All Data Structures Functions Variables Typedefs Enumerations Enumerator Modules Pages
OpcUa_UserIdentityToken Struct Reference

Allows Clients to specify the identity of the user they are acting on behalf of. More...

#include <opcua_types.h>

Detailed Description

Allows Clients to specify the identity of the user they are acting on behalf of.

The exact mechanism used to identify users depends on the system configuration. The different types of identity tokens are bas ed on the most common mechanisms that are used in systems today.

The Client shall always prove possession of a UserIdentityToken when it passes it to the Server. Some tokens include a secret such as a password which the Server will accept as proof. In order to protect these secrets the Token shall be encrypted before it is passed to the Server. Other types of tokens allow the Client to create a signature with the secret associated with the Token. In these cases, the Client proves possession of a UserIdentityToken by appending the last ServerNonce to the ServerCertificate and uses the secret to produce a Signature which is passed to the Server.

Each UserIdentityToken allowed by an Endpoint shall have a UserTokenPolicy specified in the EndpointDescription. The UserTokenPolicy specifies what SecurityPolicy to use when encrypting or signing. If this SecurityPolicy is omitted, the Client uses the SecurityPolicy in the EndpointDescription. If the matching SecurityPolicy is set to None, no encryption or signature is required. It is recommended that Applications never set the SecurityPolicy to None for UserTokens that include a secret because these secrets could be used by an attacker to gain access to the system.

The documentation for this struct was generated from the following file: