The web services are fully integrated into the standard DeltaV security system. All web service interactions with the underlying DeltaV control systems occur under an authenticated user account and are checked against any applicable DeltaV security function keys and locks using the username and password arguments. All passwords are encrypted and are passed using secure means.
The web services impersonate the caller of any of its web methods and therefore ensures that it is this caller's identity against which all Operating System-level security checks are authenticated. For this reason, any web service client application must run as a valid and known Windows account from the perspective of the DeltaV node hosting the service.
At the same time, some web methods (in Campaign Manager) take a confirmer name and password. The confirmer's account is checked against the DeltaV security function locks. For example to modify a campaign, the DeltaV Campaign Manager enforces that the confirmer account has the CAMPAIGN_MODIFY function key in the DeltaV security system. First, the Campaign Manager node authenticates the confirmer name and password to ensure it is a valid account and if so, ensures that the user has the appropriate key for the DeltaV security function lock. The node performs the requested operation only after both of these checks have passed.
The web services support both Basic authentication and Integrated Windows authentication. If Integrated Windows authentication is used Impersonation must be enabled to ensure communication.