Security Policy - none).
It shall also be possible to configure for no application authentication, just user authentication and normal encryption/signing:

  • Configure Client application to accept all Server certificates
  • Certificates are just used for message security (signing and encryption)
  • User level is used for authentication

Application authentication is integral part of the security policies (except Security Policy - none).
It shall also be possible to configure for no application authentication, just user authentication and normal encryption/signing:

  • Configure Server application to accept all Client certificates
  • Certificates are just used for message security (signing and encryption)
  • User level is used for authentication