View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
000608310000-004: ServicesSpecpublic2020-09-22 16:032020-12-07 18:38
ReporterJim Luth Assigned ToMatthias Damm  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Summary0006083: Need to add conformance unit for User switch
Description

A conformance units should be defined that describes allowing a client to change the User that is connected on a connection (both a client and server conformance unit)

Server - In the security bucket
Supports, via Activate Session, the changing of the logged-in user. I.e. changing from Operator to Administrator or other user on an active session. This includes reprocessing of any subscription to ensure that only authorized data is supplied.

Client
Can change the user associated with an existing session, by issuing an activate session with new user credentials. This includes being able to handle that the change might be refused and/or that items in subscription might report User access denied.

These conformance units should be added as optional to the standard server and standard client profiles

TagsNo tags attached.
Commit Version
Fix Due Date

Relationships

related to 0004577 closedPaul Hunkar 10000-007: Profiles Need to add conformance unit for User switch 

Activities

Karl Deiretsbacher

2020-09-22 16:03

developer   ~0012969

Such CUs already exist:
SERVER: See "Session Services" --> "Session Change User" in "Standard 2017 UA Server Profile"
CLIENT: See "Session Services" --> "Session Client Impersonate" in "Core 2017 Client Facet"

Jim Luth

2020-09-22 16:03

administrator   ~0012970

Propose adding the server CU to other Server Profiles as optional.

Karl Deiretsbacher

2020-09-22 16:03

developer   ~0012971

Last edited: 2020-09-22 16:04

Discussed in UA virtual F2F on 2020-09-17. Fixed v1.03 and v1.04 as follows:
The CU "Session Switch User" was moved from Standard UA Server to the Core Server Facet as optional.

Jim Luth

2020-09-22 16:06

administrator   ~0012972

Part 4 needs to better explain the requirements of using ActivateSession to change the user context of a running session (with subscriptions) . This is instead of Paul's request to add this to the CU "This includes reprocessing of any subscription to ensure that only authorized data is supplied."

Matthias Damm

2020-12-06 18:16

developer   ~0013375

Added following clarification to
5.6.3 ActivateSession
5.6.3.1 Description

A Server shall re-evaluate the permissions of all MonitoredItems in Subscriptions assigned to the Session after a user identity change.

Added in OPC 10000-4 - UA Specification Part 4 - Services 1.05.0 Draft12.docx

Jim Luth

2020-12-07 18:38

administrator   ~0013382

Agreed to changes in Virtual F2F.

Issue History

Date Modified Username Field Change
2020-09-22 16:03 Jim Luth New Issue
2020-09-22 16:03 Jim Luth Status new => assigned
2020-09-22 16:03 Jim Luth Assigned To => Matthias Damm
2020-09-22 16:03 Jim Luth Issue generated from: 0004577
2020-09-22 16:03 Jim Luth Note Added: 0012969
2020-09-22 16:03 Jim Luth Note Added: 0012970
2020-09-22 16:03 Jim Luth Note Added: 0012971
2020-09-22 16:03 Jim Luth Relationship added related to 0004577
2020-09-22 16:04 Jim Luth Project 10000-007: Profiles => 10000-004: Services
2020-09-22 16:04 Jim Luth Note Edited: 0012971
2020-09-22 16:06 Jim Luth Note Added: 0012972
2020-12-06 18:16 Matthias Damm Status assigned => resolved
2020-12-06 18:16 Matthias Damm Resolution open => fixed
2020-12-06 18:16 Matthias Damm Note Added: 0013375
2020-12-07 18:38 Jim Luth Status resolved => closed
2020-12-07 18:38 Jim Luth Fixed in Version => 1.05
2020-12-07 18:38 Jim Luth Note Added: 0013382