View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
000496010000-007: ProfilesSpecpublic2019-08-16 09:292020-09-22 15:46
ReporterMatthias Damm Assigned ToPaul Hunkar  
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionfixed 
Summary0004960: Requirement to encrypt Audit events?
Description

I assume it would make sense to send Audit events only through encrypted channels. But I did not find anything in Part 4 (6.5 Auditing) or Part 5 (6.4.3 AuditEventType - 6.4.27).

The only related text is in OPC UA Part 2:
4.14 Auditing
4.14.1 General
In addition, the information in an audit record may contain sensitive or private information, thus the ability to subscribe for Audit Events is restricted to appropriate users and/or applications. As an alternative, the fields with sensitive or private information can instead contain an error code indicating access denied for users that do not have appropriate rights.

But Part 2 is not normative and we should have a stronger statement in a normative part for this question. The text talks only about authorization but it makes no sense to send information to authorized users/applications but to use a unencryted channel.

TagsNo tags attached.
Commit Version
Fix Due Date

Relationships

related to 0006082 closedAlexander Allmendinger CTT UA Test Case Requirement to encrypt Audit events? 

Activities

Jim Luth

2019-12-11 23:12

administrator   ~0011336

Agreed to add the requirement for an encrypted channel to the Audit Event Profile.

Karl Deiretsbacher

2020-09-18 13:18

developer   ~0012944

Discussed in UA virtual F2F on 2020-09-17. Fixed v1.03 and v1.04 as follows:

Add the following conformance unit to auditing:
Auditing Secure Communication - Auditing requires support for an encrypted channel. A Server shall restrict the Audit Events that are provided over a non-encrypted channel. No Security related Audit Events shall be provided. Other Audit Events maybe filtered based on server configuration.

Jim Luth

2020-09-22 15:46

administrator   ~0012967

Agreed to text edited in telecon, including 1.03 and 1.04 database and Errata documents.

Issue History

Date Modified Username Field Change
2019-08-16 09:29 Matthias Damm New Issue
2019-11-26 17:14 Jim Luth Assigned To => Matthias Damm
2019-11-26 17:14 Jim Luth Status new => assigned
2019-12-11 23:11 Jim Luth Project 10000-004: Services => 10000-007: Profiles
2019-12-11 23:12 Jim Luth Note Added: 0011336
2019-12-11 23:13 Jim Luth Assigned To Matthias Damm => Paul Hunkar
2020-09-18 13:18 Karl Deiretsbacher Status assigned => resolved
2020-09-18 13:18 Karl Deiretsbacher Resolution open => fixed
2020-09-18 13:18 Karl Deiretsbacher Note Added: 0012944
2020-09-22 15:42 Jim Luth Issue cloned: 0006082
2020-09-22 15:42 Jim Luth Relationship added related to 0006082
2020-09-22 15:46 Jim Luth Status resolved => closed
2020-09-22 15:46 Jim Luth Fixed in Version => 1.04
2020-09-22 15:46 Jim Luth Note Added: 0012967