View Issue Details

Jump to NotesJump to History
IDProjectCategoryView StatusDate SubmittedLast Update
000865210000-007: ProfilesSpecpublic2023-01-25 14:562023-09-08 10:53
ReporterGreg Majcher Assigned ToPaul Hunkar  
PrioritynormalSeveritymajorReproducibilityalways
Status closedResolutionduplicate 
Fixed in Version1.05.03 
Summary0008652: Username/Password support mandated by UAFX Controller Server Profile
Description

The OPC UA FX Security Requirements Group and Architecture Technical Working Group agreed that username/password support should be optional for OPC UA FX Controllers or Devices (rather certificates are the "preferred" method for authentication). However, the UAFX Controller Server Profile currently includes User Access Control Full, which includes User Access Control Base, which makes "Security User Name Password 2" required.

Steps To Reproduce

Check the Profiles tool.

Additional Information

There is likely more than one way to solve this, but either the existing profile for User Access Control will need to be updated (which might have effects to other, non UAFX profiles) or a new User Access Control Profile will need to be created specifically for UAFX.

TagsNo tags attached.
Commit Version1.05.03
Fix Due Date

Relationships

related to 0008632 closedGreg Majcher Part 84: UAFX Profiles Username/Password support mandated by UAFX Controller Server Profile 
has duplicate 0009112 closedPaul Hunkar 10000-007: Profiles Security User Access Control Base facet needs an update 

Activities

Greg Majcher

2023-01-25 14:57

reporter   ~0018577

This is a flaw in v1.05 security logic. Username Password should have been optional.

Paul Hunkar

2023-01-25 15:00

developer   ~0018578

In general the facet that UAFX included by description talks about requiring the User access control items in nodes. it should not be requiring how users are authenticated - furthermore it maybe better to be rename to access control (since it is not really user, but roles ad other items)

Paul Hunkar

2023-08-24 18:50

developer   ~0019921

reworded CU to ensure User name password can be disabled by an administrator, like all of the other User authorization.
added ConformanceUnit indicating that one of the list optional User authorization has to be supported
Created a 2023 version of the Facet that makes username password optional
create a 2023 version of the two parent Facets

Issue History

Date Modified Username Field Change
2023-01-25 14:56 Greg Majcher New Issue
2023-01-25 14:56 Greg Majcher Issue generated from: 0008632
2023-01-25 14:56 Greg Majcher Relationship added related to 0008632
2023-01-25 14:56 Greg Majcher Project Part 84: UAFX Profiles => 10000-007: Profiles
2023-01-25 14:57 Greg Majcher Note Added: 0018577
2023-01-25 15:00 Paul Hunkar Note Added: 0018578
2023-04-18 15:59 Jim Luth Assigned To => Paul Hunkar
2023-04-18 15:59 Jim Luth Status new => assigned
2023-08-22 15:23 Jim Luth Relationship added related to 0009112
2023-08-24 16:38 Paul Hunkar Relationship replaced has duplicate 0009112
2023-08-24 18:50 Paul Hunkar Status assigned => resolved
2023-08-24 18:50 Paul Hunkar Resolution open => fixed
2023-08-24 18:50 Paul Hunkar Fixed in Version => 1.05.03
2023-08-24 18:50 Paul Hunkar Note Added: 0019921
2023-09-08 10:53 Jim Luth Resolution fixed => duplicate
2023-09-08 10:53 Jim Luth Status resolved => closed
2023-09-08 10:53 Jim Luth Commit Version => 1.05.03