From fe599b2eac030f82a1436623acca588d9c247e20 Mon Sep 17 00:00:00 2001
From: Adam Lock <locka99@gmail.com>
Date: Tue, 12 Mar 2019 22:58:22 +0000
Subject: [PATCH] Change some documentation about identity tokens.

---
 CHANGELOG.md          | 4 +++-
 docs/compatibility.md | 7 +++++--
 2 files changed, 8 insertions(+), 3 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7923dffd8..e5431eb97 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -130,7 +130,8 @@ Planned future work is listed at the bottom.
   
   - Session restore after disconnect in server. The server has to stash sessions that were 
     abnormally disconnected so the session state can be restored if a new connection provides the token.
-  - X509 certs as user authentication tokens 
+  - UserNameIdentityToken wit encrypted password support. Plaintext password is already supported
+  - X509IdentityToken support 
   - Integration tests are broken and need to be fixed
   - More control over limits on the server - number of subscriptions, monitored items, sessions
   
@@ -138,6 +139,7 @@ Planned future work is listed at the bottom.
   
 ASPIRATIONAL - a short list of things that would be nice to implement in the future
 
+  - User-level permission model, i.e. ability to limit access to address space based on identity
   - Replace more OpenSSL with `ring` equivalent functions. Ring doesn't do X509 so code is still
     dependent on OpenSSL until a drop-in replacement appears - need something which can generate, read and write X509
     certs, private keys and their corresponding .der, .pem file formats.
diff --git a/docs/compatibility.md b/docs/compatibility.md
index a53a49612..056ee31cf 100644
--- a/docs/compatibility.md
+++ b/docs/compatibility.md
@@ -105,11 +105,14 @@ The following security policies are supported - None, Basic128Rsa15, Basic256, B
 
 The server and client support the following user identities
 
-1. Anonymous/None, i.e. no authentication
-2. User/password - plaintext password only
+1. Anonymous - i.e. no identity
+2. UserName - plaintext password only, i.e. the encryption algorithm field supplied with the identity token must be a 
+   null string.
 
 User/pass identities are defined by configuration
 
+X509 and UserName with encrypted passwords are intended for a future release.
+
 ## Crypto
 
 OPC UA for Rust uses cryptographic algorithms for signing, verifying, encrypting and decrypting data. In addition