Clause 8specifies the OPC UA Information Modelfor a Security Key Service(SKS). The functionality and behaviour of an SKS is described in 5.4.4. It defines the distribution framework for cryptographic keys used for message security. A Publisheror Subscribercan pull the keys from the SKS or the SKS can push the keys to the Publisheror Suscriber. The sequences for pull and push are described in 5.4.4.3.

The SKS can be a network service used to manage keys for all Publishersand Subscribersor it can be part of a Publisherto manage the keys for the NetworkMessagessent by this Publisher.

Figure 36depicts the ObjectTypesand their components used to represent the SKS functionality in the PublishSubscribeObject.

image039.png

Figure 36– PublishSubscribe Object Types overview

The PublishSubscribe Objectis the root node for all PubSubrelated configuration Objects. It is an instance of thePubSubKeyServiceTypeor the PublishSubscribeTypeand a component of the Server Object.

The PubSubKeyServiceTypedefines the Methodfor pull access to security keys and the related management of SecurityGroups.This ObjectTypeis used for the PublishSubscribe Objectif only the Security Key Servicefunctionality is provided. If the PubSubconfiguration functionality is provided, the PublishSubscribeTypeis used instead.

A SecurityGroupmanages keys used for securing PubSub NetworkMessages. The SecurityGroupsare organized by the SecurityGroupFolderTypeand represented by instances of the SecurityGroupType.

A PubSubKeyPushTargetis a Serverto which the SKS should push keys. Each push target is related to a list of SecurityGroups.

The push targets are organized by the PubSubKeyPushTargetFolderTypeand represented by instances of the PubSubKeyPushTargetType. These instances are used by the SKSto push the security keys for related SecurityGroupsinto the Publisheror Subscriber.

The PublishSubscribeTypecontains the entry points for the PubSub configuration model defined in clause 9.