0010611: 7.41.5 X509IdentityTokens - Need to Clarify what Happens with ECC and RSA support. - MantisBT

10000-004: Services
- - All Projects
  - .NET API
  - Certification
  - Compliance Test Tool (CTT) COM Classic
  - Compliance Test Tool (CTT) Unified Architecture
  - CTT UA Binary
  - CTT UA Help
  - CTT UA Package
  - CTT UA Scripts
  - CTT UA Test Case
  - OPC Analyzer
  - Safety Compliance Test Tool (UASCTT)
  - UASCTT Documentation
  - UASCTT Software
  - Specifications
  - Classic DA Client
  - Classic DA Server
  - Safety Test Document
  - UA Client - Certification tests
  - UA Server - Certification tests
  - COM/XML Sample Code
  - COM-AE Sample Code
  - COM-DA Sample Code
  - COM-HDA Sample Code
  - XML-DA Sample Code
  - Core Components
  - OpenSCS
  - UA
  - Field eXchange (UAFX)
  - Part 80: UAFX Overview and Concepts [sg.Architecture]
  - Part 81: UAFX Connecting Devices and Information Model [sg.BaseFacet]
  - Part 82: UAFX Networking [sg.Networking]
  - Part 83: UAFX Offline Engineering [sg.OfflineEngineering]
  - Part 84: UAFX Profiles
  - sg.I/O
  - sg.Instrumentation
  - sg.Motion
  - UAFX Nodeset
  - UAFX Testing (CTT) [sg.TestDevelopment]
  - Information Models
  - 10000-100: Devices
  - 10000-110: Asset Management Basics
  - 10000-200: Industrial Automation - Basics
  - 10000-210: Industrial Automation - Relative Spatial Location
  - 10020: Analyzer Device Integration (ADI)
  - 10030: ISA-95
  - 10031: ISA 95 Job Control
  - 10040: IEC 61850
  - 10100-1: WOT Connectivity
  - 11020: Companion Spec Template
  - 30000: PLCopen
  - 30010: AutoID
  - 30020: MDIS
  - 30030: BACnet
  - 30040: AutomationML
  - 30050: PackML
  - 30060: TMC
  - 30070: MTConnect
  - 30081: PADIM
  - 30090: FDT
  - 30110: Powerlink
  - 30120: IO-Link
  - 30130: CCLink (CSP+ForMachine)
  - 30140: PROFINET
  - 30170: ODVA-CIP
  - 30170: ODVA-CIP: 01: Promises
  - 30170: ODVA-CIP: 02: User Stories
  - 30170: ODVA-CIP: 03: Requirements
  - 30200: Commercial Kitchen Equipment
  - 30250: DEXPI
  - 30270: I4AAS
  - 30400: UA Cloud LIbrary
  - 34100: Energy Consumption Management
  - 40001: Machinery
  - 40010: Robotics
  - 40010-1: Robotics-1: Vertical integration
  - 400nn: PlasticsRubber
  - 40077: PlasticsRubber IMM2MES
  - 40082-1: PlasticsRubber TCD
  - 40082-2: PlasticsRubber HotRunner
  - 40082-3: PlasticsRubber LDS
  - 40082-5: PlasticsRubber Moulds
  - 40083: PlasticsRubber
  - 40083: PlasticsRubber GeneralTypes
  - 40084: PlasticsRubber Extrusion
  - 40084-10: PlasticsRubber Extrusion Calibrator
  - 40084-11: PlasticsRubber Extrusion Corrugator
  - 40084-12: PlasticsRubber Extrusion Calender
  - 40084-1: PlasticsRubber Extrusion GeneralTypes
  - 40084-2: PlasticsRubber Extrusion ExtrusionLine
  - 40084-3: PlasticsRubber Extrusion Extruder
  - 40084-4: PlasticsRubber Extrusion HaulOff
  - 40084-5: PlasticsRubber Extrusion MeltPump
  - 40084-6: PlasticsRubber Extrusion Filter
  - 40084-7: PlasticsRubber Extrusion Die
  - 40084-8: PlasticsRubber Extrusion Pelletizer
  - 40084-9: PlasticsRubber Extrusion Cutter
  - 40100: Machine Vision
  - 40100-1: MachineVision-1: Control and more
  - 40200: Weighing Technology
  - 40210: Geometric Measuring Systems
  - 40223: Pumps and Vacuum Pumps
  - 40250: Compressed Air
  - 40301: Flat Glass
  - 40351: High Pressure Die Casting (HPDC)
  - 40400-1: Powertrain
  - 40450: Joining
  - 40450-1: IJT Joining System – Base
  - 40451: Tightening
  - 40451-1: IJT Tightening System – General
  - 40501: MachineTool
  - 40501-1: MachineTool-1: Monitoring and Job
  - 40502: CNC
  - 40550: Woodworking Machinery
  - 4056n: Mining
  - 40560: Mining General
  - 40561: Mining Extraction Equipment
  - 40562: Mining Loading Equipment
  - 40563: Mining Transport And Dumping Equipment
  - 40564: Mining Mineral Processing Equipment
  - 40565: Mining Development And Support Equipment
  - 40566: Mining Monitoring And Supervision Services
  - 40567: Mining PELO Services
  - 40569: Mining Application And Use Cases
  - 40701: Cleaning-Pretreatment Surface Technology
  - UA Specification
  - 10000-001: Concepts
  - 10000-002: Security
  - 10000-003: Address Space
  - 10000-004: Services
  - 10000-005: Information Model
  - 10000-006: Mappings
  - 10000-007: Profiles
  - 10000-008: Data Access
  - 10000-009: Alarms and Conditions
  - 10000-010: Programs
  - 10000-011: Historical Access
  - 10000-012: Discovery
  - 10000-013: Aggregates
  - 10000-014: PubSub
  - 10000-015: Safety
  - UA Safety Stack
  - UA Safety Stack - Documentation
  - UA Safety Stack - Source Code
  - 10000-016: State Machines
  - 10000-017: Alias Names
  - 10000-018: Role-Based Security
  - 10000-019: Dictionary Reference
  - 10000-020: File Transfer
  - 10000-021: Device Onboarding
  - 10000-022: Base Network Model
  - 10000-023: Common ReferenceTypes
  - 10000-024: Scheduler
  - 10000-025: ObjectSerialization
  - 10000-026: LogObject
  - 10000-110: Asset Management Basics
  - 10000-120: XML Data Type Mapping
  - 10000-200: Industrial Automation - Basics
  - 10000-210: Industrial Automation - Relative Spatial Location
  - Code Generators
  - ModelValidator
  - Feature Requests
  - NodeSets, XSDs and Generated Code
  - Website
  - IOP App
  - Online Reference
  - Profiles Application
  - Teams
  - Whitepapers - 22***
  - OPC-11030: UA Modelling Best Practices
  - Wireshark plug-in
anonymous

ID	Project	Category	View Status	Date Submitted	Last Update

0010611	10000-004: Services	Spec	public	2025-11-13 11:17	2025-11-13 11:32

Reporter	Randy Armstrong	Assigned To
Priority	normal	Severity	minor	Reproducibility	always
Status	new	Resolution	open
Product Version	1.05.06
Target Version	1.05.07 RC1

Summary	0010611: 7.41.5 X509IdentityTokens - Need to Clarify what Happens with ECC and RSA support.
Description	ECC introduces a need to support UserTokenSignatures that have public key algorithms that are not supported for the SecureChannel. Text needs to be added to call this out use case to ensure implementers do not miss it.
Additional Information	This token shall always be accompanied by a Signature in the userTokenSignature parameter of ActivateSession if required by the SecurityPolicy. The Server shall specify a SecurityPolicy for the UserTokenPolicy if the SecureChannel has a SecurityPolicy with a different CertificateKeyAlgorithm and/or AsymmetricSignatureAlgorithm. Servers that support multiple CertificateKeyAlgorithms for a UserCertificate shall provide a distinct UserTokenPolicy for each CertificateKeyAlgorithm supported.
Tags	No tags attached.

Commit Version
Fix Due Date

Date Modified	Username	Field	Change
2025-11-13 11:17	Randy Armstrong	New Issue
2025-11-13 11:31	Randy Armstrong	Description Updated
2025-11-13 11:32	Randy Armstrong	Description Updated
2025-11-13 11:32	Randy Armstrong	Description Updated