OPC 10000-12: UA Part 12: Discovery and Global Services


Released 1.05.02

2022-11-01

This document is subject to the license terms described here.

The general OPC Foundation specification license agreement also applies and can be found here.

This document is a copy of the original which can be found here.


1 Scope 2 Normative references 3 Terms, definitions, and conventions 3.1 Terms and definitions 3.1.1 CertificateManager 3.1.2 CertificateGroup 3.1.3 CertificateRequest 3.1.4 ClientUrl 3.1.5 DirectoryService 3.1.6 DiscoveryServer 3.1.7 DiscoveryUrl 3.1.8 GlobalDiscoveryServer (GDS) 3.1.9 GlobalService 3.1.10 IPAddress 3.1.11 KeyCredential 3.1.12 KeyCredentialService 3.1.13 LocalDiscoveryServer (LDS) 3.1.14 LocalDiscoveryServer-ME (LDS-ME) 3.1.15 MulticastExtension 3.1.16 MulticastSubnet 3.1.17 Privilege 3.1.18 PullManagement 3.1.19 PushManagement 3.1.20 ServerCapabilityIdentifier 3.2 Abbreviations and symbols 4 The Discovery Process 4.1 Overview 4.2 Registration and Announcement of Applications 4.2.1 Overview 4.2.2 Hosts with a LocalDiscoveryServer 4.2.3 Hosts without a LocalDiscoveryServer 4.3 The Discovery Process for Clients to Find Servers 4.3.1 Overview 4.3.2 Simple Discovery with a DiscoveryUrl 4.3.3 Local Discovery 4.3.4 MulticastSubnet Discovery 4.3.5 Global Discovery 4.3.6 Combined Discovery Process for Clients 4.4 The Discovery Process for Reverse Connections 4.4.1 Overview 4.4.2 Out-of-band Discovery 4.4.3 Global Discovery for Reverse Connections 5 Local Discovery Server 5.1 Overview 5.2 Security Considerations for Multicast DNS 5.3 Network Architectures 5.3.1 Overview 5.3.2 Single MulticastSubnet 5.3.3 Multiple MulticastSubnet 5.3.4 No MulticastSubnet 5.3.5 Domain Names and MulticastSubnets 6 Global Discovery Server 6.1 Overview 6.2 Roles and Privileges 6.3 Client connections to global services 6.4 Local Discovery 6.5 Application Registration Workflow 6.6 Information Model 6.6.1 Overview 6.6.2 Directory 6.6.3 DirectoryType 6.6.4 FindApplications 6.6.5 ApplicationRecordDataType 6.6.6 RegisterApplication 6.6.7 UpdateApplication 6.6.8 UnregisterApplication 6.6.9 GetApplication 6.6.10 QueryApplications 6.6.11 QueryServers (deprecated) 6.6.12 ApplicationRegistrationChangedAuditEventType 7 Certificate Management 7.1 Overview 7.2 Roles and Privileges 7.3 Pull Management 7.4 Push Management 7.5 Application Setup 7.6 Pull Management Workflow 7.7 Push Management Workflow 7.8 Common Information Model 7.8.1 Overview 7.8.2 TrustLists 7.8.2.1 TrustListType 7.8.2.2 OpenWithMasks 7.8.2.3 CloseAndUpdate 7.8.2.4 AddCertificate 7.8.2.5 RemoveCertificate 7.8.2.6 TrustListDataType 7.8.2.7 TrustListMasks 7.8.2.8 TrustListValidationOptions 7.8.2.9 TrustListOutOfDateAlarmType 7.8.2.10 TrustListUpdateRequestedAuditEventType 7.8.2.11 TrustListUpdatedAuditEventType 7.8.3 CertificateGroups 7.8.3.1 CertificateGroupType 7.8.3.2 GetRejectedList 7.8.3.3 CertificateGroupFolderType 7.8.4 CertificateTypes 7.8.4.1 CertificateType 7.8.4.2 ApplicationCertificateType 7.8.4.3 HttpsCertificateType 7.8.4.4 RsaMinApplicationCertificateType 7.8.4.5 RsaSha256ApplicationCertificateType 7.8.4.6 EccApplicationCertificateType 7.8.4.7 EccNistP256ApplicationCertificateType 7.8.4.8 EccNistP384ApplicationCertificateType 7.8.4.9 EccBrainpoolP256r1ApplicationCertificateType 7.8.4.10 EccBrainpoolP384r1ApplicationCertificateType 7.8.4.11 EccCurve25519ApplicationCertificateType 7.8.4.12 EccCurve448ApplicationCertificateType 7.9 Information Model for Pull Certificate Management 7.9.1 Overview 7.9.2 CertificateDirectoryType 7.9.3 StartSigningRequest 7.9.4 StartNewKeyPairRequest 7.9.5 FinishRequest 7.9.6 RevokeCertificate 7.9.7 GetCertificateGroups 7.9.8 GetCertificates 7.9.9 GetTrustList 7.9.10 GetCertificateStatus 7.9.11 CheckRevocationStatus 7.9.12 CertificateRequestedAuditEventType 7.9.13 CertificateDeliveredAuditEventType 7.10 Information Model for Push Certificate Management 7.10.1 Overview 7.10.2 ServerConfiguration 7.10.3 ServerConfigurationType 7.10.4 UpdateCertificate 7.10.5 GetCertificates 7.10.6 ApplyChanges 7.10.7 CreateSigningRequest 7.10.8 CancelChanges 7.10.9 GetRejectedList 7.10.10 ResetToServerDefaults 7.10.11 TransactionDiagnosticsType 7.10.12 TransactionErrorType 7.10.13 CertificateUpdateRequestedAuditEventType 7.10.14 CertificateUpdatedAuditEventType 8 KeyCredentialManagement 8.1 Overview 8.2 Roles and Privileges 8.3 Pull Management 8.4 Push Management 8.5 Information Model for Pull Management 8.5.1 Overview 8.5.2 KeyCredentialManagementFolderType 8.5.3 KeyCredentialManagement 8.5.4 KeyCredentialServiceType 8.5.5 StartRequest 8.5.6 FinishRequest 8.5.7 Revoke 8.5.8 KeyCredentialAuditEventType 8.5.9 KeyCredentialRequestedAuditEventType 8.5.10 KeyCredentialDeliveredAuditEventType 8.5.11 KeyCredentialRevokedAuditEventType 8.6 Information Model for Push Management 8.6.1 KeyCredentialConfigurationFolderType 8.6.2 CreateCredential 8.6.3 KeyCredentialConfiguration 8.6.4 KeyCredentialConfigurationType 8.6.5 GetEncryptingKey 8.6.6 UpdateCredential 8.6.7 DeleteCredential 8.6.8 KeyCredentialUpdatedAuditEventType 8.6.9 KeyCredentialDeletedAuditEventType 9 AuthorizationServices 9.1 Overview 9.2 Roles and Privileges 9.3 Implicit 9.4 Explicit 9.5 Chained 9.6 Information Model for Requesting Access Tokens 9.6.1 Overview 9.6.2 AuthorizationServicesFolderType 9.6.3 AuthorizationServices 9.6.4 AuthorizationServiceType 9.6.5 RequestAccessToken 9.6.6 GetServiceDescription 9.6.7 AccessTokenIssuedAuditEventType 9.7 Information Model for Configuring Servers 9.7.1 Overview 9.7.2 AuthorizationServiceConfigurationFolderType 9.7.3 AuthorizationServices 9.7.4 AuthorizationServiceConfigurationType 10 Namespaces 10.1 Namespace Metadata 10.2 Handling of OPC UA Namespaces Annex A (informative)Deployment and Configuration A.1 Firewalls and Discovery A.2 Resolving References to Remote Servers Annex B (normative)NodeSet and Constants B.1 NodeSet B.2 Numeric Node Ids Annex C (normative)OPC UA Mapping to mDNS C.1 DNS Server (SRV) Record Syntax C.2 DNS Text (TXT) Record Syntax C.3 DiscoveryUrl Mapping Annex D (normative)Server Capability Identifiers Annex E (normative)DirectoryServices E.1 Global Discovery via Other DirectoryServices E.2 UDDI E.3 LDAP Annex F (normative)Local Discovery Server F.1 Certificate Store Directory Layout F.2 Installation Directories on Windows Annex G (normative)Application Setup G.1 Application Setup with Pull Management G.2 Application Setup with the Push Management G.3 Setting Permissions Annex H (informative) Comparison with RFC 7030 H.1 Overview H.2 Obtaining CA Certificates H.3 Initial Enrolment H.4 Client Certificate Reissuance H.5 Server Key Generation H.6 Certificate Signing Request (CSR) Attributes Request