Difference between revisions of "uaCap:Transport uatcp secure"

From UaCapabilities
Jump to: navigation, search
Line 1: Line 1:
 
{{CapabilityUri|/Transport/UA_TCP/Secured}}
 
{{CapabilityUri|/Transport/UA_TCP/Secured}}
 
'''Description'''
 
'''Description'''
<br>A TCP-based protocol with binary encoding that uses a secure channel between communicating OPC UA applications.
+
<br>This transport capability supplements the UA_TCP transport with security, including:
Uses the Public Key Infrastructure (PKI) standards to enable applications to identify themselves with an X.509 Certificate (Application Instance Certificate). Includes
+
* Authentication of communication partner based on digital certificates that are exchanged during the establishment of a secure channel. This is based on Public Key Infrastructure (PKI) standards.
* Authentication of communication partner based on digital certificates that are exchanged during the establishment of a secure channel
+
 
* Efficient Data encryption algorithms to provide Confidentiality
 
* Efficient Data encryption algorithms to provide Confidentiality
 
* Efficient Message signatures to provide Integrity
 
* Efficient Message signatures to provide Integrity
Line 9: Line 8:
 
'''Usage Considerations'''
 
'''Usage Considerations'''
 
* Application authentication allows restricting access to trusted parties.
 
* Application authentication allows restricting access to trusted parties.
* End-to-end encryption offers uninterrupted protection of data between client and server resulting in a higher degree of security than transport protocols that protect messages by establishing secure connection between two hosts (HTTPS, for example).
+
* End-to-end encryption offers uninterrupted protection of data between Client and Server resulting in a higher degree of security than transport protocols that protect messages by establishing secure connection between two hosts (HTTPS, for example).
 
* Can be applied to a wide range of devices and application, from control and field devices that require security to enterprise level applications.
 
* Can be applied to a wide range of devices and application, from control and field devices that require security to enterprise level applications.
  

Revision as of 13:08, 5 February 2015

URN:          https://opcfoundation.org/wiki/index.php/Transport/UA_TCP/Secured

Description
This transport capability supplements the UA_TCP transport with security, including:

  • Authentication of communication partner based on digital certificates that are exchanged during the establishment of a secure channel. This is based on Public Key Infrastructure (PKI) standards.
  • Efficient Data encryption algorithms to provide Confidentiality
  • Efficient Message signatures to provide Integrity

Usage Considerations

  • Application authentication allows restricting access to trusted parties.
  • End-to-end encryption offers uninterrupted protection of data between Client and Server resulting in a higher degree of security than transport protocols that protect messages by establishing secure connection between two hosts (HTTPS, for example).
  • Can be applied to a wide range of devices and application, from control and field devices that require security to enterprise level applications.

Conformance Testing

Client Server

TBD

TBD