View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
000640710000-018: Role-Based SecuritySpecpublic2021-01-27 13:252021-03-02 20:15
ReporterMatthias Isele Assigned ToMatthias Damm  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Summary0006407: Clarification required for Endpoints in Roletype
Description

From the specification Part 18 - 4.3.1 RoleType definition:
"The Endpoints Property specifies the Endpoints which shall be included or excluded from this Role. The value is an EndpointType array which contains one or more Endpoint descriptions. The EndpointUrl is compared with the configured Endpoint that is used by the SecureChannel for the Session."

So the specification states that just the EndpointUrl is used for comparison.
However the EndpointType Structure contains 3 more fields:

  • securityMode
  • securityPolicyUri
  • transportProfileUri

If they shall be ignore we should clearly state that in the specification.
If not we should explain the rules for comparision e.g. which fields are required or if a field is empty is that interpreted as a wildcard or not etc.

TagsNo tags attached.
Commit Version
Fix Due Date

Activities

Matthias Damm

2021-02-02 16:20

developer   ~0013646

Discussed in UA WG meeting.

Agreed that all fields of the EndpointType Structure must be compared but it is possible to skip the comparison for a field if the field is set with a TBD defined default value.

Matthias Damm

2021-02-02 16:47

developer   ~0013651

Requires errata!

Changed description of Endpoints Property to:
The Endpoints Property specifies the Endpoints which shall be included or excluded from this Role. The value is an EndpointType array which contains one or more Endpoint descriptions. The EndpointUrl and the other Endpoint settings isare compared with the configured Endpoint that is used by the SecureChannel for the Session. The EndpointType DataType is defined in 4.4.2. Fields that have default values as defined in the EndpointType DataType are ignored during the comparison.

Update EndpointType field descriptions:

securityMode
The type of message security.
The type MessageSecurityMode type is defined in OPC 10000-4.
The default value is MessageSecurityMode Invalid. The field is ignored for comparison if the default value is set.

securityPolicyUri
The URI of the SecurityPolicy.
The default value is an empty or null String. The field is ignored for comparison if the default value is set.

transportProfileUri
The URI of the Transport Profile.
The default value is an empty or null String. The field is ignored for comparison if the default value is set.

Jim Luth

2021-03-02 20:15

administrator   ~0013919

Agreed to changes in Virtual F2F.

Issue History

Date Modified Username Field Change
2021-01-27 13:25 Matthias Isele New Issue
2021-02-02 14:43 Matthias Damm Assigned To => Matthias Damm
2021-02-02 14:43 Matthias Damm Status new => assigned
2021-02-02 16:20 Matthias Damm Note Added: 0013646
2021-02-02 16:47 Matthias Damm Status assigned => resolved
2021-02-02 16:47 Matthias Damm Resolution open => fixed
2021-02-02 16:47 Matthias Damm Note Added: 0013651
2021-03-02 20:15 Jim Luth Status resolved => closed
2021-03-02 20:15 Jim Luth Fixed in Version => 1.05
2021-03-02 20:15 Jim Luth Note Added: 0013919