View Issue Details
ID | Project | Category | View Status | Date Submitted | Last Update |
---|---|---|---|---|---|
0001723 | 10000-004: Services | public | 2011-09-08 14:45 | 2012-02-09 22:42 | |
Reporter | Assigned To | Matthias Damm | |||
Priority | normal | Severity | minor | Reproducibility | always |
Status | closed | Resolution | fixed | ||
Product Version | 1.01 | ||||
Fixed in Version | 1.02 | ||||
Summary | 0001723: Clarification: encryptionAlgorithm (table 173) vs. securityPolicyUri (table 174) | ||||
Description | The CMPWG meeting (8/25/2011) became evident that there's confusion between the encryptionAlgorithm (table 173) and the securityPolicyUri (table 174). When you look at each parameter they make sense, but when you combine the two together it seems redundant, or is there more to it? we couldn't answer that. A brief exchange with Randy on this subject and his response to the above question was: "The securityPolicyUri uniquely defines the encryptionAlgorithm so technically only the securityPolicyUri is ever needed. encryptionAlgorithm is used for historical reasons because once we realized it could be replaced by the securityPolicyUri it would have been a breaking change." The above answer makes sense, and the CMPWG agreed that we would like to propose a modification to the encryptionAlgorithm parameter (table 173) to state that it has been deprecated and should not be used, and to specify that the securityPolicyUri (table 174) is to be used instead. | ||||
Tags | No tags attached. | ||||
Commit Version | |||||
Fix Due Date | |||||
related to | 0001704 | closed | Paul Hunkar | 10000-007: Profiles | CU: Security User Name Password - Algorithm clarifications |
|
The encryptionAlgorithm parameter is still needed. It can't be depreceated. The comments I made were meant to indicate that the securityPolicyUri could have been put in this field instead of encryptionAlgorithm. Not that the field is unneeded. |
|
Hey Randy, Based on what you're saying, the securityPolicyUri and the encrpytionAlgorithm can/should contain the same value? Seems like a clarification in the spec is still needed though. We will discuss your feedback on the cmpwg call shortly, and will post a note back in here. Thanks. |
|
If you are writing code that encrypts/decrypts then the encrpytionAlgorithm is the most useful value to have since there can be many security policies that use the same encrpytionAlgorithm. It also means your encrypts/decrypts code does not need to be updated if new security policies are created if those policies reuse the same encrpytionAlgorithm. However, fooling around with two different URIs in the API can be a hassle which is why I said the security policy URI probably should have been used instead. |
|
CMPWG Sep-8-2011 discussed this again and we're still not clear. Unfortunately we did not see the last comment from Randy (09-08-11 09:17). Randy's last comment (09-08-11 09:17) is the clearest yet, and it would indicate that the 2 parameters are quite different. However, one could still interpret these parameters are containing the same value. The CMPWG (having NOT seen the comment: 09-08-11 09:17) felt that some clarification is needed in the spec still. |
|
Add an explict statement that the encryptionAlgorithm is not the same as the securitypolicyuri. |
|
Added the following clarification to Table 173: Changed in document version OPC UA Part 4 - Services 1.02.07 Draft.doc |
|
Reviewed in F2F Made the text wording more explicit. |
Date Modified | Username | Field | Change |
---|---|---|---|
2011-09-08 14:45 |
|
New Issue | |
2011-09-08 14:51 | Randy Armstrong | Status | new => resolved |
2011-09-08 14:51 | Randy Armstrong | Resolution | open => won't fix |
2011-09-08 14:51 | Randy Armstrong | Assigned To | => Randy Armstrong |
2011-09-08 14:51 | Randy Armstrong | Note Added: 0002924 | |
2011-09-08 15:08 |
|
Note Added: 0002925 | |
2011-09-08 15:18 | Randy Armstrong | Note Added: 0002926 | |
2011-09-08 19:39 |
|
Note Added: 0002930 | |
2011-09-08 19:39 |
|
Status | resolved => assigned |
2011-09-08 19:44 | Randy Armstrong | Note Added: 0002931 | |
2011-09-08 19:44 | Randy Armstrong | Assigned To | Randy Armstrong => Matthias Damm |
2011-09-13 00:51 | Matthias Damm | Status | assigned => resolved |
2011-09-13 00:51 | Matthias Damm | Resolution | won't fix => fixed |
2011-09-13 00:51 | Matthias Damm | Note Added: 0002945 | |
2011-09-14 19:16 | Randy Armstrong | Status | resolved => closed |
2011-09-14 19:16 | Randy Armstrong | Note Added: 0002965 | |
2012-01-01 08:53 | Paul Hunkar | Relationship added | related to 0001704 |
2012-02-09 22:42 | Jim Luth | Fixed in Version | => 1.02 |