OPC UA Applicationssupport Authenticationof the entities with which they are communicating. As specified in the GetEndpointsand OpenSecureChannelservices in OPC 10000-4, OPC UA Clientand Serverapplications identify and authenticate themselves with X.509 v3 Certificatesand associated private keys (see [X509]). Some choices of the communication stack require these Certificates to represent the machine or user instead of the application.

For publish subscribe communications Client Servercommunications is required to obtain the shared keys from a Security Key Service(SKS). Although the application authentication is not directly between the Subscriber and the Publisher, the SKS ensures that only authenticated applications can obtain the keys used by the Publisherand Subscriber.