0006330: Handling of EndpointDescriptions for SecurityKeyServices - MantisBT

ID	Project	Category	View Status	Date Submitted	Last Update

0006330	10000-014: PubSub	Spec	public	2020-12-30 12:20	2021-09-21 15:59

Reporter	Matthias Damm	Assigned To	Matthias Damm
Priority	normal	Severity	minor	Reproducibility	have not tried
Status	closed	Resolution	fixed

Summary	0006330: Handling of EndpointDescriptions for SecurityKeyServices
Description	An OPC UA application can have different SecurityGroup configurations from several WriterGroups, ReaderGroups and DataSetReaders for the management of security keys that can be shared between several of these objects. Each SecurityGroup configuration consists of a SecurityGroupId and SecurityKeyServices (EndpointDescriptions array). Especially SecurityKeyServices can be big and there are typically a lot of duplicates In addition, the EndpointDescription contains a lot of information that can be omitted e.g. ServerCertificate. We need list of information that shall be removed e.g. ServerCertificate list of information that could be removed e.g. UserIdentityTokens enhanced override rules e.g. SecurityKeyServices on DataSetReader can be NULL if is identical to ReaderGroup even if the SecurityGroupId is overwritten. describe a option for minimal SecurityKeyServices e.g. only provide one null EndpointDescription that contains an ApplicationDescription with the DiscoveryUrls
Tags	No tags attached.

Commit Version
Fix Due Date

Matthias Damm 2021-03-04 15:25 developer ~0013946 Last edited: 2021-03-04 15:27	Agreement on defining reduced sets to be required (e.g. no Server Certificate) or to allow minimal like just DiscoveryUrl. The EndpointDescription is part of the WrtiterGroup configuration and this is sent in discovery messages. Therefore the size must be reduced.

Zbynek Zahradnik 2021-03-04 15:46 developer ~0013948	My current implementation currently uses from the EndpointDescriptions: DiscoveryUrl TransportProfileUri SecurityMode SecurityPolicyUri ServerCertificate ServerCertificate might allow, in some situations, connect directly without calling GetEndpoints first. So it is "kind of" good to have it available. Similarly with other fields - only the DiscoveryUrl is necessary, but they are useful. Shouldn't the solution allow all this information be present in the PubSub configuration (when accessed over client/server calls), but remove the unwanted parts only for the PubSub discovery messages?

Matthias Damm 2021-09-19 18:33 developer ~0014878	Added in OPC 10000-14 - UA Specification Part 14 - PubSub 1.05.0 Draft35.docx Added table to '6.2.4.4 SecurityKeyServices' (PubSubGroup) that defines the content of the EndpointDescription/ApplicationDescription This includes enhanced definition for ApplicationType to indicate PULL or PUSH key exchange. Added to '6.2.8.11 SecurityKeyServices' (DataSetReader) The parameter is only used to overwrite the SecurityKeyServices parameter of the ReaderGroup if the SKS is different for the DataSetReader

Jim Luth 2021-09-21 15:59 administrator ~0014895	Agreed to changes in Virtual F2F.

Date Modified	Username	Field	Change
2020-12-30 12:20	Matthias Damm	New Issue
2020-12-30 12:20	Matthias Damm	Relationship added	related to 0006328
2021-03-03 16:52	Matthias Damm	Assigned To	=> Matthias Damm
2021-03-03 16:52	Matthias Damm	Status	new => assigned
2021-03-04 15:25	Matthias Damm	Note Added: 0013946
2021-03-04 15:27	Matthias Damm	Note Edited: 0013946
2021-03-04 15:46	Zbynek Zahradnik	Note Added: 0013948
2021-09-19 18:20	Matthias Damm	Relationship added	related to 0007151
2021-09-19 18:33	Matthias Damm	Status	assigned => resolved
2021-09-19 18:33	Matthias Damm	Resolution	open => fixed
2021-09-19 18:33	Matthias Damm	Note Added: 0014878
2021-09-21 15:59	Jim Luth	Status	resolved => closed
2021-09-21 15:59	Jim Luth	Fixed in Version	=> 1.05
2021-09-21 15:59	Jim Luth	Note Added: 0014895