Difference between revisions of "uaCap:Security AppAuthent"
| Line 8: | Line 8: | ||
* Ensures that a server only allows a trusted client to connect and that a client only communicates with trusted servers. | * Ensures that a server only allows a trusted client to connect and that a client only communicates with trusted servers. | ||
* Requires that a PKI infrastructure is in place. | * Requires that a PKI infrastructure is in place. | ||
| − | * Not available with HTTPS. | + | * Not available with HTTPS transport. |
{{uaConformance| | {{uaConformance| | ||
Latest revision as of 12:49, 24 February 2015
URN: https://opcfoundation.org/wiki/index.php/Security/ApplicationAuthentication
Description
Application authentication allows OPC UA applications to identify each other. Each OPC UA application instance has a digital certificate (instance certificate) assigned that is exchanged during connection setup. The receiver of the certificate checks whether it trusts the certificate. This trust check is accomplished using the concept of TrustLists. TrustLists can be managed by vendor-specific means or by OPC UA Certificate Management.
If HTTPS is used, application authentication is not available. If authentication is required with this transport, it must be based on user credentials.
Usage Considerations
- Ensures that a server only allows a trusted client to connect and that a client only communicates with trusted servers.
- Requires that a PKI infrastructure is in place.
- Not available with HTTPS transport.
Conformance Testing
| Client | Server |
|
Application authentication is integral part of the security policies (except Security Policy - none).
|
Application authentication is integral part of the security policies (except Security Policy - none).
|
