View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
0006082CTT UA Test Case4 - Test Case Definitionpublic2020-09-22 15:422022-08-29 17:52
ReporterJim Luth Assigned ToAlexander Allmendinger  
PrioritynormalSeverityminorReproducibilityhave not tried
Status closedResolutionfixed 
Fixed in Version1.03.09.500 
Summary0006082: Requirement to encrypt Audit events?
Description

I assume it would make sense to send Audit events only through encrypted channels. But I did not find anything in Part 4 (6.5 Auditing) or Part 5 (6.4.3 AuditEventType - 6.4.27).

The only related text is in OPC UA Part 2:
4.14 Auditing
4.14.1 General
In addition, the information in an audit record may contain sensitive or private information, thus the ability to subscribe for Audit Events is restricted to appropriate users and/or applications. As an alternative, the fields with sensitive or private information can instead contain an error code indicating access denied for users that do not have appropriate rights.

But Part 2 is not normative and we should have a stronger statement in a normative part for this question. The text talks only about authorization but it makes no sense to send information to authorized users/applications but to use a unencryted channel.

TagsNo tags attached.
Files Affected

Relationships

related to 0004960 closedPaul Hunkar 10000-007: Profiles Requirement to encrypt Audit events? 
related to 0008148 closedAlexander Allmendinger CTT UA Test Case Auditing Secure Communication test cases need to be added 

Activities

Jim Luth

2020-09-22 15:42

administrator   ~0012965

Agreed to add the requirement for an encrypted channel to the Audit Event Profile.

Karl Deiretsbacher

2020-09-22 15:42

reporter   ~0012966

Discussed in UA virtual F2F on 2020-09-17. Fixed v1.03 and v1.04 as follows:

Add the following conformance unit to auditing:
Auditing Secure Communication - Auditing requires support for an encrypted channel. A Server shall restrict the Audit Events that are provided over a non-encrypted channel. No Security related Audit Events shall be provided. Other Audit Events maybe filtered based on server configuration.

Paul Hunkar

2021-12-25 06:47

administrator   ~0015623

add test case for updated feature

Alexander Allmendinger

2022-08-03 16:18

developer   ~0017241

Added test cases for the Auditing Secure Communication CU which covers this requirement.

Paul Hunkar

2022-08-29 17:52

administrator   ~0017441

reviewed issue in call, agreed and closed

Issue History

Date Modified Username Field Change
2020-09-22 15:42 Jim Luth New Issue
2020-09-22 15:42 Jim Luth Issue generated from: 0004960
2020-09-22 15:42 Jim Luth Note Added: 0012965
2020-09-22 15:42 Jim Luth Note Added: 0012966
2020-09-22 15:42 Jim Luth Relationship added related to 0004960
2020-09-22 15:42 Jim Luth Project 10000-007: Profiles => Compliance Test Tool (CTT) Unified Architecture
2020-09-22 15:42 Jim Luth Category Spec => Api Change
2020-10-02 15:58 Paul Hunkar Assigned To => Alexander Allmendinger
2020-10-02 15:58 Paul Hunkar Status new => assigned
2021-12-25 06:47 Paul Hunkar Category Api Change => 4 - Test Case Definition
2021-12-25 06:47 Paul Hunkar Note Added: 0015623
2022-08-02 20:06 Paul Hunkar Project Compliance Test Tool (CTT) Unified Architecture => CTT UA Test Case
2022-08-03 16:18 Alexander Allmendinger Status assigned => resolved
2022-08-03 16:18 Alexander Allmendinger Resolution open => fixed
2022-08-03 16:18 Alexander Allmendinger Fixed in Version => 1.03.09.500
2022-08-03 16:18 Alexander Allmendinger Note Added: 0017241
2022-08-03 16:20 Alexander Allmendinger Relationship added related to 0008148
2022-08-29 17:52 Paul Hunkar Status resolved => closed
2022-08-29 17:52 Paul Hunkar Note Added: 0017441