Skip to content

ComboSecurityScheme missing and required for OPCUA Security #1416

Description

@erossignon

In thing-description.ts there is a todo for ComboSecurityScheme

// TODO ComboSecurityScheme

It occur that ComboSecurityScheme is required to create OPCUA Security Scheme

An OPCUA Secure connection has two levels:

  • a SecureChannel (encryption mode)
  • a Authentication ( userName password or x509 certificate)

Therefore it make sense to define a secure OPCUA this way:

const thing = {

   securityDefinitions: {
 
        "c:sign-encrypt_basic256Sha256": <OPCUAChannelSecurityScheme>{
            scheme: "opcua-channel-security",
            messageMode: "sign_encrypt",
            policy: "Basic256Sha256", // deprecated
        },

        "a:username-password": <OPCUACUserNameAuthenticationScheme>{
            scheme: "opcua-authentication",
            userName: "joe",
            password: "password_for_joe",
        },
        "a:x509-certificate": <OPCUACertificateAuthenticationScheme>{
            scheme: "opcua-authentication",
            tokenType: "certificate",
            certificate: "....",
            privateKey: "....",
        },
        
        "sd1": {
            scheme: "combo",
            allOf: ["c:sign-encrypt_basic256Sha256", "a:x509-certificate"],
        },
        "sd2": {
            scheme: "combo",
            allOf: ["c:sign-encrypt_basic256Sha256", "a:xusername-password""],
        },
    }
};

see #1401 and PR #1415

Metadata

Metadata

Assignees

No one assigned

    Labels

    binding-opcuaIssues related to opc ua protocol bindingcoreIssues with the core library

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions