OPC Security Specification: Protecting sensitive information

OPC Security specification is defined by OPC Foundation to protect sensitive information from unauthorized access.
The main goal of this entry is to introduce the basic security concepts as well as describing how the security is implemented on both OPC Server and OPC Client levels to ensure secure communication.

1. What means «Authentication»?
It’s the process of controlling the eligibility of a user to access an object.

2. What means «Authorization»?
It’s the process of determining what types of activities are permitted to a given user.

3. What is the relationship between «Authentication» and «Authorization»?
We introduce the authorization in the context of authentication. In fact, once the user is authenticated, he may be authorized to different types of access or activities.

4. What is the goal of the OPC Security specification?
This specification focuses on the client identification that consists in the exchange of trusted credentials to be used by the OPC Server for access authorization decisions. It does not address which objects to be secured. It leaves this matter to the OPC Server implementers.

5. What are the possible OPC Server security levels?
There are three security levels that can be implemented by an OPC Server:

- Disabled Security: No security is applied in this case. Launch and Access permissions to the OPC Server are given to everyone (for client to server communication), and Access permissions for clients are set to everyone (for server to client communication).
No control of the access to any vendor specific secured object is applied by the OPC Server.

In this case, an OPC Client without any security implementation can connect to the OPC Server.

- DCOM Security: Only NT DCOM security is applied in this case. Launch and Access permissions to the OPC Server are limited to selected clients, as are the Access permissions for client applications.
No access control of any vendor specific secured object is applied by the OPC Server.

In this case, an OPC Client without any security implementation can connect to the OPC Server.

- OPC Security: In this case, the OPC Server provides a control of the access to vendor specific security objects that are exposed by the OPC Server. An OPC Server may implement OPC Security in addition to DCOM Security, or implement OPC Security alone.

In this case, and according to the security model implemented by the OPC Server:
- For the NT credential security model, an OPC Client without any security implementation can connect to the OPC Server.
- For the private credential security model, an OPC Client without any security implementation can connect to the OPC Server but will receive access denied when trying to access to any secured objects.

6. What are the possible security modes that can be implemented by an OPC Server?
The principal security mode that should be implemented by an OPC Server is the NT security (handled by IOPCSecurityNT interface) mode where the security is based on the access authorization of the NT Access Token associated with the client application. This approach allows security to be transparent to client applications and ensure the portability of the client applications (There is no special action in the OPC Server side).
However there are some situations where this mode cannot be used such as:
- The machine hosting the OPC Server does not support an NT operating system such Windows CE and UNIX
- The machine hosting the OPC Client does not support the NT Access Token
- The machines hosting the OPC Server and the OPC Client are outside the context of an NT Domain.

To address such situations, the OPC Server can implement the private credential security mode (handled by the IOPCSecurityPrivate interface).

If you have questions not shown in the list above, please do not hesitate to send them to my email: hassen.kouki@gmail.com. I will be more than happy to answer you within hours.