Authentication

Authentication ensures that the interaction between an OPC Classic client and the OPC Classic Server is legitimate.

Authentication security for DCOM is an extension of the standard Windows operating system security. Authentication poses the question "Is the OPC Classic client who it says it is?" and "Is the OPC Classic server who it says it is?" The user configures the level of authentication required which specifies how often this question is posed. The higher the level of authentication required, the greater the processing overhead on communications between the OPC Classic client and the OPC Classic server. A client and server negotiate to the highest level of authentication when the configured authentication levels differ.

For example, authentication can be required only at OPC Classic client connection time to a server (level = connect); once a client is connected (and is authorized to use the OPC Classic Server), all interactions are performed without further authentication. As another example, authentication can be required at the packet level (level = packet privacy), with each packet being fully encrypted. The choice of the authentication level is dependent on the security policies of the user.

In a multi-node computing environment, the security system on the computer node running the OPC Classic server must be able to verify that the security ID of the OPC Classic client is valid.
In a domain environment, domain accounts must be validated.
In peer-to-peer environments, matching local user accounts must be configured.

Authentication of an OPC Classic client must be satisfied before authorization and activation permissions are checked. If a client cannot be authenticated, permission checking for the requested action is not performed.