View Issue Details

IDProjectCategoryView StatusLast Update
000172310000-004: Servicespublic2012-02-09 22:42
ReporterNathan PocockAssigned ToMatthias Damm  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Product Version1.01 
Fixed in Version1.02 
Summary0001723: Clarification: encryptionAlgorithm (table 173) vs. securityPolicyUri (table 174)
Description

The CMPWG meeting (8/25/2011) became evident that there's confusion between the encryptionAlgorithm (table 173) and the securityPolicyUri (table 174). When you look at each parameter they make sense, but when you combine the two together it seems redundant, or is there more to it? we couldn't answer that.

A brief exchange with Randy on this subject and his response to the above question was:

"The securityPolicyUri uniquely defines the encryptionAlgorithm so technically only the securityPolicyUri is ever needed. encryptionAlgorithm is used for historical reasons because once we realized it could be replaced by the securityPolicyUri it would have been a breaking change."

The above answer makes sense, and the CMPWG agreed that we would like to propose a modification to the encryptionAlgorithm parameter (table 173) to state that it has been deprecated and should not be used, and to specify that the securityPolicyUri (table 174) is to be used instead.

TagsNo tags attached.
Commit Version
Fix Due Date

Relationships

related to 0001704 closedPaul Hunkar 10000-007: Profiles CU: Security User Name Password - Algorithm clarifications 

Activities

Randy Armstrong

2011-09-08 14:51

administrator   ~0002924

The encryptionAlgorithm parameter is still needed. It can't be depreceated.

The comments I made were meant to indicate that the securityPolicyUri could have been put in this field instead of encryptionAlgorithm. Not that the field is unneeded.

Nathan Pocock

2011-09-08 15:08

viewer   ~0002925

Hey Randy,

Based on what you're saying, the securityPolicyUri and the encrpytionAlgorithm can/should contain the same value?

Seems like a clarification in the spec is still needed though. We will discuss your feedback on the cmpwg call shortly, and will post a note back in here. Thanks.

Randy Armstrong

2011-09-08 15:18

administrator   ~0002926

If you are writing code that encrypts/decrypts then the encrpytionAlgorithm is the most useful value to have since there can be many security policies that use the same encrpytionAlgorithm.

It also means your encrypts/decrypts code does not need to be updated if new security policies are created if those policies reuse the same encrpytionAlgorithm.

However, fooling around with two different URIs in the API can be a hassle which is why I said the security policy URI probably should have been used instead.

Nathan Pocock

2011-09-08 19:39

viewer   ~0002930

CMPWG Sep-8-2011 discussed this again and we're still not clear. Unfortunately we did not see the last comment from Randy (09-08-11 09:17).

Randy's last comment (09-08-11 09:17) is the clearest yet, and it would indicate that the 2 parameters are quite different. However, one could still interpret these parameters are containing the same value.

The CMPWG (having NOT seen the comment: 09-08-11 09:17) felt that some clarification is needed in the spec still.

Randy Armstrong

2011-09-08 19:44

administrator   ~0002931

Add an explict statement that the encryptionAlgorithm is not the same as the securitypolicyuri.

Matthias Damm

2011-09-13 00:51

developer   ~0002945

Added the following clarification to Table 173:
"This string is not the same as the securityPolicyUri. It is the URI of the encryptionAlgorithm defined in the security policy."

Changed in document version OPC UA Part 4 - Services 1.02.07 Draft.doc

Randy Armstrong

2011-09-14 19:16

administrator   ~0002965

Reviewed in F2F

Made the text wording more explicit.

Issue History

Date Modified Username Field Change
2011-09-08 14:45 Nathan Pocock New Issue
2011-09-08 14:51 Randy Armstrong Status new => resolved
2011-09-08 14:51 Randy Armstrong Resolution open => won't fix
2011-09-08 14:51 Randy Armstrong Assigned To => Randy Armstrong
2011-09-08 14:51 Randy Armstrong Note Added: 0002924
2011-09-08 15:08 Nathan Pocock Note Added: 0002925
2011-09-08 15:18 Randy Armstrong Note Added: 0002926
2011-09-08 19:39 Nathan Pocock Note Added: 0002930
2011-09-08 19:39 Nathan Pocock Status resolved => assigned
2011-09-08 19:44 Randy Armstrong Note Added: 0002931
2011-09-08 19:44 Randy Armstrong Assigned To Randy Armstrong => Matthias Damm
2011-09-13 00:51 Matthias Damm Status assigned => resolved
2011-09-13 00:51 Matthias Damm Resolution won't fix => fixed
2011-09-13 00:51 Matthias Damm Note Added: 0002945
2011-09-14 19:16 Randy Armstrong Status resolved => closed
2011-09-14 19:16 Randy Armstrong Note Added: 0002965
2012-01-01 08:53 Paul Hunkar Relationship added related to 0001704
2012-02-09 22:42 Jim Luth Fixed in Version => 1.02