Authentication security ensures that the interaction between an OPC client and the GagePort Mitutoyo OPC Server is legitimate. Authentication security for DCOM is an extension of the standard Windows operating system security, which itself is layered upon secured RPC (remote procedure call). Authentication poses the question "Is the OPC client who it says it is?" and "Is the OPC server who it says it is?" The user configures the level of authentication required which specifies how often this question is posed. Each more secure level places extra processing overhead on communications between the OPC client and the OPC server. A client and server negotiate to the highest level of authentication when the configured authentication levels differ.
For example, authentication can be required only at OPC client connection time to a server (level = connect). Once a client is connected (and is authorized to use the OPC Server), all interactions are performed without further authentication. As another example, authentication can be required at the packet level (level = Packet Privacy), with each packet being fully encrypted. The choice of the authentication level is dependent on the security policies of the user.
In a multi-node computing environment the security system on the computer node running the OPC server must be able to verify that the security ID of the OPC client is valid. In a domain environment, domain accounts must be validated. In peer-to-peer environments, matching local user accounts must be configured.
Authentication of an OPC client must be satisfied before authorization and activation permissions are checked. If a client cannot be authenticated, permission checking for the requested action is not performed.
About DCOM security. |