The following guidelines are important to remember when dealing with a GDS:
- It is important that Servers register with the Discovery Server they are configured to register with and that Servers do not blindly register with a GDS that it has not been configured to register with. Servers have to be aware that a Discovery Server might be a rogue Server.
- A Server registers all endpoints that it provides, ensuring that the list provided by the Discovery Server and the Server match. This ensures that Clients can determine if the Discovery Server provided valid information.
- Clients should be aware of rogue Discovery Servers that might direct them to rogue Servers. Clients can use the SSL/TLS server certificate (if available) to verify that the Discovery Server is a Server that they trust and/or ensure that they trust any Server provided by the Discovery Server.
- As described in OPC 10000-4, Clients always verify that they trusts the Server certificate and that the EndpointUrl matches the HostNames specified in the certificate before it creates a Session with a Server. After it creates a Session it looks at the EndpointDescriptions returned by the Server and verifies that it used the best security possible and that the Server’s Certificate matches the one that the Client used to connect. The EndpointDescription provided by the Server includes a relative SecurityLevel that is used to determine if the most secure endpoint was used.