Argument

Description

SecurityGroupId

The identifier for the SecurityGroup.

SecurityPolicyUri

The URI for the set of algorithms and key lengths used to secure the messages. The SecurityPolicies are defined in OPC 10000-7.

CurrentTokenId

The SecurityTokenId that appears in the header of messages secured with the CurrentKey. It starts at 1 and is incremented by 1 each time the KeyLifetime elapses even if no keys are requested. If the CurrentTokenId increments past the maximum value of UInt32 it restarts a 1.

If the PubSub Object has key material from previous SetSecurityKeys Method calls, the CurrentTokenId is used to match the existing list with the fetched list and to eliminate duplicates.

If the CurrentTokenId is unknown, the existing list shall be discarded and replaced.

CurrentKey

The current key used to secure the messages. This key is not used directly since the protocol associated with the PubSubGroup(s) specifies an algorithm to generate distinct keys for different types of cryptography operations.

FutureKeys

An ordered list of future keys that are used when the KeyLifetime elapses. The SecurityTokenId associated with the first key in the list is 1 more than the CurrentTokenId. All following keys have a SecurityTokenId that is incremented by 1 for every key returned.

TimeToNextKey

The time, in milliseconds, before the CurrentKey is expected to expire.

If a Publisher uses this Method to get the keys from a SKS, the TimeToNextKey and KeyLifetime are used to calculate the time the Publisher shall use the next key. The TimeToNextKey defines the time when to switch from CurrentKey to FutureKeys and the KeyLifetime defines when to switch from one future key to the next future key.

For a Subscriber the TimeToNextKey and KeyLifetime are used to calculate the time the Subscriber must expect that the Publishers use the next key. Due to network latency, out of order delivery and the use of keys for several Publishers, a Subscriber must expect some overlap time where NetworkMessages are received that are using the previous or the next key.

TimeToNextKey and KeyLifetime are also used to calculate the time until Publisher and Subscriber must fetch new keys.

KeyLifetime

The lifetime of a key in milliseconds.

The returned keys may expire earlier if the keys are discarded for some reason. An unplanned key rotation is indicated in the NetworkMessage header before the next key is used to give the Subscriber some time to fetch new keys.

If the CurrentTokenId in the message is not recognized the receiver shall call this Method again to get new keys.

ResultCode

Description

Bad_NotFound

The SecurityGroupId is unknown.

Bad_UserAccessDenied

The caller is not allowed to set the keys for the SecurityGroup.

Bad_SecurityModeInsufficient

The communication channel is not using encryption.

Argument

Description

Configuration

Configuration parameters for the PubSubConnection. The parameters and the PubSubConnectionDataType are defined in 6.2.6.

ConnectionId

The NodeId of the new connection.

ResultCode

Description

Bad_InvalidArgument

The Server is not able to apply the name. The name may be too long or may contain invalid character.

Bad_BrowseNameDuplicated

An Object with the name already exists.

Bad_ResourceUnavailable

The Server has not enough resources to add the PubSubConnection Object.

Bad_UserAccessDenied

The Session user is not allowed to create a PubSubConnection Object.

Argument

Description

ConnectionId

NodeId of the PubSubConnection Object to remove from the Server

ResultCode

Description

Bad_NodeIdUnknown

The ConnectionId is unknown.

Bad_UserAccessDenied

The Session user is not allowed to delete the PubSubConnection Object.