OPC 10000-21: UA Part 21: Device Onboarding
Released 1.05.04
2024-11-29
This document is subject to the license terms described here.
The general OPC Foundation specification license agreement also applies and can be found here.
This document is a copy of the original which can be found here.
This document defines nodes in the following nodesets:
1 Scope
2 Normative references
3 Terms, definitions, and conventions
3.1 Terms and definitions
3.1.1 Application
3.1.2 ApplicationUri
3.1.3 Composite
3.1.4 CompositeBuilder
3.1.5 CompositeInstanceUri
3.1.6 DCA Client
3.1.7 DCA Server
3.1.8 Device
3.1.9 Device Configuration Application (DCA)
3.1.10 DeviceIdentity Certificate
3.1.11 Distributor
3.1.12 Manufacturer
3.1.13 OwnerOperator
3.1.14 Privilege
3.1.15 ProductInstanceUri
3.1.16 Registrar
3.1.17 SystemIntegrator
3.1.18 SecureElement
3.1.19 Ticket
3.2 Abbreviations and symbols
4 Onboarding Model
4.1 Device Lifecycle
4.2 Concepts
4.2.1 Secure Elements
4.2.2 Firmware and Applications
4.2.3 Transfer of Physical Control
4.2.4 Trust on First Use (TOFU)
4.2.5 SoftwareUpdateManager
4.2.6 Roles and Privileges
4.3 Device Workflows
4.3.1 Distribution
4.3.2 Onboarding
4.3.3 Application Setup
4.3.4 Configuration
4.3.5 Operation
4.3.6 Decommissioning
5 Identities
5.1 Device Identity
5.2 ProductInstanceUri
5.3 Composite Identity
6 Ticket Semantics
6.1 Tickets
6.2 Ticket Distribution
6.3 Authentication
6.4 Acquiring and Validating Tickets
7 Device Authentication
7.1 Overview
7.2 Pull Management
7.3 Push Management
7.4 Alternate Authentication Models
7.4.1 Overview
7.4.2 FDO
7.4.2.1 Overview
7.4.2.2 Integration with the Registrar
8 Ticket Syntax
8.1 Signed Ticket Encoding
8.2 Ticket Types
8.2.1 EncodedTicket
8.2.2 BaseTicketType
8.2.3 DeviceIdentityTicketType
8.2.4 CompositeIdentityTicketType
8.2.5 TicketListType
8.2.6 CertificateAuthorityType
9 Information Model
9.1 Overview
9.2 Registrar
9.2.1 Overview
9.2.2 DeviceRegistrarType
9.2.3 ProvideIdentities
9.2.4 UpdateSoftwareStatus
9.2.5 RegisterDeviceEndpoint
9.2.6 GetManagers
9.2.7 ManagerDescription
9.2.8 RegisterManagedApplication
9.2.9 DeviceRegistrar
9.2.10 DeviceRegistrarAdminType
9.2.11 RegisterTickets
9.2.12 UnregisterTickets
9.2.13 DeviceRegistrationAuditEventType
9.2.14 DeviceIdentityAcceptedAuditEventType
9.2.15 DeviceSoftwareUpdatedAuditEventType
9.3 Device Configuration Application (DCA)
9.3.1 Overview
9.3.2 ProvisionableDevice
9.3.3 ProvisionableDeviceType
9.3.4 RequestTickets
9.3.5 SetRegistrarEndpoints
10 Namespaces
10.1 Namespace Metadata
10.2 Handling of OPC UA Namespaces
Annex A (normative)Namespaces and Identifiers
A.1 Namespace and Identifiers for the Onboarding Information Model