View Issue Details

IDProjectCategoryView StatusLast Update
000232010000-004: Servicespublic2013-11-25 18:23
ReporterKarl Deiretsbacher Assigned ToMatthias Damm  
PrioritynormalSeverityminorReproducibilityalways
Status closedResolutionfixed 
Product Version1.02 
Fixed in Version1.03 
Summary0002320: Encryption for user identity tokens (e.g. password)
Description

Chapter 7.35 contains the following description:

"Some tokens include a secret such as a password which the Server will accept as proof. In order to protect these secrets the Token shall be encrypted before it is passed to the Server."
and
"It is recommended that Applications never set the SecurityPolicy to None for UserTokens that include a secret ..."

However, with Transport=TLS and SecurityPolicy=None the statements in this section are not or not completely true.

TagsNo tags attached.
Commit Version
Fix Due Date

Activities

Matthias Damm

2013-10-09 17:42

developer   ~0005042

Added clarification that the shall is related to what the client needs to do if requested by the server.
Added clarification that encryption is recommended if SecurityPolicy is NONE and no transport layer encryption is available.

Resolved in document IEC 62541-4 - Services [Pre-CDV] 1.02.06.doc

Jim Luth

2013-11-25 18:23

administrator   ~0005144

Agreed to changes in telecon.

Issue History

Date Modified Username Field Change
2013-01-11 19:00 Karl Deiretsbacher New Issue
2013-01-15 17:26 Jim Luth Status new => assigned
2013-01-15 17:26 Jim Luth Assigned To => Matthias Damm
2013-10-09 17:42 Matthias Damm Status assigned => resolved
2013-10-09 17:42 Matthias Damm Resolution open => fixed
2013-10-09 17:42 Matthias Damm Note Added: 0005042
2013-11-25 18:23 Jim Luth Status resolved => closed
2013-11-25 18:23 Jim Luth Note Added: 0005144
2013-11-25 18:23 Jim Luth Fixed in Version => 1.03