Security is an important aspect in industrial automation environments. Access to machines and devices within a factory or other automation environment should be controlled to avoid unauthorized or inappropriate interactions with the machines and devices by persons lacking proper training, authority, or credentials. In addition, operations on machines and devices should be strictly controlled to provide various levels of permissions to different persons having disparate roles with the industrial automation environment. To implement the aforementioned security features, an operator, when accessing a machine or device in the industrial automation environment, can supply credentials specifying an identity of the operator. The machine or device, once the credentials are validated, can grant rights to the operator and enable access to features based upon permissions associated with the operator.
Commonly, industrial automation environments employ proprietary security solutions within the environment. The proprietary security solutions may not interoperate or trust foreign security domains. Without interoperation, the industrial automation environment resides on a security island.
In other areas, such as web services, a set of standard security-related specifications have emerged. For web services, in particular, the Organization for the Advancement of Structured Information Standards (OASIS) has promulgated a variety of specifications, such as WS-Security, WS-Trust, SAML, etc., that relate to implementing security features (e.g., authentication, trust building) between loosely coupled systems. More particularly, WS-Security is a specification that provides a basic framework for message level security in web services. WS-Trust extends WS-Security and provides a framework to establish or broker trust among disparate security domains. SAML (Security Assertion Markup Language) is an XML-based standard for representing security claims or assertions. The aforementioned standards are intended for use by enterprise level systems (e.g., large web servers, powerful general purpose computers, etc.) as they rely upon Internet-based technologies, such as HTTP, SOAP, XML, etc. Such Internet-based technologies, however, require tremendous resources, and, as such, do not scale to small embedded systems having limited processing capabilities, limited memory, etc.