I am trying to test OPC client for Discovery services. Where there is one test case which says -
TestCase: GetEndpoints: Response includes at least one endpoint where userIdentityTokens.tokenType is ISSUEDTOKEN_3 but userIdentityTokens.issuedtokenType is empty.
Expected: Client logs and/or displays an error to the end-user about misbehaving server and does not use the endpoint for a connection. The endpoint is not displayed or is displayed while being identified in error state.
Since we haven't added support for IssuedIdentityToken, the above mentioned test case is not applicable for certification.
But, after reading the above test case, there is a question in my mind, since we have added support for securing our client by Certificates,
1. Is it necessary to implement X509IdentityToken feature ?
2. Will not implementing this feature impact security of an OPC client ?
3. Is it necessary to have support for all 4 types of UserIdentityTokens ?
FYI: We are using opc-stack-1.4.1.jar & simulation servers for testing our client.
Thank you Randy.
I understood about IssuedIdentityTokens. But, still didn't understand about X509IdentityToken ? Isn't this X509 in X509IdentityToken is related to X.509 Certificate ?
Currently, there is no way in our client to connect Smart Cards. Could you please elaborate this in more details ?
Many organizations issue X509 certificates to their users. In some cases, the private key for the X509 is stored on a smart card but it is not a requirement. As a server developer you may not be in control how the factory owner manages user credentials. For that reason, supporting X509 user identity tokens are a good idea.