Difference between revisions of "uaCap:Security Intro"

From UaCapabilities
Jump to: navigation, search
(Created page with "Security is a fundamental aspect of OPC UA. It consists of several individual elements that are integrated in different layers of the OPC UA Framework. File:UA fw Security.J...")
 
 
(3 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
Security is a fundamental aspect of OPC UA. It consists of several individual elements that are integrated in different layers of the OPC UA Framework.
 
Security is a fundamental aspect of OPC UA. It consists of several individual elements that are integrated in different layers of the OPC UA Framework.
[[File:UA fw Security.JPG|300px|left]]
+
[[File:UA fw Security.JPG|300px|right]]
 
OPC UA Security is concerned with the authentication of clients and servers, the authorization of users, the integrity and confidentiality of their communications and the auditing of client server interactions. To meet this goal, security is integrated into all aspects of the design and implementation of OPC UA Servers and Clients. OPC UA security is based on industry standard security algorithms, yet is scalable to meet the environment and application requirements.
 
OPC UA Security is concerned with the authentication of clients and servers, the authorization of users, the integrity and confidentiality of their communications and the auditing of client server interactions. To meet this goal, security is integrated into all aspects of the design and implementation of OPC UA Servers and Clients. OPC UA security is based on industry standard security algorithms, yet is scalable to meet the environment and application requirements.
Communication Layer Security is part of the Transport Mapping Capabilities; see [[UA Transport]].
+
Communication Layer Security is part of the Transport Mapping Capabilities; see [[Transport Mappings]].
The design and implementation of OPC UA’s security standard is based on proven PKI standards and W3C protocols. The resulting OPC UA security architecture permeates the application and communication layers atop the transport layer.  
+
The design and implementation of OPC UA’s security standard is based on proven standards. The resulting OPC UA security architecture permeates the application and communication layers atop the transport layer.  
  
 
+
{| cellpadding="5" cellspacing="0" width="100%"
[[File:SecurityLayers.jpg|500px|right]]
+
|-
 +
|
 +
[[File:SecurityLayers.jpg|500px|left]]
 +
|
 
All activities in the application layer are based on a secure channel that is created in the communication layer. Applications rely upon it for secure communication in addition to application authentication. The secure channel is responsible for messages integrity, confidentiality and application authentication.
 
All activities in the application layer are based on a secure channel that is created in the communication layer. Applications rely upon it for secure communication in addition to application authentication. The secure channel is responsible for messages integrity, confidentiality and application authentication.
The application layer manages user authentication and user authorization. During Session establishment Clients may pass a user identity token to the OPC UA Server. The Server verifies that this user is allowed to access and what resources it is authorized to use.  
+
The application layer manages user authentication and user authorization. Clients may pass a user identity token to the OPC UA Server. The Server verifies that this user is allowed to access and what resources it is authorized to use.  
<br>Note – The entire OPC UA Security Model is described in OPC UA Part 2.
+
<br>Note – The OPC UA Security Model is described in OPC UA Part 2.
 
<br>The Secure Conversation Services and the security elements in Session Services are specified in OPC UA Part 4.
 
<br>The Secure Conversation Services and the security elements in Session Services are specified in OPC UA Part 4.
 
<br>The communication layer security elements are specified in OPC UA Part 6.
 
<br>The communication layer security elements are specified in OPC UA Part 6.
 +
|}

Latest revision as of 11:51, 10 February 2015

Security is a fundamental aspect of OPC UA. It consists of several individual elements that are integrated in different layers of the OPC UA Framework.

UA fw Security.JPG

OPC UA Security is concerned with the authentication of clients and servers, the authorization of users, the integrity and confidentiality of their communications and the auditing of client server interactions. To meet this goal, security is integrated into all aspects of the design and implementation of OPC UA Servers and Clients. OPC UA security is based on industry standard security algorithms, yet is scalable to meet the environment and application requirements. Communication Layer Security is part of the Transport Mapping Capabilities; see Transport Mappings. The design and implementation of OPC UA’s security standard is based on proven standards. The resulting OPC UA security architecture permeates the application and communication layers atop the transport layer.

SecurityLayers.jpg

All activities in the application layer are based on a secure channel that is created in the communication layer. Applications rely upon it for secure communication in addition to application authentication. The secure channel is responsible for messages integrity, confidentiality and application authentication. The application layer manages user authentication and user authorization. Clients may pass a user identity token to the OPC UA Server. The Server verifies that this user is allowed to access and what resources it is authorized to use.
Note – The OPC UA Security Model is described in OPC UA Part 2.
The Secure Conversation Services and the security elements in Session Services are specified in OPC UA Part 4.
The communication layer security elements are specified in OPC UA Part 6.