View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
000129210000-004: Servicespublic2010-07-07 17:282011-05-23 11:47
ReporterNathan PocockAssigned ToMatthias Damm  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Summary0001292: Define: Windows based authentication between Client/Server (Kerberos)
Description

Currently the UA spec defines login-based authentication in a very generic (platform-agnostic) way that is acceptable for a general definition. We now need to go back and INSERT a specific form of authentication that is:

Windows based authentication using Kerberos tokens

The intent is:
A Windows-based UA Client will connect to a UA Server and provide the user-credentials of the currently-logged-on user, or whatever user launched the application etc. The desire by some vendors is to avoid opening a login dialog.

Since Windows is the dominant O/S worldwide it makes perfect sense to prototype and then fully include the required behavior/structure definitions etc. within the specifications.

TagsNo tags attached.
Commit Version
Fix Due Date

Relationships

parent of 0001640 closedPaul Hunkar 10000-007: Profiles Define: Windows based authentication between Client/Server (Kerberos) 

Activities

Randy Armstrong

2010-07-27 17:32

administrator   ~0001979

The spec needs to indicate that the IssuerTokenUrl field of the UserTokenPolicy structure must contain the ServicePrincipalName (SPN) for the UA Server.

Matthias Damm

2011-03-07 18:36

developer   ~0002342

Telco March 7, 2011

If UserTokenPolicy -> tokenType is ISSUEDTOKEN_3
And UserTokenPolicy -> issuedTokenType is one of the URIs defined in
http://www.oasis-open.org/committees/download.php/16788/wss-v1.1-spec-os-KerberosTokenProfile.pdf

The UserTokenPolicy -> issuerEndpointUrl is set to the ServicePrincipalName (SPN)

Matthias Damm

2011-03-17 19:19

developer   ~0002492

Added reference to document WS Security: Kerboros Token Profile and described the necessary combination of parameter values in the UserTokenPolicy.

Change is part of the draft version "OPC UA Part 4 - Services Draft 1.02.03 Body.doc"

Matthias Damm

2011-03-17 19:19

developer   ~0002493

Added reference to document WS Security: Kerboros Token Profile and described the necessary combination of parameter values in the UserTokenPolicy.

Change is part of the draft version "OPC UA Part 4 - Services Draft 1.02.03 Body.doc"

Issue History

Date Modified Username Field Change
2010-07-07 17:28 Nathan Pocock New Issue
2010-07-27 17:32 Randy Armstrong Note Added: 0001979
2010-07-27 17:33 Randy Armstrong Status new => assigned
2010-07-27 17:33 Randy Armstrong Assigned To => Matthias Damm
2011-03-07 18:36 Matthias Damm Note Added: 0002342
2011-03-17 19:19 Matthias Damm Note Added: 0002492
2011-03-17 19:19 Matthias Damm Status assigned => resolved
2011-03-17 19:19 Matthias Damm Resolution open => fixed
2011-03-17 19:19 Matthias Damm Note Added: 0002493
2011-05-23 11:33 Randy Armstrong Issue cloned: 0001640
2011-05-23 11:33 Randy Armstrong Relationship added parent of 0001640
2011-05-23 11:47 Randy Armstrong Status resolved => closed