OPC 10000-12: UA Part 12: Discovery and Global Services
Released 1.05.04
2024-11-29
This document is subject to the license terms described here.
The general OPC Foundation specification license agreement also applies and can be found here.
This document is a copy of the original which can be found here.
This document defines nodes in the following nodesets:
1 Scope
2 Normative references
3 Terms, definitions, and conventions
3.1 Terms and definitions
3.1.1 CertificateManager
3.1.2 CertificateGroup
3.1.3 CertificateRequest
3.1.4 ClientUrl
3.1.5 DirectoryService
3.1.6 DiscoveryServer
3.1.7 DiscoveryUrl
3.1.8 GlobalDiscoveryServer (GDS)
3.1.9 GlobalService
3.1.10 IPAddress
3.1.11 KeyCredential
3.1.12 KeyCredentialService
3.1.13 LocalDiscoveryServer (LDS)
3.1.14 LocalDiscoveryServer-ME (LDS-ME)
3.1.15 MulticastExtension
3.1.16 MulticastSubnet
3.1.17 Privilege
3.1.18 PullManagement
3.1.19 PushManagement
3.1.20 ServerCapabilityIdentifier
3.2 Abbreviations and symbols
4 The Discovery Process
4.1 Overview
4.2 Registration and Announcement of Applications
4.2.1 Overview
4.2.2 Hosts with a LocalDiscoveryServer
4.2.3 Hosts without a LocalDiscoveryServer
4.3 The Discovery Process for Clients to Find Servers
4.3.1 Overview
4.3.2 Simple Discovery with a DiscoveryUrl
4.3.3 Local Discovery
4.3.4 MulticastSubnet Discovery
4.3.5 Global Discovery
4.3.6 Combined Discovery Process for Clients
4.4 The Discovery Process for Reverse Connections
4.4.1 Overview
4.4.2 Out-of-band Discovery
4.4.3 Global Discovery for Reverse Connections
5 Local Discovery Server
5.1 Overview
5.2 Security Considerations for Multicast DNS
5.3 Network Architectures
5.3.1 Overview
5.3.2 Single MulticastSubnet
5.3.3 Multiple MulticastSubnet
5.3.4 No MulticastSubnet
5.3.5 Domain Names and MulticastSubnets
6 Global Discovery Server
6.1 Overview
6.2 Roles and Privileges
6.3 Client connections to global services
6.4 Local Discovery
6.5 Application Registration Workflow
6.6 Information Model
6.6.1 Overview
6.6.2 Directory
6.6.3 DirectoryType
6.6.4 FindApplications
6.6.5 ApplicationRecordDataType
6.6.6 RegisterApplication
6.6.7 UpdateApplication
6.6.8 UnregisterApplication
6.6.9 GetApplication
6.6.10 QueryApplications
6.6.11 QueryServers (deprecated)
6.6.12 ApplicationRegistrationChangedAuditEventType
7 Certificate Management
7.1 Overview
7.2 Roles and Privileges
7.3 Pull Management
7.4 Push Management
7.5 Application Setup
7.6 Pull Management Workflow
7.7 Push Management Workflow
7.8 Common Information Model
7.8.1 Overview
7.8.2 TrustLists
7.8.2.1 TrustListType
7.8.2.2 OpenWithMasks
7.8.2.3 CloseAndUpdate
7.8.2.4 AddCertificate
7.8.2.5 RemoveCertificate
7.8.2.6 TrustListDataType
7.8.2.7 TrustListMasks
7.8.2.8 TrustListValidationOptions
7.8.2.9 TrustListOutOfDateAlarmType
7.8.2.10 TrustListUpdateRequestedAuditEventType
7.8.2.11 TrustListUpdatedAuditEventType
7.8.3 CertificateGroups
7.8.3.1 CertificateGroupType
7.8.3.2 GetRejectedList
7.8.3.3 CertificateGroupFolderType
7.8.4 CertificateTypes
7.8.4.1 CertificateType
7.8.4.2 ApplicationCertificateType
7.8.4.3 HttpsCertificateType
7.8.4.4 RsaMinApplicationCertificateType
7.8.4.5 RsaSha256ApplicationCertificateType
7.8.4.6 EccApplicationCertificateType
7.8.4.7 EccNistP256ApplicationCertificateType
7.8.4.8 EccNistP384ApplicationCertificateType
7.8.4.9 EccBrainpoolP256r1ApplicationCertificateType
7.8.4.10 EccBrainpoolP384r1ApplicationCertificateType
7.8.4.11 EccCurve25519ApplicationCertificateType
7.8.4.12 EccCurve448ApplicationCertificateType
7.9 Information Model for Pull Certificate Management
7.9.1 Overview
7.9.2 CertificateDirectoryType
7.9.3 StartSigningRequest
7.9.4 StartNewKeyPairRequest
7.9.5 FinishRequest
7.9.6 RevokeCertificate
7.9.7 GetCertificateGroups
7.9.8 GetCertificates
7.9.9 GetTrustList
7.9.10 GetCertificateStatus
7.9.11 CheckRevocationStatus
7.9.12 CertificateRequestedAuditEventType
7.9.13 CertificateDeliveredAuditEventType
7.10 Information Model for Push Certificate Management
7.10.1 Overview
7.10.2 Transaction Lifecycle
7.10.3 ServerConfiguration
7.10.4 ServerConfigurationType
7.10.5 UpdateCertificate
7.10.6 GetCertificates
7.10.7 ApplyChanges
7.10.8 CreateSigningRequest
7.10.9 CancelChanges
7.10.10 GetRejectedList
7.10.11 ResetToServerDefaults
7.10.12 ApplicationConfigurationType
7.10.13 ApplicationConfigurationFolderType
7.10.14 ManagedApplications
7.10.15 TransactionDiagnosticsType
7.10.16 TransactionErrorType
7.10.17 CertificateUpdateRequestedAuditEventType
7.10.18 CertificateUpdatedAuditEventType
8 KeyCredentialManagement
8.1 Overview
8.2 Roles and Privileges
8.3 Pull Management
8.4 Push Management
8.5 Information Model for Pull Management
8.5.1 Overview
8.5.2 KeyCredentialManagementFolderType
8.5.3 KeyCredentialManagement
8.5.4 KeyCredentialServiceType
8.5.5 StartRequest
8.5.6 FinishRequest
8.5.7 Revoke
8.5.8 KeyCredentialAuditEventType
8.5.9 KeyCredentialRequestedAuditEventType
8.5.10 KeyCredentialDeliveredAuditEventType
8.5.11 KeyCredentialRevokedAuditEventType
8.6 Information Model for Push Management
8.6.1 Overview
8.6.2 KeyCredentialConfigurationFolderType
8.6.3 CreateCredential
8.6.4 KeyCredentialConfiguration
8.6.5 KeyCredentialConfigurationType
8.6.6 GetEncryptingKey
8.6.7 UpdateCredential
8.6.8 DeleteCredential
8.6.9 KeyCredentialUpdatedAuditEventType
8.6.10 KeyCredentialDeletedAuditEventType
9 AuthorizationServices
9.1 Overview
9.2 Roles and Privileges
9.3 Implicit
9.4 Explicit
9.5 Chained
9.6 Information Model for Requesting Access Tokens
9.6.1 Overview
9.6.2 AuthorizationServicesFolderType
9.6.3 AuthorizationServices
9.6.4 AuthorizationServiceType
9.6.5 RequestAccessToken
9.6.6 GetServiceDescription
9.6.7 AccessTokenIssuedAuditEventType
9.7 Information Model for Configuring Servers
9.7.1 Overview
9.7.2 AuthorizationServiceConfigurationFolderType
9.7.3 AuthorizationServices
9.7.4 AuthorizationServiceConfigurationType
10 Namespaces
10.1 Namespace Metadata
10.2 Handling of OPC UA Namespaces
Annex A (informative)Deployment and Configuration
A.1 Firewalls and Discovery
A.2 Resolving References to Remote Servers
Annex B (normative)NodeSet and Constants
B.1 NodeSet
B.2 Numeric Node Ids
Annex C (normative)OPC UA Mapping to mDNS
C.1 DNS Server (SRV) Record Syntax
C.2 DNS Text (TXT) Record Syntax
C.3 DiscoveryUrl Mapping
Annex D (normative)Server Capability Identifiers
Annex E (normative)DirectoryServices
E.1 Global Discovery via Other DirectoryServices
E.2 UDDI
E.3 LDAP
Annex F (normative)Local Discovery Server
F.1 Certificate Store Directory Layout
F.2 Installation Directories on Windows
Annex G (normative)Application Setup
G.1 Application Setup with PullManagement
G.2 Application setup with the PushManagement
G.3 Setting Permissions
Annex H (informative) Comparison with RFC 7030
H.1 Overview
H.2 Obtaining CA Certificates
H.3 Initial Enrolment
H.4 Client Certificate Reissuance
H.5 Server Key Generation
H.6 Certificate Signing Request (CSR) Attributes Request