Errata exists for this version of the document.

The Global Discovery Server (GDS) is a special OPC UA Server that provides Discovery services for a plant or entire system. In addition it can provide certificate management functionality (See OPC 10000-12)

There are multiple methods of accessing a GDS:

1. Servers can register with the Discovery Server
2. Clients can query the GDS for available Servers
3. Clients can pull certificates from the GDS
4. Servers can pull certificates from the GDS
5. The GDS can push certificates to a Server
6. The GDS can access other discovery Servers to build a list of available Servers.

Several types of threats need to be discussed with regard to the available access methods:

1. Threats where a rogue GDS is in a system.
2. Threats against the GDS, including the presence of rogue Clients or Servers
3. Threats against the certificate management functionality provided by a GDS.