View Issue Details

IDProjectCategoryView StatusLast Update
000895810000-006: MappingsSpecpublic2023-08-01 16:01
ReporterBernd Edlinger Assigned To 
PrioritynormalSeverityminorReproducibilityhave not tried
Status acknowledgedResolutionopen 
Summary0008958: An idea how to compress the GetEndpointsResponse
Description

This is my idea how to save space in the GetEndpointsResponse:
The majority of the space in the EndpointDescription Array in the response
is due to the repeated server certificates.

So the idea is that new security profiles shall get an attribute that allows the
server to strip ServerCertificate field on any EndpointDescription in the array when
it is binary equal to the previous ServerCertificate field in the array and the
SecurityMode is not OpcUa_MessageSecurityMode_None, because only No-security
might possibly work without any certificate and that omission might therefore be
intentional.

The server shall do this only for known security profiles that are issued after 2023,
while the client supporting any security profiles that were issued after 2023
shall do this also for unknown security policies, for upward/downward compatibility
reasons.

The CreateSessionResponse is not affected by this since Part 4 specifies that the
ServerCertificate field may always be stripped:
"It is recommended that Servers only include the server.applicationUri, endpointUrl,
securityMode, securityPolicyUri, userIdentityTokens, transportProfileUri and securityLevel
with all other parameters set to null or empty."

TagsNo tags attached.
Commit Version
Fix Due Date

Activities

Bernd Edlinger

2023-05-15 05:39

reporter   ~0019369

Last edited: 2023-05-15 06:00

If we want, we can also compress other values like e.g. UserIdentityTokens,
by the following additional rule:
If the UserIdentityTokens is identical to the previous UserIdentityTokens,
and the ServerCertificate was removed by the previous rule, then the
UserIdentityTokens array may be set to NULL or empty array.
However, in the unlikely case that the previous UserIdentityTokens is
non-empty and the current UserIdentityTokens is empty, this would
create ambiguity, and therefore the whole compression step including
removing the ServerCertificate shall not be done.
On the receiving side, only when the encoded ServerCertificate was
empty and the SecurityMode is not OpcUa_MessageSecurityMode_None
then an empty UserIdentityTokens means we have to re-use the previous
UserIdentityTokens value.

Bernd Edlinger

2023-05-16 06:15

reporter   ~0019373

Last edited: 2023-05-16 06:15

We could even extend this algorithm to compress all variable length fields in the
EndpointDescription structure and in the ApplicationDescription structure as well.
So all of EndpointUrl, Server.ApplicationUri, Server.ProductUri, Server.ApplicationName,
Server.GatewayServerUri, Server.DiscoveryServerUri, Server.DiscoveryUrls will usually always be the same,
so can be safely set to NULL.
And even the fields SecurityPolicyUri and TransportProfileUri may be compressed this way.

Note: while it is tempting to do the same in the ServerEndpoints field of the CreateSessionResponse,
it is probably better to stick to the compression that was suggested in part 4.

Issue History

Date Modified Username Field Change
2023-05-12 07:52 Bernd Edlinger New Issue
2023-05-15 05:39 Bernd Edlinger Note Added: 0019369
2023-05-15 05:40 Bernd Edlinger Description Updated
2023-05-15 05:49 Bernd Edlinger Note Edited: 0019369
2023-05-15 06:00 Bernd Edlinger Note Edited: 0019369
2023-05-16 06:15 Bernd Edlinger Note Added: 0019373
2023-05-16 06:15 Bernd Edlinger Note Edited: 0019373
2023-05-17 15:37 Randy Armstrong Project UA Specification => 10000-006: Mappings
2023-06-06 15:27 Jim Luth Assigned To => Randy Armstrong
2023-06-06 15:27 Jim Luth Status new => assigned
2023-08-01 16:01 Jim Luth Assigned To Randy Armstrong =>
2023-08-01 16:01 Jim Luth Status assigned => acknowledged