Hi,
I’m developing a product where I would like to keep the SecurityPolicy None disabled by default (as recommended in Part 2, chapter 4.7). To my understanding I still need to support a “Discovery endpoint” to allow clients performing the Discovery services GetEndpoints, FindServers and FindServersOnNetwork without security.
I have a couple of questions that I can’t sort out in the specifications:
- Shall the Discovery Endpoint be listed among the EndpointsDescriptions in the GetEndpoints response and in the CreateSession response?
- Shall the CreateSession request be denied when using the Discovery Endpoint or is it enough to deny the client to activate a session on the Discovery Endpoint?
05/30/2017
This feature is usually handled by the stack.
The typical implementation checks the security policy on the open secure channel request.
If the policy is None and None is not allowed a special securechannel is opened that will only allow the FindServers and GetEndpoints requests and returns BadSecurityPolicyRejected for other request types.
The application layer would never receive notifications that a CreateSession request was received.
See:
https://github.com/OPCFoundati…..Channel.cs
Search for “DiscoveryOnly”.
1 Guest(s)