The following sections describe Profilesin a tabular format.
Each table contains three columns. The first column is a description of the conformance group that the ConformanceUnitis part of. This allows the reader to easily find the ConformanceUnit. This column may also state “Profile” in which case the listed item is not a ConformanceUnit, but an included P rofile.The second column is a brief description of the ConformanceUnitor included Profile. The last column indicates if the ConformanceUnitis optional or required.
Table 24describes the details of the Core ServerFacet. This Facet defines the core functionality required for any UA Serverimplementation. The core functionality includes the ability to discover endpoints, establish secure communication channels, create Sessions, browse the AddressSpaceand read and/or write to Attributesof Nodes. The key requirements are: support for a single Session, support for the Serverand ServerCapabilities Object, all mandatory Attributesfor Nodesin the AddressSpace, and authentication with UserName and Password. This Facet has been extended with additional Base Information ConformanceUnits. They are optional to provide backward compatibility. In the future the ConformanceUnit“Base Info ServerCapabilities” will become required, and so it is highly recommended that all Serverssupport it. For broad applicability, it is recommended that Serverssupport multiple transport and security Profiles.
Group |
Conformance Unit / ProfileTitle |
Optional |
SecurityPolicy – None |
False |
|
User Token – User Name Password ServerFacet |
False |
|
Address Space Model |
Address Space Base |
False |
AttributeRead |
False |
|
AttributeWrite Index |
True |
|
AttributeWrite Values |
True |
|
Base Information |
Base Info Core Structure |
False |
Base Information |
Base Info OptionSet |
True |
Base Information |
Base Info Placeholder Modelling Rules |
True |
Base Information |
Base Info ServerCapabilities |
True |
Base Information |
Base Info ValueAsText |
True |
False |
||
DiscoveryGet Endpoints |
False |
|
Security |
Security – No Application Authentication |
True |
Security |
Security Administration |
True |
SessionBase |
False |
|
False |
||
SessionMinimum 1 |
False |
|
View Services |
View Basic |
False |
View Services |
View Minimum Continuation Point 01 |
False |
View Services |
View RegisterNodes |
False |
View Services |
View TranslateBrowsePath |
False |
Table 25describes the details of the Core 2017 ServerFacet. This Facet defines the core functionality required for any UA Serverimplementation. The core functionality includes the ability to discover endpoints, establish secure communication channels, create Sessions, browse the AddressSpaceand read and/or write to Attributesof Nodes. The key requirements are: support for a single Session, support for the Serverand ServerCapabilities Object, all mandatory Attributesfor Nodesin the AddressSpace, and authentication with UserName and Password. For broad applicability, it is recommended that Serverssupport multiple transport and security Profiles. This Facet supersedes the “Core ServerFacet”.
Table 25– Core 2017 Server Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
SecurityPolicy – None |
False |
|
User Token – User Name Password ServerFacet |
False |
|
Address Space Model |
Address Space Atomicity |
False |
Address Space Model |
Address Space Base |
False |
Address Space Model |
Address Space Full Array Only |
False |
AttributeRead |
False |
|
AttributeWrite Index |
True |
|
AttributeWrite Values |
True |
|
Base Information |
Base Info Core Structure |
False |
Base Information |
Base Info Estimated Return Time |
True |
Base Information |
Base Info OptionSet |
True |
Base Information |
Base Info Placeholder Modelling Rules |
True |
Base Information |
Base Info Selection List |
True |
Base Information |
Base Info ServerCapabilities |
True |
Base Information |
Base Info ValueAsText |
True |
False |
||
DiscoveryGet Endpoints |
False |
|
Security |
Security Administration |
True |
Security |
Security Role ServerAuthorization |
True |
SessionBase |
False |
|
False |
||
SessionMinimum 1 |
False |
|
View Services |
View Basic |
False |
View Services |
View Minimum Continuation Point 01 |
False |
View Services |
View RegisterNodes |
False |
View Services |
View TranslateBrowsePath |
False |
Table 26describes the details of the Sessionless ServerFacet. Defines the use of Sessionless Serviceinvocation in a Server.
Table 26– Sessionless Server Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
DiscoveryGet Endpoints SessionLess |
False |
|
SessionSessionless Invocation |
False |
Table 27describes the details of the Reverse Connect ServerFacet. This Facet defines support of reverse connectivity in a Server. Usually, a connection is opened by the Clientbefore starting the UA-specific handshake. This will fail, however, when Serversare behind firewalls with no open ports to connect to. In the reverse connectivity scenario, the Serveropens the connection and starts with a ReverseHello message requesting that the Clientestablish a Secure Channel using this connection.
Table 27– Reverse Connect Server Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Protocol and Encoding |
Protocol Reverse Connect Server |
False |
Table 28describes the details of the Base ServerBehaviour Facet. This Facet defines best practices for the configuration and management of Serverswhen they are deployed in a production environment. It provides the ability to enable or disable certain protocols and to configure the Discovery Serverand specify where this Servershall be registered.
Table 28– Base Server Behaviour Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
DiscoveryConfiguration |
False |
|
Protocol and Encoding |
Protocol Configuration |
False |
Security |
Security Administration |
False |
Security |
Security Administration – XML Schema |
False |
Security |
Security CertificateAdministration |
False |
Table 29describes the details of the Request State Change ServerFacet. This Facet specifies the support of the RequestServerStateChange Method.
Table 29– Request State Change Server Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Base Information |
Base Info RequestServerStateChange Method |
False |
Table 30describes the details of the Subnet Discovery ServerFacet. Support of this Facet enables discovery of the Serveron a subnet using mDNS. This functionality is only applicable when Serversdo not register with an LDS.
Table 30– Subnet Discovery Server Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
False |
Table 31describes the details of the Global CertificateManagement ServerFacet. This Facet defines the capability to interact with a Global CertificateManagement Serverto obtain an initial or renewed Certificateand Trust Lists.
Table 31– Global Certificate Management Server Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Security |
Push Model for Global Certificateand TrustList Management |
False |
Table 32describes the details of the Authorization Service ServerFacet. This Facet defines the support for configuring the necessary information to validate access tokens when presented by a Client during session establishment. Access Tokens are issued by Authorization Services.
Table 32– Authorization Service Server Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Security |
Authorization Service Configuration Server |
False |
Table 33describes the details of the KeyCredential Service ServerFacet. This Facet defines the capability to interact with a KeyCredential Serviceto obtain KeyCredentials. For example KeyCredentials are needed to access an Authorization Serviceor a Broker. The KeyCredential Serviceis typically part of a system-wide tool, like a GDS that also manages Applications, Access Tokens, and Certificates.
Table 33– KeyCredential Service Server Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Security |
Push Model for KeyCredential Service |
False |
Table 34describes the details of the AttributeWriteMask ServerFacet. This Facet defines the capability to update characteristics of individual Nodesin the AddressSpaceby allowing writing to Node Attributes. It requires support for authenticating user access as well as providing information related to access rights in the AddressSpaceand actually restricting the access rights as described.
Table 34– Attribute WriteMask Server Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Security User Access Control Base |
False |
|
Address Space Model |
Address Space UserWriteMask |
False |
Address Space Model |
Address Space UserWriteMask Multilevel |
True |
Address Space Model |
Address Space WriteMask |
False |
Table 35describes the details of the File Access ServerFacet. This Facet specifies the support of exposing File information via the defined FileType. This includes reading of file as well as optionally writing of file data.
Table 35– File Access Server Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Base Information |
Base Info FileType Base |
False |
Base Information |
Base Info FileType Write |
True |
Table 36describes the details of the Documentation ServerFacet. This Facet defines a list of user documentation that a server application should provide.
Table 36– Documentation Server Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Miscellaneous |
Documentation – Installation |
False |
Miscellaneous |
Documentation – Multiple Languages |
True |
Miscellaneous |
Documentation – On-line |
True |
Miscellaneous |
Documentation – Supported Profiles |
True |
Miscellaneous |
Documentation – Trouble Shooting Guide |
True |
Miscellaneous |
Documentation – Users Guide |
False |
Table 37describes the details of the Embedded DataChange Subscription ServerFacet. This Facet specifies the minimum level of support for data change notifications within subscriptions. It includes limits which minimize memory and processing overhead required to implement the Facet. This Facet includes functionality to create, modify and delete Subscriptions and to add, modify and remove Monitored Items. As a minimum for each Session, Serversshall support one Subscriptionwith up to two items. In addition, support for two parallel Publish requests is required. This Facet is geared for a platform such as the one provided by the Micro Embedded Device Server Profilein which memory is limited and needs to be managed.
Table 37– Embedded DataChange Subscription Server Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Monitored Item Services |
Monitor Basic |
False |
Monitored Item Services |
Monitor Items 2 |
False |
Monitored Item Services |
Monitor QueueSize_1 |
False |
Monitored Item Services |
Monitor Value Change |
False |
SubscriptionBasic |
False |
|
SubscriptionMinimum 1 |
False |
|
SubscriptionPublish Discard Policy |
False |
|
SubscriptionPublish Min 02 |
False |
Table 38describes the details of the Standard DataChange Subscription ServerFacet. This Facet specifies the standard support of subscribing to data changes. This Facet extends features and limits defined by the Embedded Data Change SubscriptionFacet. As a minimum, Serversshall support 2 Subscriptions with at least 100 items for at least half of the required Sessions. The 100 items shall be supported for at least half of the required Subscriptions. Queuing with up to two queued entries is required. Support of five parallel Publish requests per Sessionis required. This Facet also requires the support of the triggering service. This Facet has been updated to include optional ConformanceUnitsto allow for backward compatibility. These optional ConformanceUnitsare highly recommended, in that in a future release they will be made mandatory.
Table 38– Standard DataChange Subscription Server Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Embedded DataChange Subscription ServerFacet |
False |
|
Base Information |
Base Info GetMonitoredItems Method |
True |
MethodCall |
True |
|
Monitored Item Services |
Monitor Items 10 |
False |
Monitored Item Services |
Monitor Items 100 |
False |
Monitored Item Services |
Monitor MinQueueSize_02 |
False |
Monitored Item Services |
Monitor Triggering |
False |
Monitored Item Services |
Monitored Items Deadband Filter |
False |
SubscriptionMinimum 02 |
False |
|
SubscriptionPublish Min 05 |
False |
Table 39describes the details of the Standard DataChange Subscription2017 ServerFacet. This Facet specifies the standard support of subscribing to data changes and extends features and limits defined by the Embedded Data Change SubscriptionFacet. See ConformanceUnitsfor these limits. Note that the MethodCall Serviceis only required for the Methodsdefined in this Facet. This Facet supersedes the “Standard DataChange Subscription ServerFacet”.
Table 39– Standard DataChange Subscription 2017 Server Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Embedded DataChange Subscription ServerFacet |
False |
|
Base Information |
Base Info GetMonitoredItems Method |
False |
Base Information |
Base Info ResendData Method |
False |
MethodCall |
False |
|
Monitored Item Services |
Monitor Items 10 |
False |
Monitored Item Services |
Monitor Items 100 |
False |
Monitored Item Services |
Monitor MinQueueSize_02 |
False |
Monitored Item Services |
Monitor Triggering |
False |
Monitored Item Services |
Monitored Items Deadband Filter |
False |
SubscriptionMinimum 02 |
False |
|
SubscriptionPublish Min 05 |
False |
Table 40describes the details of the Enhanced DataChange Subscription ServerFacet. This Facet specifies an enhanced support of subscribing to data changes. It is part of the Standard UA Server Profile. This Facet increases the limits defined by the Standard Data Change SubscriptionFacet.
Table 40– Enhanced DataChange Subscription Server Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Standard DataChange Subscription ServerFacet |
False |
|
Monitored Item Services |
Monitor Items 500 |
False |
Monitored Item Services |
Monitor MinQueueSize_05 |
False |
SubscriptionMinimum 05 |
False |
|
SubscriptionPublish Min 10 |
False |
Table 41describes the details of the Enhanced DataChange Subscription2017 ServerFacet. This Facet specifies an enhanced support of subscribing to data changes. It is part of the Standard UA Server2017 Profile. This Facet increases the limits defined by the Standard Data Change Subscription2017 ServerFacet.
Table 41– Enhanced DataChange Subscription 2017 Server Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Standard DataChange Subscription2017 ServerFacet |
False |
|
Monitored Item Services |
Monitor Items 500 |
False |
Monitored Item Services |
Monitor MinQueueSize_05 |
False |
SubscriptionMinimum 05 |
False |
|
SubscriptionPublish Min 10 |
False |
Table 42describes the details of the Durable Subscription ServerFacet. This Facet specifies support of durable storage of data and events even when Clientsare disconnected. This Facet implies support of any of the DataChange or Event SubscriptionFacets.
Table 42– Durable Subscription Server Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
SubscriptionDurable |
False |
|
SubscriptionDurable StorageLevel High |
True |
|
SubscriptionDurable StorageLevel Medium |
True |
|
SubscriptionDurable StorageLevel Small |
True |
Table 43describes the details of the Data Access ServerFacet. This Facet specifies the support for an Information Model used to provide industrial automation data. This model defines standard structures for analog and discrete data items and their quality of service. This Facet extends the Core ServerFacet which includes support of the basic AddressSpacebehaviour.
Table 43– Data Access Server Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Data Access |
Data Access AnalogItems |
True |
Data Access |
Data Access ArrayItemType |
True |
Data Access |
Data Access Complex Number |
True |
Data Access |
Data Access DataItems |
False |
Data Access |
Data Access DoubleComplex Number |
True |
Data Access |
Data Access MultiState |
True |
Data Access |
Data Access MultiStateValueDiscrete |
True |
Data Access |
Data Access PercentDeadband |
True |
Data Access |
Data Access Semantic Changes |
True |
Data Access |
Data Access TwoState |
True |
Table 44describes the details of the ComplexType ServerFacet. This Facet extends the Core ServerFacet to include Variableswith Complex Data, i.e. data that are composed of multiple elements such as a structure and where the individual elements are exposed as component variables. Support of this Facet requires the implementation of structured DataTypes and Variablesthat make use of these DataTypes. The Read, Write and Subscriptions service set shall support the encoding and decoding of these structured DataTypes. As an option the Servercan also support alternate encodings, such as an XML encoding when the binary protocol is currently used and vice-versa.
Table 44– ComplexType Server Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Address Space Model |
Address Space Complex Data Dictionary |
False |
AttributeAlternate Encoding |
True |
|
AttributeRead Complex |
False |
|
AttributeWrite Complex |
False |
|
Monitored Item Services |
Monitor Alternate Encoding |
True |
Table 45describes the details of the ComplexType 2017 ServerFacet. This Facet extends the Core ServerFacet to include Variableswith structured data, i.e. data that are composed of multiple elements such as a structure and where the individual elements are exposed as component variables. Support of this Facet requires the implementation of structured DataTypes and Variablesthat make use of these DataTypes. The Read, Write and Subscriptions service set shall support the encoding and decoding of these structured DataTypes. As an option the Servercan also support alternate encodings, such as an XML encoding when the binary protocol is currently used and vice-versa.
Table 45– ComplexType 2017 Server Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Address Space Model |
Address Space DataTypeDefinition Attribute |
False |
AttributeAlternate Encoding |
True |
|
AttributeRead Complex |
False |
|
AttributeWrite Complex |
False |
|
Monitored Item Services |
Monitor Alternate Encoding |
True |
Monitored Item Services |
Monitor Complex Value |
True |
Table 46describes the details of the Standard Event Subscription ServerFacet. This Facet specifies the standard support for subscribing to events and is intended to supplement any of the FullFeatured Profiles. Support of this Facet requires the implementation of EventTypes representing the Events that the Servercan report and their specific fields. It also requires at least the Server Objectto have the EventNotifier Attributeset. It includes the Servicesto Create, Modify and Delete Subscriptions and to Add, Modify and Remove Monitored Items for Object Nodeswith an “EventNotifier Attribute”. Creating a monitoring item may include a filter that includes SimpleAttribute FilterOperands and a select list of Operators. The operators include: Equals, IsNull, GreaterThan, LessThan, GreaterThanOrEqual, LessThanOrEqual, Like, Not, Between, InList, And, Or, Cast, BitwiseAnd, BitwiseOr and TypeOf. Support of more complex filters is optional. This Facet has been updated to include several optional Base Information ConformanceUnits. These ConformanceUnitsare optional to allow for backward compatibility, in the future these optional ConformanceUnitswill become required, and so it is highly recommended that all servers support them.
Table 46– Standard Event Subscription Server Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Address Space Model |
Address Space Events |
False |
Base Information |
Base Info Device Failure |
True |
Base Information |
Base Info EventQueueOverflow EventType |
True |
Base Information |
Base Info Progress Events |
True |
Base Information |
Base Info SemanticChange |
True |
Base Information |
Base Info System Status |
True |
Base Information |
Base Info System Status Underlying System |
True |
Monitored Item Services |
Monitor Basic |
False |
Monitored Item Services |
Monitor Complex EventFilter |
True |
Monitored Item Services |
Monitor Events |
False |
Monitored Item Services |
Monitor Items 10 |
False |
Monitored Item Services |
Monitor QueueSize_ServerMax |
False |
SubscriptionBasic |
False |
|
SubscriptionMinimum 02 |
False |
|
SubscriptionPublish Discard Policy |
False |
|
SubscriptionPublish Min 05 |
False |
Table 47describes the details of the Address Space Notifier ServerFacet. This Facet requires the support of a hierarchy of Object Nodesthat are notifiers and Nodesthat are event sources. The hierarchy is commonly used as a way to organize a plant into areas that can be managed by different operators.
Table 47– Address Space Notifier Server Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Address Space Model |
Address Space Notifier Hierarchy |
False |
Address Space Model |
Address Space Source Hierarchy |
False |
Table 48describes the details of the A & C Base Condition ServerFacet. This Facet requires basic support for Conditions. Information about Conditionsis provided through Eventnotifications and thus this Facet builds upon the Standard Event Subscription ServerFacet. Conditionsthat are in an “interesting” state (as defined by the Server) can be refreshed using the Refresh Method, which requires support for the Method ServerFacet. Optionally the server may also provide support for Conditionclasses
Table 48– A & C Base Condition Server Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
False |
||
Standard Event Subscription ServerFacet |
False |
|
Alarmsand Conditions |
A & C Basic |
False |
Alarmsand Conditions |
A & C ConditionSub-Classes |
True |
Alarmsand Conditions |
A & C ConditionClasses |
True |
Alarmsand Conditions |
A & C Refresh |
False |
Table 49describes the details of the A & C Refresh2 ServerFacet. This Facet enhances the A & C Base Condition ServerFacet with support of the ConditionRefresh2 Method.
Table 49– A & C Refresh2 Server Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
False |
||
Alarmsand Conditions |
A & C Refresh2 |
False |
Table 50describes the details of the A & C Address Space Instance ServerFacet. This Facet specifies the support required for a Serverto expose Alarmsand Conditionsin its AddressSpace. This includes the A & C AddressSpaceinformation model.
Table 50– A & C Address Space Instance Server Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Alarmsand Conditions |
A & C Instances |
False |
Table 51describes the details of the A & C Enable ServerFacet. This Facet requires the enabling and disabling of Conditions. This Facet builds upon the A&C Base Condition ServerFacet. Enabling and disabling also requires that instances of these ConditionTypes exist in the AddressSpacesince the enable Methodcan only be invoked on an instance of the Condition
Table 51– A & C Enable Server Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
False |
||
Alarmsand Conditions |
A & C Enable |
False |
Alarmsand Conditions |
A & C Instances |
False |
Table 52describes the details of the A & C AlarmMetrics ServerFacet. This Facet requires support for AlarmMetrics. AlarmMetrics expose status and potential issues in the alarm system. A Servercan provide these metrics at various levels (operator station, plant area, overall system etc.).
Table 52– A & C AlarmMetrics Server Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Alarmsand Conditions |
A & C AlarmMetrics |
False |
Table 53describes the details of the A & C Alarm ServerFacet. This Facet requires support for Alarms. Alarmsextend the ConditionType by adding an Active state which indicates when something in the system requires attention by an Operator. This Facet builds upon the A&C Base Condition ServerFacet. This facet requires that discrete AlarmTypes be supported, it also allows for optional support of shelving, alarm comments and other discrete AlarmTypes such as Trip or Off-Normal.
Table 53– A & C Alarm Server Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
False |
||
Alarmsand Conditions |
A & C Alarm |
False |
Alarmsand Conditions |
A & C Audible Sound |
True |
Alarmsand Conditions |
A & C Comment |
True |
Alarmsand Conditions |
A & C Discrepancy |
True |
Alarmsand Conditions |
A & C Discrete |
False |
Alarmsand Conditions |
A & C First in Group Alarm |
True |
Alarmsand Conditions |
A & C OffNormal |
True |
Alarmsand Conditions |
A & C On-Off Delay |
True |
Alarmsand Conditions |
A & C Out Of Service |
True |
Alarmsand Conditions |
A & C Re-Alarming |
True |
Alarmsand Conditions |
A & C Shelving |
True |
Alarmsand Conditions |
A & C Silencing |
True |
Alarmsand Conditions |
A & C Suppression |
True |
Alarmsand Conditions |
A & C Suppression by Operator |
True |
Alarmsand Conditions |
A & C SystemOffNormal |
True |
Alarmsand Conditions |
A & C Trip |
True |
Table 54describes the details of the A & C Acknowledgeable Alarm ServerFacet. This Facet requires support for Acknowledgement of active Alarms. This Facet builds upon the A & C Alarm ServerFacet. Acknowledgement requires support of the Acknowledge Methodand the Acknowledged state. Support of the Confirmed state and the Confirm Methodis optional.
Table 54– A & C Acknowledgeable Alarm Server Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
False |
||
Alarmsand Conditions |
A & C Acknowledge |
False |
Alarmsand Conditions |
A & C Confirm |
True |
Table 55describes the details of the A & C Exclusive Alarming ServerFacet. This Facet requires support for Alarmswith multiple sub-states that identify different limit Conditions. This facet builds upon the A&C Alarm ServerFacet. The term exclusive means only one sub-state can be active at a time. For example, a temperature exceeds the HighHigh limit the associated exclusive LevelAlarm will be in the HighHigh sub-state and not in the High sub-state. This Facet requires that a Serversupport at least one of the optional Alarmmodels: Limit, RateOfChange or Deviation.
Table 55– A & C Exclusive Alarming Server Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
False |
||
Alarmsand Conditions |
A & C Exclusive Deviation |
True |
Alarmsand Conditions |
A & C Exclusive Level |
True |
Alarmsand Conditions |
A & C Exclusive Limit |
False |
Alarmsand Conditions |
A & C Exclusive RateOfChange |
True |
Table 56describes the details of the A & C Non-Exclusive Alarming ServerFacet. This Facet requires support for Alarmswith multiple sub-states that identify different limit Conditions. This Facet builds upon the A&C Alarm ServerFacet. The term non-exclusive means more than one sub-state can be active at a time. For example, if a temperature exceeds the HighHigh limit the associated non-exclusive LevelAlarm will be in both the High and the HighHigh sub-state. This Facet requires that a server support at least one of the optional alarm models: Limit, RateOfChange or Deviation.
Table 56– A & C Non-Exclusive Alarming Server Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
False |
||
Alarmsand Conditions |
A & C Non-Exclusive Deviation |
True |
Alarmsand Conditions |
A & C Non-Exclusive Level |
True |
Alarmsand Conditions |
A & C Non-Exclusive Limit |
False |
Alarmsand Conditions |
A & C Non-Exclusive RateOfChange |
True |
Table 57describes the details of the A & C Previous Instances ServerFacet. This Facet requires support for Conditionswith previous states that still require action on the part of the operator. This Facet builds upon the A&C Base Condition ServerFacet. A common use case for this Facet is a safety critical system that requires that all Alarmsbe acknowledged even if it the original problem goes away and the Alarmreturns to the inactive state. In these cases, the previous state with active Alarmis still reported by the Serveruntil the Operator acknowledges it. When a Conditionhas previous states it will produce events with different Branch identifiers. When previous state no longer needs attention the branch will disappear.
Table 57– A & C Previous Instances Server Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
False |
||
Alarmsand Conditions |
A & C Branch |
False |
Table 58describes the details of the A & C Dialog ServerFacet. This Facet requires support of Dialog Conditions. This Facet builds upon the A & C BaseCondition ServerFacet Dialogs are ConditionTypes used to request user input. They are typically used when a Serverhas entered some state that requires intervention by a Client. For example, a Servermonitoring a paper machine indicates that a roll of paper has been wound and is ready for inspection. The Serverwould activate a Dialog Conditionindicating to the user that an inspection is required. Once the inspection has taken place the user responds by informing the Serverof an accepted or unaccepted inspection allowing the process to continue.
Table 58– A & C Dialog Server Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
False |
||
Alarmsand Conditions |
A & C Dialog |
False |
Table 59describes the details of the A & C CertificateExpiration ServerFacet. This Facet requires support of the CertificateExpirationAlarmType. It is used to inform Clientswhen the Server’s Certificateis within the defined expiration period.
Table 59– A & C CertificateExpiration Server Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
False |
||
Alarmsand Conditions |
A & C Acknowledge |
False |
Alarmsand Conditions |
A & C Alarm |
False |
Alarmsand Conditions |
A & C CertificateExpiration |
False |
Alarmsand Conditions |
A & C Comment |
True |
Alarmsand Conditions |
A & C Confirm |
True |
Alarmsand Conditions |
A & C Shelving |
True |
Table 60describes the details of the A & E Wrapper Facet. This Facet specifies the requirements for a UA Serverthat wraps an OPC Alarm& Event(AE) Server(COM). This Profileidentifies the sub-set of the UA Alarm& Conditionmodel which is provided by the COM OPC AE specification. It is intended to provide guidance to developers who are creating servers that front end existing applications. It is important to note that some OPC A&E COM Serversmay not support all of the functionality provided by an OPC UA A&C server, in these cases similar functionality maybe available via some non-OPC interface. For example if an A&E COM server does not support sending AlarmAcknowledgement messages to the system that it is obtaining alarm information from, this functionality may be available via some out of scope features in the underlying Alarmsystem. Another possibility is that the underlying system does not require acknowledgements or automatically acknowledges the alarm.
Group |
Conformance Unit / ProfileTitle |
Optional |
Address Space Model |
Address Space Events |
False |
Address Space Model |
Address Space Notifier Hierarchy |
False |
Address Space Model |
Address Space Source Hierarchy |
False |
Alarmsand Conditions |
A & C Acknowledge |
False |
Alarmsand Conditions |
A & C Alarm |
False |
Alarmsand Conditions |
A & C Basic |
False |
Alarmsand Conditions |
A & C ConditionClasses |
False |
Alarmsand Conditions |
A & C Refresh |
False |
Alarmsand Conditions |
A & E Wrapper Mapping |
False |
Monitored Item Services |
Monitor Basic |
False |
Monitored Item Services |
Monitor Complex EventFilter |
False |
Monitored Item Services |
Monitor Events |
False |
Monitored Item Services |
Monitor Items 2 |
False |
Monitored Item Services |
Monitor QueueSize_ServerMax |
False |
SubscriptionBasic |
False |
|
SubscriptionMinimum 1 |
False |
|
SubscriptionPublish Discard Policy |
False |
|
SubscriptionPublish Min 02 |
False |
Table 61describes the details of the Method ServerFacet. This Facet specifies the support of Methodinvocation via the Call service. Methods are “lightweight” functions which are similar to the methods of a class found in any object-oriented programming language. A Methodcan have its scope bounded by an owning Objector an owning ObjectType. Methods with an ObjectTypeas their scope are similar to static methods in a class.
Group |
Conformance Unit / ProfileTitle |
Optional |
Address Space Model |
Address Space Method |
False |
MethodCall |
False |
Table 62describes the details of the Auditing ServerFacet. This Facet requires the support of Auditing which includes the Standard Event Subscription ServerFacet. Support of this Facet requires that Audit Events be produced when a client performs some action to change the state of the server, such as changing the AddressSpace, inserting or updating a value etc. The auditEntryId passed by the Clientis a field contained in every Audit Eventand allows actions to be traced across multiple systems. The Audit EventTypes and their fields must be exposed in the Server’s AddressSpace
Table 62– Auditing Server Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Standard Event Subscription ServerFacet |
False |
|
Auditing |
Auditing Base |
False |
Table 63describes the details of the NodeManagement ServerFacet. This Facet requires the support of the Servicesthat allow the Clientto add, modify and delete Nodesin the AddressSpace. These Servicesprovide an interface which can be used to configure Servers. This means all changes to the AddressSpaceare expected to persist even after the Clienthas disconnected from the Server
Table 63– Node Management Server Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Address Space Model |
Address Space Base |
False |
Base Information |
Base Info Model Change |
False |
Base Information |
Base Info Type System |
False |
False |
||
NodeManagement Add Ref |
False |
|
False |
||
NodeManagement Delete Ref |
False |
Table 64describes the details of the User Role Base ServerFacet. This Facet defines support of the OPC UA Information Model to expose configured user roles and permissions.
Table 64– User Role Base Server Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Security |
Security Role ServerBase |
False |
Table 65describes the details of the User Role Management ServerFacet. This Facet defines support of the OPC UA approach to manage user roles and permissions and to grant access to Nodesand Servicesbased on the assigned roles and permissions.
Table 65– User Role Management Server Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
||
User Role Base ServerFacet |
False |
|||
Security |
Security Role ServerDefaultRolePermissions |
False |
||
Security |
Security Role ServerIdentityManagement |
False |
||
Security |
Security Role ServerManagement |
False |
||
Security |
Security Role ServerRestrict Applications |
True |
||
Security |
Security Role ServerRestrict Endpoints |
True |
||
Security |
Security Role ServerRolePermissions |
True |
||
Security |
Security Role Well Known |
False |
Table 66describes the details of the State Machine ServerFacet. This Facet defines support of StateMachines based on the types in UA Part 5.
Table 66– State Machine Server Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Base Information |
Base Info Available States and Transitions |
True |
Base Information |
Base Info Finite State Machine Instance |
True |
Base Information |
Base Info State Machine Instance |
False |
Table 67describes the details of the ClientRedundancy ServerFacet. This Facet defines the Serveractions that are required for support of redundant Clients. Support of this Facet requires the implementation of the TransferSubscriptions Servicewhich allows the transfer of Subscriptions from one Client’s Sessionto another Client’s Session.
Table 67– Client Redundancy Server Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
SubscriptionTransfer |
False |
Table 68describes the details of the Redundancy Transparent ServerFacet. This Facet requires support for transparent redundancy. If Serversimplement transparent redundancy then the failover from one Serverto another is transparent to the Clientsuch that the Clientis unaware that a failover has occurred; the Clientdoes not need to do anything at all to keep data flowing. This type of redundancy is usually a hardware solution.
Table 68– Redundancy Transparent Server Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Redundancy |
Redundancy ServerTransparent |
False |
Table 69describes the details of the Redundancy Visible ServerFacet. This Facet specifies the support for non-transparent redundancy. Failover for this type of redundancy requires the Clientto monitor Serverstatus and to switch to a backup Serverif it detects a failure. The Servershall expose the methods of failover it supports (cold, warm or hot). The failover method tells the Clientwhat it must do when connecting to a Serverand when a failure occurs. Cold redundancy requires a Clientto reconnect to a backup Serverafter the initial Serverhas failed. Warm redundancy allows a Clientto connect to multiple Servers, but only one Serverwill be providing values. In hot redundancy multiple Serversare able to provide data and a Clientcan connect to multiple Serversfor the data.
Table 69– Redundancy Visible Server Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Redundancy |
Redundancy Server |
False |
Table 70describes the details of the Historical Raw Data ServerFacet. This Facet defines the basic functionality when supporting historical data access for raw data.
Table 70– Historical Raw Data Server Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
AttributeHistorical Read |
False |
|
Historical Access |
Historical Access Data Max NodesRead Continuation Point |
False |
Historical Access |
Historical Access Read Raw |
False |
Historical Access |
Historical Access ServerTimestamp |
True |
Table 71describes the details of the Historical Aggregate ServerFacet. This Facet indicates that the server supports aggregate processing to produce derived values from raw historical data.
Table 71– Historical Aggregate Server Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Aggregates |
Aggregate – AnnotationCount |
True |
Aggregates |
Aggregate – Average |
True |
Aggregates |
Aggregate – Count |
True |
Aggregates |
Aggregate – Custom |
True |
Aggregates |
Aggregate – Delta |
True |
Aggregates |
Aggregate – DeltaBounds |
True |
Aggregates |
Aggregate – DurationBad |
True |
Aggregates |
Aggregate – DurationGood |
True |
Aggregates |
Aggregate – DurationInStateNonZero |
True |
Aggregates |
Aggregate – DurationInStateZero |
True |
Aggregates |
Aggregate – End |
True |
Aggregates |
Aggregate – EndBound |
True |
Aggregates |
Aggregate – Interpolative |
True |
Aggregates |
Aggregate – Maximum |
True |
Aggregates |
Aggregate – Maximum2 |
True |
Aggregates |
Aggregate – MaximumActualTime |
True |
Aggregates |
Aggregate – MaximumActualTime2 |
True |
Aggregates |
Aggregate – Minimum |
True |
Aggregates |
Aggregate – Minimum2 |
True |
Aggregates |
Aggregate – MinimumActualTime |
True |
Aggregates |
Aggregate – MinimumActualTime2 |
True |
Aggregates |
Aggregate – NumberOfTransitions |
True |
Aggregates |
Aggregate – PercentBad |
True |
Aggregates |
Aggregate – PercentGood |
True |
Aggregates |
Aggregate – Range |
True |
Aggregates |
Aggregate – Range2 |
True |
Aggregates |
Aggregate – StandardDeviationPopulation |
True |
Aggregates |
Aggregate – StandardDeviationSample |
True |
Aggregates |
Aggregate – Start |
True |
Aggregates |
Aggregate – StartBound |
True |
Aggregates |
Aggregate – TimeAverage |
True |
Aggregates |
Aggregate – TimeAverage2 |
True |
Aggregates |
Aggregate – Total |
True |
Aggregates |
Aggregate – Total2 |
True |
Aggregates |
Aggregate – VariancePopulation |
True |
Aggregates |
Aggregate – VarianceSample |
True |
Aggregates |
Aggregate – WorstQuality |
True |
Aggregates |
Aggregate – WorstQuality2 |
True |
Aggregates |
Aggregate Historical Configuration |
True |
Aggregates |
Aggregate Master Configuration |
False |
AttributeHistorical Read |
False |
|
Historical Access |
Historical Access Aggregates |
False |
Historical Access |
Historical Access Data Max NodesRead Continuation Point |
False |
Table 72describes the details of the Historical Data AtTime ServerFacet. This Facet indicates that the historical Serversupports reading data by specifying specific timestamps.
Table 72– Historical Data AtTime Server Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
AttributeHistorical Read |
False |
|
Historical Access |
Historical Access Data Max NodesRead Continuation Point |
False |
Historical Access |
Historical Access Time Instance |
False |
Table 73describes the details of the Historical Access Modified Data ServerFacet. This Facet defines support of reading modified historical values (values that where modified or inserted).
Table 73– Historical Access Modified Data Server Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
AttributeHistorical Read |
False |
|
Historical Access |
Historical Access Modified Values |
False |
Table 74describes the details of the Historical Annotation ServerFacet. This Facet defines support for the storage and retrieval of annotations for historical data.
Table 74– Historical Annotation Server Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
AttributeHistorical Read |
False |
|
AttributeHistorical Update |
False |
|
Historical Access |
Historical Access Annotations |
False |
Table 75describes the details of the Historical Data Insert ServerFacet. This Facet includes Historical Data Insert functionality.
Table 75– Historical Data Insert Server Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
AttributeHistorical Update |
False |
|
Historical Access |
Historical Access Insert Value |
False |
Historical Access |
Historical Access ServerTimestamp |
True |
Table 76describes the details of the Historical Data Update ServerFacet. This Facet includes Historical Data Update functionality.
Table 76– Historical Data Update Server Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
AttributeHistorical Update |
False |
|
Historical Access |
Historical Access ServerTimestamp |
True |
Historical Access |
Historical Access Update Value |
False |
Table 77describes the details of the Historical Data Replace ServerFacet. This Facet includes Historical Data Replace functionality.
Table 77– Historical Data Replace Server Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
AttributeHistorical Update |
False |
|
Historical Access |
Historical Access Replace Value |
False |
Historical Access |
Historical Access ServerTimestamp |
True |
Table 78describes the details of the Historical Data Delete ServerFacet. This Facet includes Historical Data Delete functionality.
Table 78– Historical Data Delete Server Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
AttributeHistorical Update |
False |
|
Historical Access |
Historical Access Delete Value |
False |
Table 79describes the details of the Historical Access Structured Data ServerFacet. This Facet indicates that the Serversupports storage and retrieval of structured values for all supported access types. If a listed access type is supported then the corresponding optional ConformanceUnitshall be supported.
Table 79– Historical Access Structured Data Server Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Historical Access |
Historical Access Structured Data Delete |
True |
Historical Access |
Historical Access Structured Data Insert |
True |
Historical Access |
Historical Access Structured Data Read Modified |
True |
Historical Access |
Historical Access Structured Data Read Raw |
False |
Historical Access |
Historical Access Structured Data Replace |
True |
Historical Access |
Historical Access Structured Data Time Instance |
True |
Historical Access |
Historical Access Structured Data Update |
True |
Table 80describes the details of the Base Historical Event ServerFacet. This Facet defines the server requirements to support basic Historical Eventfunctionality, including simple filtering and general access.
Table 80– Base Historical Event Server Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
AttributeHistorical Read |
False |
|
Historical Access |
Historical Access EventMax Events Read Continuation Point |
False |
Historical Access |
Historical Access Events |
False |
Table 81describes the details of the Historical EventUpdate ServerFacet. This Facet includes Historical Eventupdate access functionality.
Table 81– Historical Event Update Server Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
AttributeHistorical Update |
False |
|
Historical Access |
Historical Access Update Event |
False |
Table 82describes the details of the Historical EventReplace ServerFacet. This Facet includes Historical Eventreplace access functionality.
Table 82– Historical Event Replace Server Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
AttributeHistorical Update |
False |
|
Historical Access |
Historical Access Replace Event |
False |
Table 83describes the details of the Historical EventInsert ServerFacet. This Facet includes Historical Eventinsert access functionality.
Table 83– Historical Event Insert Server Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
AttributeHistorical Update |
False |
|
Historical Access |
Historical Access Insert Event |
False |
Table 84describes the details of the Historical EventDelete ServerFacet. This Facet includes Historical Eventdelete access functionality
Table 84– Historical Event Delete Server Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
AttributeHistorical Update |
False |
|
Historical Access |
Historical Access Delete Event |
False |
Table 85describes the details of the Aggregate Subscription ServerFacet. This Facet defines the handling of the aggregate filter when subscribing for Attributevalues.
Table 85– Aggregate Subscription Server Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Standard DataChange Subscription ServerFacet |
False |
|
Aggregates |
Aggregate Subscription– AnnotationCount |
True |
Aggregates |
Aggregate Subscription– Average |
True |
Aggregates |
Aggregate Subscription– Count |
True |
Aggregates |
Aggregate Subscription– Custom |
True |
Aggregates |
Aggregate Subscription– Delta |
True |
Aggregates |
Aggregate Subscription– DeltaBounds |
True |
Aggregates |
Aggregate Subscription– DurationBad |
True |
Aggregates |
Aggregate Subscription– DurationGood |
True |
Aggregates |
Aggregate Subscription– DurationInStateNonZero |
True |
Aggregates |
Aggregate Subscription– DurationInStateZero |
True |
Aggregates |
Aggregate Subscription– End |
True |
Aggregates |
Aggregate Subscription– EndBound |
True |
Aggregates |
Aggregate Subscription– Filter |
False |
Aggregates |
Aggregate Subscription– Interpolative |
True |
Aggregates |
Aggregate Subscription– Maximum |
True |
Aggregates |
Aggregate Subscription– Maximum2 |
True |
Aggregates |
Aggregate Subscription– MaximumActualTime |
True |
Aggregates |
Aggregate Subscription– MaximumActualTime2 |
True |
Aggregates |
Aggregate Subscription– Minimum |
True |
Aggregates |
Aggregate Subscription– Minimum2 |
True |
Aggregates |
Aggregate Subscription– MinimumActualTime |
True |
Aggregates |
Aggregate Subscription– MinimumActualTime2 |
True |
Aggregates |
Aggregate Subscription– NumberOfTransitions |
True |
Aggregates |
Aggregate Subscription– PercentBad |
True |
Aggregates |
Aggregate Subscription– PercentGood |
True |
Aggregates |
Aggregate Subscription– Range |
True |
Aggregates |
Aggregate Subscription– Range2 |
True |
Aggregates |
Aggregate Subscription– StandardDeviationPopulation |
True |
Aggregates |
Aggregate Subscription– StandardDeviationSample |
True |
Aggregates |
Aggregate Subscription– Start |
True |
Aggregates |
Aggregate Subscription– StartBound |
True |
Aggregates |
Aggregate Subscription– TimeAverage |
True |
Aggregates |
Aggregate Subscription– TimeAverage2 |
True |
Aggregates |
Aggregate Subscription– Total |
True |
Aggregates |
Aggregate Subscription– Total2 |
True |
Aggregates |
Aggregate Subscription– VariancePopulation |
True |
Aggregates |
Aggregate Subscription– VarianceSample |
True |
Aggregates |
Aggregate Subscription– WorstQuality |
True |
Aggregates |
Aggregate Subscription– WorstQuality2 |
True |
Monitored Item Services |
Monitor Aggregate Filter |
False |
Table 86describes the details of the Nano Embedded Device Server Profile. This Profileis a FullFeatured Profileintended for chip level devices with limited resources. This Profileis functionally equivalent to the Core ServerFacet and defines the OPC UA TCP binary protocol as the required transport profile.The support of Diagnostic Objectsand Variablesis optional for this Profiledespite it being defined as “mandatory” in UA Part 5. Support of Diagnostic Objectsand Variablesis mandatory in some higher level Profiles.Exposing types in the AddressSpaceis optional for this Profileexcept if custom types (i.e. types that are derived from well-known ObjectTypes, VariableTypes, ReferenceTypeor DataTypes) are used. Exposing all supported types in the AddressSpaceis mandatory in some higher level Profiles.
Table 86– Nano Embedded Device Server Profile
Group |
Conformance Unit / ProfileTitle |
Optional |
Core ServerFacet |
False |
|
UA-TCP UA-SC UA-Binary |
False |
|
Base Information |
Base Info Custom Type System |
True |
Base Information |
Base Info Diagnostics |
True |
Table 87describes the details of the Nano Embedded Device 2017 Server Profile. This Profileis a FullFeatured Profileintended for chip level devices with limited resources. This Profileis functionally equivalent to the Core ServerFacet and defines the OPC UA TCP binary protocol as the required transport profile.The support of Diagnostic Objectsand Variablesis optional for this Profiledespite it being defined as “mandatory” in UA Part 5. Support of Diagnostic Objectsand Variablesis mandatory in some higher level Profiles. Exposing types in the AddressSpaceis optional for this Profileexcept if custom types (i.e. types that are derived from well-known ObjectTypes, VariableTypes, ReferenceTypeor DataTypes) are used. Exposing all supported types in the AddressSpaceis mandatory in some higher level Profiles.This profile supersedes the “Nano Embedded Device Server Profile”.
Table 87– Nano Embedded Device 2017 Server Profile
Group |
Conformance Unit / ProfileTitle |
Optional |
Core 2017 ServerFacet |
False |
|
UA-TCP UA-SC UA-Binary |
False |
|
Base Information |
Base Info Custom Type System |
True |
Base Information |
Base Info Diagnostics |
True |
Table 88describes the details of the Micro Embedded Device Server Profile. This Profileis a FullFeatured Profileintended for small devices with limited resources. This Profilebuilds upon the Nano Embedded Device Server Profile. The most important additions are: support for subscriptions via the Embedded Data Change Subscription ServerFacet and support for at least two sessions. A complete Type System is not required; however, if the Serverimplements any non-UA types then these types and their super-types must be exposed.
Table 88– Micro Embedded Device Server Profile
Group |
Conformance Unit / ProfileTitle |
Optional |
Embedded DataChange Subscription ServerFacet |
False |
|
False |
||
SessionMinimum 2 Parallel |
False |
Table 89describes the details of the Micro Embedded Device 2017 Server Profile. This Profileis a FullFeatured Profileintended for small devices with limited resources. This Profilebuilds upon the Nano Embedded Device Server Profile. The most important additions are: support for subscriptions via the Embedded Data Change Subscription ServerFacet and support for at least two sessions. A complete Type System is not required; however, if the Serverimplements any non-UA types then these types and their super-types must be exposed.This profile supersedes the “Micro Embedded Device Server Profile”.
Table 89– Micro Embedded Device 2017 Server Profile
Group |
Conformance Unit / ProfileTitle |
Optional |
Embedded DataChange Subscription ServerFacet |
False |
|
False |
||
SessionMinimum 2 Parallel |
False |
Table 90describes the details of the Embedded UA Server Profile. This Profileis a FullFeatured Profilethat is intended for devices with more than 50 MBs of memory and a more powerful processor. This Profilebuilds upon the Micro Embedded Device Server Profile. The most important additions are: support for security via the Security Policy – Basic128Rsa15 Facet, and support for the Standard DataChange Subscription ServerFacet. This Profilealso requires that servers expose all OPC-UA types that are used by the Serverincluding their components and their super-types.
Table 90– Embedded UA Server Profile
Group |
Conformance Unit / ProfileTitle |
Optional |
False |
||
SecurityPolicy – Basic128Rsa15 |
False |
|
Standard DataChange Subscription ServerFacet |
False |
|
Base Information |
Base Info Engineering Units |
True |
Base Information |
Base Info Placeholder Modelling Rules |
True |
Base Information |
Base Info Type System |
False |
Security |
Security Default ApplicationInstance Certificate |
False |
Table 91describes the details of the Embedded 2017 UA Server Profile. This Profileis a FullFeatured Profilethat is intended for devices with more than 50 MBs of memory and a more powerful processor. This Profilebuilds upon the Micro Embedded Device Server Profile. The most important additions are: support for security via the Security Policies and support for the Standard DataChange Subscription ServerFacet. This Profilealso requires that Servers expose all OPC-UA types that are used by the Serverincluding their components and their super-types. This profile supersedes the “Embedded Device Server Profile”.
Table 91– Embedded 2017 UA Server Profile
Group |
Conformance Unit / ProfileTitle |
Optional |
False |
||
Standard DataChange Subscription2017 ServerFacet |
False |
|
Base Information |
Base Info Engineering Units |
True |
Base Information |
Base Info Type System |
False |
Security |
Security – No Application Authentication |
True |
Security |
Security Default ApplicationInstance Certificate |
False |
Security |
Security Policy Required |
False |
Table 92describes the details of the Standard UA Server Profile. This Profileis a FullFeatured Profilethat defines a minimum set of functionality required for PC based OPC UA servers. Such a server must provide the base AddressSpacestructure with type nodes, instance nodes and diagnostic information. The Servermust provide connection establishment through the OPC UA TCP binary protocol with security and the creation of at least 50 parallel sessions. It includes view services like browsing and the attribute services for reading and writing of current values. In addition, the monitoring of data changes is included with a minimum of 5 subscriptions for half of the required sessions (total 225) and a minimum of 500 monitored items for half of the subscriptions (total 56250).
Table 92– Standard UA Server Profile
Group |
Conformance Unit / ProfileTitle |
Optional |
False |
||
Enhanced DataChange Subscription ServerFacet |
False |
|
User Token – X509 Certificate ServerFacet |
False |
|
AttributeWrite StatusCode & Timestamp |
True |
|
Base Information |
Base Info Diagnostics |
False |
DiscoveryRegister |
False |
|
DiscoveryRegister2 |
True |
|
SessionCancel |
False |
|
SessionChange User |
True |
|
SessionMinimum 50 Parallel |
False |
|
View Services |
View Minimum Continuation Point 05 |
False |
Table 93describes the details of the Standard 2017 UA Server Profile. This Profileis a FullFeatured Profilethat defines a minimum set of functionality required for PC based OPC UA servers. Compared to the embedded profiles, the Profilerequires higher limits for Sessions, Subscriptions and Monitored Items. It also requires support of diagnostic information. This profile supersedes the “Standard UA Server Profile”.
Table 93– Standard 2017 UA Server Profile
Group |
Conformance Unit / ProfileTitle |
Optional |
False |
||
Enhanced DataChange Subscription2017 ServerFacet |
False |
|
User Token – X509 Certificate ServerFacet |
False |
|
AttributeWrite StatusCode & Timestamp |
True |
|
Base Information |
Base Info Diagnostics |
False |
DiscoveryRegister |
False |
|
DiscoveryRegister2 |
False |
|
SessionCancel |
False |
|
SessionChange User |
True |
|
SessionMinimum 50 Parallel |
False |
|
View Services |
View Minimum Continuation Point 05 |
False |
Table 94describes the details of the Core ClientFacet. This Facet defines the core functionality required for any Client. This Facet includes the core functions for Security and Sessionhandling.
Group |
Conformance Unit / ProfileTitle |
Optional |
SecurityPolicy – Basic128Rsa15 |
False |
|
SecurityPolicy – None |
False |
|
User Token – User Name Password ClientFacet |
False |
|
User Token – X509 Certificate ClientFacet |
False |
|
Base Information |
Base Info ClientEstimated Return Time |
True |
Security |
Security Administration |
False |
False |
||
True |
||
False |
||
False |
||
True |
||
False |
||
True |
Table 95describes the details of the Core 2017 ClientFacet. This Facet defines the core functionality required for any Client. This Facet includes the core functions for Security and Sessionhandling.This Facet supersedes the Core ClientFacet.
Table 95– Core 2017 Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
SecurityPolicy – None |
False |
|
User Token – User Name Password ClientFacet |
False |
|
User Token – X509 Certificate ClientFacet |
False |
|
Base Information |
Base Info ClientEstimated Return Time |
True |
Base Information |
Base Info ClientSelection List |
True |
Security |
Security Administration |
False |
Security |
Security Policy Required |
False |
False |
||
False |
||
True |
||
False |
||
False |
||
True |
||
False |
||
True |
Table 96describes the details of the Sessionless ClientFacet. Defines the use of Sessionless Serviceinvocation in a Client.
Table 96– Sessionless Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
True |
||
False |
Table 97describes the details of the Reverse Connect ClientFacet. This Facet defines support of reverse connectivity in a Client. Usually, a connection is opened by the Clientbefore starting the UA-specific handshake. This will fail, however, when Serversare behind firewalls. In the reverse connectivity scenario, the Clientaccepts a connection request and a ReverseHello message from a Serverand establishes a Secure Channel using this connection.
Table 97– Reverse Connect Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Protocol and Encoding |
Protocol Reverse Connect Client |
False |
Table 98describes the details of the Base ClientBehaviour Facet. This Facet indicates that the Clientsupports behaviour that Clientsshall follow for best use by operators and administrators. They include allowing configuration of an endpoint for a server without using the discovery service set; Support for manual security setting configuration and behaviour with regard to security issues; support for Automatic reconnection to a disconnected server. These behaviours can only be tested in a test lab. They are best practice guidelines.
Table 98– Base Client Behaviour Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
||
Base Information |
True |
|||
False |
||||
Security |
Security Administration |
False |
||
Security |
Security Administration – XML Schema |
False |
||
Security |
Security CertificateAdministration |
False |
||
True |
||||
Subscription ClientMultiple |
False |
|||
Subscription ClientPublish Configurable |
False |
Table 99describes the details of the Discovery ClientFacet. This Facet defines the ability to discover Serversand their Endpoints.
Table 99– Discovery Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
False |
||
False |
||
False |
||
True |
||
False |
||
False |
Table 100describes the details of the Subnet Discovery ClientFacet. Support of this Facet enables discovery of the Serveron a subnet.
Table 100– Subnet Discovery Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
False |
||
True |
||
True |
Table 101describes the details of the Global Discovery ClientFacet. Support of this Facet enables system-wide discovery of Serversusing a Global Discovery Server(GDS).
Table 101– Global Discovery Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
True |
||
False |
Table 102describes the details of the Global CertificateManagement ClientFacet. This Facet defines the capability to interact with a Global CertificateManagement Serverto obtain an initial or renewed Certificateand Trust Lists.
Table 102– Global Certificate Management Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Security |
Pull Model for Global Certificate and TrustList Management |
False |
Table 103describes the details of the KeyCredential Service ClientFacet. This Facet defines the capability to interact with a KeyCredential Serviceto obtain KeyCredentials. For example KeyCredentials are needed to access an Authorization Serviceor a Broker. The KeyCredential Serviceis typically part of a system-wide tool, like a GDS that also manages Applications, Access Tokens, and Certificates.
Table 103– KeyCredential Service Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Security |
Pull Model for KeyCredential Service |
False |
Table 104describes the details of the Access Token Request ClientFacet. A ClientFacet for using the RequestAccessToken Methodon an Authorization Server(defined in Part 12) to request such a token.
Table 104– Access Token Request Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Security |
False |
Table 105describes the details of the AddressSpaceLookup ClientFacet. This Facet defines the ability to navigate through the AddressSpaceand includes basic AddressSpaceconcepts, view and browse functionality and simple attribute read functionality.
Table 105– AddressSpace Lookup Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Address Space Model |
Address Space ClientBase |
False |
False |
||
True |
||
Base Information |
Base Info ClientBasic |
False |
Base Information |
True |
|
View Services |
View ClientBasic Browse |
False |
View Services |
View ClientBasic ResultSet Filtering |
False |
View Services |
View ClientRegisterNodes |
True |
View Services |
True |
|
View Services |
True |
|
View Services |
View ClientTranslateBrowsePath |
True |
Table 106describes the details of the Request State Change ClientFacet. This Facet specifies the ability to invoke the RequestServerStateChange Method.
Table 106– Request State Change Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Base Information |
Base Info ClientRequestServerStateChange |
False |
Table 107describes the details of the File Access ClientFacet. This Facet defines the ability to use File transfer via the defined FileType. This includes reading and optionally writing.
Table 107– File Access Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Base Information |
Base Info ClientFileType Base |
False |
Base Information |
Base Info ClientFileType Write |
True |
Table 108describes the details of the Entry Level Support 2015 ClientFacet. This Facet defines the ability to interoperate with low-end Servers, in particular Serversthat support the Nano Embedded Profilebut in general Serverswith defined limits.
Table 108– Entry Level Support 2015 Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Base Information |
Base Info ClientHonour Operation Limits |
False |
Base Information |
Base Info ClientType Pre-Knowledge |
False |
False |
||
Subscription ClientFallback |
False |
Table 109describes the details of the Multi-Server ClientConnection Facet. This Facet defines the ability for simultaneous access to multiple Servers.
Table 109– Multi-Server Client Connection Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
False |
Table 110describes the details of the Documentation – Client. This Facet provides a list of user documentation that a Clientapplication should provide.
Table 110– Documentation – Client
Group |
Conformance Unit / ProfileTitle |
Optional |
Miscellaneous |
Documentation Client– Installation |
False |
Miscellaneous |
Documentation Client– Multiple Languages |
True |
Miscellaneous |
Documentation Client– On-line |
True |
Miscellaneous |
True |
|
Miscellaneous |
Documentation Client– Trouble Shooting Guide |
True |
Miscellaneous |
Documentation Client– Users Guide |
False |
Table 111describes the details of the AttributeRead ClientFacet. This Facet defines the ability to read Attributevalues of Nodes.
Table 111– Attribute Read Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
||
Address Space Model |
Address Space ClientAtomicity |
True |
||
Address Space Model |
Address Space ClientComplex Data Dictionary |
True |
||
Address Space Model |
True |
|||
Address Space Model |
Address Space ClientFull Array Only |
True |
||
False |
||||
True |
||||
True |
Table 112describes the details of the AttributeWrite ClientFacet. This Facet defines the ability to write Attributevalues of Nodes.
Table 112– Attribute Write Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
||
Address Space Model |
Address Space ClientAtomicity |
True |
||
Address Space Model |
Address Space ClientComplex Data Dictionary |
True |
||
Address Space Model |
True |
|||
Address Space Model |
Address Space ClientFull Array Only |
True |
||
False |
||||
True |
||||
True |
Table 113describes the details of the DataChange Subscriber ClientFacet. This Facet defines the ability to monitor Attributevalues for data change.
Table 113– DataChange Subscriber Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
||
Address Space Model |
Address Space ClientAtomicity |
True |
||
Address Space Model |
Address Space ClientComplex Data Dictionary |
True |
||
Address Space Model |
True |
|||
Address Space Model |
Address Space ClientFull Array Only |
True |
||
Base Information |
True |
|||
Base Information |
True |
|||
Monitored Item Services |
Monitor Clientby Index |
False |
||
Monitored Item Services |
Monitor ClientComplex Value |
True |
||
Monitored Item Services |
Monitor ClientDeadband Filter |
True |
||
Monitored Item Services |
Monitor ClientModify |
True |
||
Monitored Item Services |
Monitor ClientTrigger |
True |
||
Monitored Item Services |
Monitor ClientValue Change |
False |
||
Subscription ClientBasic |
False |
|||
Subscription ClientModify |
True |
|||
Subscription ClientMultiple |
True |
|||
Subscription ClientRepublish |
False |
Table 114describes the details of the Durable Subscription ClientFacet. This Facet specifies use of durable Subscriptions. It implies support of any of the DataChange or EventSubscriber Facets.
Table 114– Durable Subscription Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Subscription ClientDurable |
False |
Table 115describes the details of the DataAccess ClientFacet. This Facet defines the ability to utilize the DataAccess Information Model, i.e., industrial automation data like analog and discrete data items and their quality of service.
Table 115– DataAccess Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Address Space Model |
Address Space ClientBase |
False |
Address Space Model |
Address Space ClientComplex Data Dictionary |
True |
False |
||
True |
||
True |
||
Data Access |
Data Access ClientAnalogItems |
True |
Data Access |
Data Access ClientBasic |
False |
Data Access |
Data Access ClientDeadband |
True |
Data Access |
Data Access ClientMultiState |
True |
Data Access |
Data Access ClientMultiStateValueDiscrete |
True |
Data Access |
Data Access ClientSemanticChange |
True |
Data Access |
Data Access ClientTwoState |
True |
Table 116describes the details of the EventSubscriber ClientFacet. This Facet defines the ability to subscribe for Event Notifications. This includes basic AddressSpaceconcept and the browsing of it, adding events and event filters as monitored items and adding subscriptions.
Table 116– Event Subscriber Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Address Space Model |
Address Space ClientBase |
False |
Monitored Item Services |
True |
|
Monitored Item Services |
False |
|
Monitored Item Services |
Monitor ClientEvents |
False |
Monitored Item Services |
Monitor ClientModify |
True |
Monitored Item Services |
Monitor ClientTrigger |
True |
Subscription ClientBasic |
False |
|
Subscription ClientModify |
True |
|
Subscription ClientMultiple |
True |
|
Subscription ClientRepublish |
False |
|
View Services |
View ClientBasic Browse |
True |
View Services |
View ClientTranslateBrowsePath |
True |
Table 117describes the details of the Base EventProcessing ClientFacet. This Facet defines the ability to subscribe for and process basic OPC UA Events. The Clienthas to support at least one of the Events in the Facet.
Table 117– Base Event Processing Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
False |
||
Base Information |
Base Info ClientChange Events |
True |
Base Information |
Base Info ClientDevice Failure |
True |
Base Information |
Base Info ClientProgress Events |
True |
Base Information |
Base Info ClientSystem Status |
True |
Base Information |
Base Info ClientSystem Status Underlying System |
True |
Base Information |
Base Info EventProcessing |
False |
Table 118describes the details of the Notifier and Source Hierarchy ClientFacet. This Facet defines the ability to find and use a hierarchy of Objectsthat are event notifier and Nodesthat are event sources in the Server AddressSpace.
Table 118– Notifier and Source Hierarchy Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
False |
||
Address Space Model |
Address Space ClientNotifier Hierarchy |
False |
Address Space Model |
Address Space ClientSource Hierarchy |
False |
Subscription ClientPublish Configurable |
False |
Table 119describes the details of the A & C Base Condition ClientFacet. This Facet defines the ability to use the Alarmand Conditionbasic model. This includes the ability to subscribe for Events and to initiate a Refresh Method.
Table 119– A & C Base Condition Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
False |
||
False |
||
Alarmsand Conditions |
A & C Basic Client |
False |
Alarmsand Conditions |
True |
|
Alarmsand Conditions |
A & C ConditionClasses Client |
False |
Alarmsand Conditions |
A & C Refresh Client |
False |
Table 120describes the details of the A & C Refresh2 ClientFacet. This Facet enhances the A & C Base Condition ServerFacet with the ability to initiate a ConditionRefresh2 Method.
Table 120– A & C Refresh2 Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
False |
||
Alarmsand Conditions |
A & C Refresh2 Client |
False |
Table 121describes the details of the A & C Address Space Instance ClientFacet. This Facet defines the ability to use Conditioninstances in the AddressSpace.
Table 121– A & C Address Space Instance Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Alarmsand Conditions |
A & C Instances Client |
False |
Table 122describes the details of the A & C Enable ClientFacet. This Facet defines the ability to enable and disable Alarms.
Table 122– A & C Enable Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
False |
||
Alarmsand Conditions |
A & C Enable Client |
False |
Table 123describes the details of the A & C AlarmMetrics ClientFacet. This Facet defines the ability to use the AlarmMetrics model, i.e. understand and use the collected alarm metrics at any level in the HasNotifier hierarchy.
Table 123– A & C AlarmMetrics Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Alarmsand Conditions |
False |
Table 124describes the details of the A & C Alarm ClientFacet. This Facet defines the ability to use the alarming model (the AlarmType or any of the sub-types).
Table 124– A & C Alarm Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
False |
||
Alarmsand Conditions |
A & C Acknowledge Client |
False |
Alarmsand Conditions |
False |
|
Alarmsand Conditions |
A & C Audible Sound Client |
True |
Alarmsand Conditions |
A & C Comment Client |
True |
Alarmsand Conditions |
A & C Confirm Client |
True |
Alarmsand Conditions |
A & C Discrepancy Client |
True |
Alarmsand Conditions |
A & C Discrete Client |
False |
Alarmsand Conditions |
True |
|
Alarmsand Conditions |
A & C OffNormal Client |
True |
Alarmsand Conditions |
A & C On-Off Delay Client |
True |
Alarmsand Conditions |
True |
|
Alarmsand Conditions |
A & C Re-Alarming Client |
True |
Alarmsand Conditions |
A & C Shelving Client |
True |
A & C Silencing Client |
True |
|
Alarmsand Conditions |
A & C Suppression by Operator Client |
True |
A & C Suppression Client |
True |
|
Alarmsand Conditions |
A & C SystemOffNormal Client |
True |
Alarmsand Conditions |
A & C Trip Client |
True |
Table 125describes the details of the A & C Exclusive Alarming ClientFacet. This Facet defines the ability to use the exclusive Alarmmodel. This includes understanding the various subtypes such as ExclusiveRateOfChangeAlarm, ExclusiveLevelAlarm and ExclusiveDeviationAlarm.
Table 125– A & C Exclusive Alarming Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
False |
||
Alarmsand Conditions |
A & C Exclusive Deviation Client |
True |
Alarmsand Conditions |
A & C Exclusive Level Client |
True |
Alarmsand Conditions |
A & C Exclusive Limit Client |
False |
Alarmsand Conditions |
A & C Exclusive RateOfChange Client |
True |
Table 126describes the details of the A & C Non-Exclusive Alarming ClientFacet. This Facet defines the ability to use the non-exclusive Alarmmodel. This includes understanding the various subtypes such as NonExclusiveRateOfChangeAlarm, NonExclusiveLevelAlarm and NonExclusiveDeviationAlarm.
Table 126– A & C Non-Exclusive Alarming Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
False |
||
Alarmsand Conditions |
A & C Non-Exclusive Deviation Client |
True |
Alarmsand Conditions |
A & C Non-Exclusive Level Client |
True |
Alarmsand Conditions |
A & C Non-Exclusive Limit Client |
False |
Alarmsand Conditions |
A & C Non-Exclusive RateOfChange Client |
True |
Table 127describes the details of the A & C Previous Instances ClientFacet. This Facet defines the ability to use previous instances of Alarms. This implies the ability to understand branchIds.
Table 127– A & C Previous Instances Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
False |
||
Alarmsand Conditions |
A & C Branch Client |
False |
Table 128describes the details of the A & C Dialog ClientFacet. This Facet defines the ability to use the dialog model. This implies the support of Methodinvocation to respond to dialog messages.
Table 128– A & C Dialog Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
False |
||
Alarmsand Conditions |
A & C Dialog Client |
False |
Table 129describes the details of the A & C CertificateExpiration ClientFacet. This Facet defines the ability to use the CertificateExpirationAlarmType.
Table 129– A & C CertificateExpiration Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
False |
||
Alarmsand Conditions |
A & C Acknowledge Client |
True |
Alarmsand Conditions |
False |
|
Alarmsand Conditions |
A & C CertificateExpiration Client |
False |
Alarmsand Conditions |
A & C Comment Client |
True |
Alarmsand Conditions |
A & C Confirm Client |
True |
Alarmsand Conditions |
A & C Shelving Client |
True |
Table 130describes the details of the A & E Proxy Facet. This Facet describes the functionality used by a default A & E Clientproxy. A Clientexposes this Facet so that a Servermay be able to better understand the commands that are being issued by the Client, since this Facet indicates that the Clientis an A&E Com Client.
Group |
Conformance Unit / ProfileTitle |
Optional |
Address Space Model |
Address Space ClientBase |
False |
Alarmsand Conditions |
A & C Acknowledge Client |
False |
Alarmsand Conditions |
False |
|
Alarmsand Conditions |
A & C Basic Client |
False |
Alarmsand Conditions |
A & C ConditionClasses Client |
False |
Alarmsand Conditions |
A & C Discrete Client |
False |
Alarmsand Conditions |
A & C Exclusive Deviation Client |
False |
Alarmsand Conditions |
A & C Exclusive Level Client |
False |
Alarmsand Conditions |
A & C Exclusive Limit Client |
False |
Alarmsand Conditions |
A & C Exclusive RateOfChange Client |
False |
Alarmsand Conditions |
A & C Instances Client |
False |
Alarmsand Conditions |
A & C Non-Exclusive Deviation Client |
False |
Alarmsand Conditions |
A & C Non-Exclusive Level Client |
False |
Alarmsand Conditions |
A & C Non-Exclusive Limit Client |
False |
Alarmsand Conditions |
A & C Non-Exclusive RateOfChange Client |
False |
Alarmsand Conditions |
A & C OffNormal Client |
False |
Alarmsand Conditions |
A & C Refresh Client |
False |
Alarmsand Conditions |
A & C SystemOffNormal Client |
True |
Alarmsand Conditions |
A & C Trip Client |
False |
False |
||
Base Information |
Base Info ClientBasic |
False |
Base Information |
Base Info ClientChange Events |
False |
False |
||
False |
||
False |
||
False |
||
False |
||
False |
||
False |
||
Monitored Item Services |
False |
|
Monitored Item Services |
False |
|
Monitored Item Services |
Monitor ClientEvents |
False |
Security |
Security Administration |
False |
Security |
Security Administration – XML Schema |
False |
Security |
Security CertificateAdministration |
False |
False |
||
Subscription ClientBasic |
False |
|
Subscription ClientMultiple |
False |
|
Subscription ClientPublish Configurable |
False |
|
Subscription ClientRepublish |
False |
|
View Services |
View ClientBasic Browse |
False |
View Services |
View ClientBasic ResultSet Filtering |
False |
View Services |
View ClientTranslateBrowsePath |
False |
Table 131describes the details of the Method ClientFacet. This Facet defines the ability to call arbitrary Methods.
Table 131– Method Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
False |
Table 132describes the details of the Auditing ClientFacet. This Facet defines the ability to monitor Audit Events.
Table 132– Auditing Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
False |
||
Auditing |
Auditing ClientAudit ID |
False |
Auditing |
Auditing ClientSubscribes |
False |
Table 133describes the details of the NodeManagement ClientFacet. This Facet defines the ability to configure the AddressSpaceof an OPC UA Serverthrough OPC UA NodeManagement ServiceSet.
Table 133– Node Management Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Address Space Model |
Address Space ClientBase |
False |
False |
Table 134describes the details of the Advanced Type Programming ClientFacet. This Facet defines the ability to use the type model and process the instance AddressSpacebased on the type model. For example a client may contain generic displays that are based on a type, in that they contain a relative path from some main type. On call up this main type is matched to an instance and all of display items are resolved based on the provided type model.
Table 134– Advanced Type Programming Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Address Space Model |
Address Space ClientBase |
False |
Base Information |
Base Info ClientBasic |
False |
Base Information |
Base Info ClientType Programming |
False |
View Services |
View ClientTranslateBrowsePath |
False |
Table 135describes the details of the User Role Management Client Facet. This Facetdefines knowledge of the OPC UA Information Modelfor user roles and permissions and the use of the Methodsto manage them.
Table 135– User Role Management Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Security |
Security Role ClientBase |
False |
Security |
Security Role ClientDefaultRolePermissions |
False |
Security |
Security Role ClientManagement |
False |
Security |
Security Role ClientRestrict Applications |
True |
Security |
Security Role ClientRestrict Endpoints |
True |
Security |
Security Role ClientRolePermissions |
False |
Table 136describes the details of the State Machine ClientFacet. This Facet defines the ability to use state machines based on the StateMachineType or a sub-type.
Table 136– State Machine Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Base Information |
Base Info Client Available States and Transitions |
True |
Base Information |
Base Info ClientFinite State Machine Instance |
True |
Base Information |
Base Info ClientState Machine Instance |
False |
Table 137describes the details of the Diagnostic ClientFacet. This Facet defines the ability to read and process diagnostic information that is part of the OPC UA information model.
Table 137– Diagnostic Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Address Space Model |
Address Space ClientBase |
False |
Base Information |
Base Info ClientBasic |
False |
Base Information |
Base Info ClientDiagnostics |
False |
Table 138describes the details of the Redundant ClientFacet. This Facet defines the ability to use the redundancy feature available for redundant Clients.
Table 138– Redundant Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Redundancy |
Redundancy Client |
False |
Subscription ClientTransferSubscriptions |
True |
Table 139describes the details of the Redundancy Switch ClientFacet. A Clientthat supports this Facet supports monitoring the redundancy status for non-transparent redundant Serversand switching to the backup Serverwhen they recognize a change.
Table 139– Redundancy Switch Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Redundancy |
Redundancy ClientSwitch |
False |
Table 140describes the details of the Historical Access ClientFacet. This Facet defines the ability to read, process, and update historical data.
Table 140– Historical Access Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
False |
||
Historical Access |
Historical Access ClientBrowse |
False |
Historical Access |
Historical Access ClientRead Raw |
False |
Table 141describes the details of the Historical Data AtTime ClientFacet. This Facet defines the ability to access data at specific instances in time.
Table 141– Historical Data AtTime Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Historical Access ClientFacet |
False |
|
Historical Access |
Historical Access ClientTime Instance |
False |
Table 142describes the details of the Historical Aggregate ClientFacet. This Facet defines the ability to read historical data by specifying the needed aggregate. This implies consideration of the list of aggregates supported by the Server.
Table 142– Historical Aggregate Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Aggregates |
Aggregate – ClientAnnotationCount |
True |
Aggregates |
Aggregate – ClientAverage |
True |
Aggregates |
Aggregate – ClientCount |
True |
Aggregates |
Aggregate – ClientCustom Aggregates |
True |
Aggregates |
Aggregate – ClientDelta |
True |
Aggregates |
Aggregate – ClientDeltaBounds |
True |
Aggregates |
Aggregate – ClientDurationBad |
True |
Aggregates |
Aggregate – ClientDurationGood |
True |
Aggregates |
Aggregate – ClientDurationInStateNonZero |
True |
Aggregates |
Aggregate – ClientDurationInStateZero |
True |
Aggregates |
Aggregate – ClientEnd |
True |
Aggregates |
Aggregate – ClientEndBound |
True |
Aggregates |
Aggregate – ClientInterpolative |
True |
Aggregates |
Aggregate – ClientMaximum |
True |
Aggregates |
Aggregate – ClientMaximum2 |
True |
Aggregates |
Aggregate – ClientMaximumActualTime |
True |
Aggregates |
Aggregate – ClientMaximumActualTime2 |
True |
Aggregates |
Aggregate – ClientMinimum |
True |
Aggregates |
Aggregate – ClientMinimum2 |
True |
Aggregates |
Aggregate – ClientMinimumActualTime |
True |
Aggregates |
Aggregate – ClientMinimumActualTime2 |
True |
Aggregates |
Aggregate – ClientNumberOfTransitions |
True |
Aggregates |
Aggregate – ClientPercentBad |
True |
Aggregates |
Aggregate – ClientPercentGood |
True |
Aggregates |
Aggregate – ClientRange |
True |
Aggregates |
Aggregate – ClientRange2 |
True |
Aggregates |
Aggregate – ClientStandardDeviationPopulation |
True |
Aggregates |
Aggregate – ClientStandardDeviationSample |
True |
Aggregates |
Aggregate – ClientStart |
True |
Aggregates |
Aggregate – ClientStartBound |
True |
Aggregates |
Aggregate – ClientTimeAverage |
True |
Aggregates |
Aggregate – ClientTimeAverage2 |
True |
Aggregates |
Aggregate – ClientTotal |
True |
Aggregates |
Aggregate – ClientTotal2 |
True |
Aggregates |
Aggregate – ClientUsage |
False |
Aggregates |
Aggregate – ClientVariancePopulation |
True |
Aggregates |
Aggregate – ClientVarianceSample |
True |
Aggregates |
Aggregate – ClientWorstQuality |
True |
Aggregates |
Aggregate – ClientWorstQuality2 |
True |
Historical Access |
Historical Access ClientRead Aggregates |
False |
Table 143describes the details of the Historical Annotation ClientFacet. This Facet defines the ability to retrieve and write annotations for historical data.
Table 143– Historical Annotation Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Historical Access ClientFacet |
False |
|
Historical Data Update ClientFacet |
False |
|
Historical Access |
Historical Access ClientAnnotations |
False |
Table 144describes the details of the Historical Access Modified Data ClientFacet. This Facet defines the ability to access prior historical data (values that were modified or inserted).
Table 144– Historical Access Modified Data Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Historical Access ClientFacet |
False |
|
Historical Access |
Historical Access ClientRead Modified |
False |
Table 145describes the details of the Historical Data Insert ClientFacet. This Facet defines the ability to insert historical data.
Table 145– Historical Data Insert Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
False |
||
Historical Access |
Historical Access ClientData Insert |
False |
Table 146describes the details of the Historical Data Update ClientFacet. This Facet defines the ability to update historical data.
Table 146– Historical Data Update Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
False |
||
Historical Access |
Historical Access ClientData Update |
False |
Table 147describes the details of the Historical Data Replace ClientFacet. This Facet defines the ability to replace historical data.
Table 147– Historical Data Replace Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
False |
||
Historical Access |
Historical Access ClientData Replace |
False |
Table 148describes the details of the Historical Data Delete ClientFacet. This Facet defines the ability to delete historical data.
Table 148– Historical Data Delete Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
False |
||
Historical Access |
Historical Access ClientData Delete |
False |
Table 149describes the details of the Historical Access Client ServerTimestamp Facet. This Facet defines the ability to request and process Servertimestamps, in addition to source timestamps.
Table 149– Historical Access Client Server Timestamp Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Historical Access |
False |
Table 150describes the details of the Historical Structured Data Access ClientFacet. This Facet defines the ability to read structured values for historical nodes.
Table 150– Historical Structured Data Access Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Historical Access ClientFacet |
False |
|
Historical Access |
Historical Access ClientStructure Data Raw |
False |
Table 151describes the details of the Historical Structured Data AtTime ClientFacet. This Facet defines the ability to read structured values for historical nodes at specific instances in time.
Table 151– Historical Structured Data AtTime Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Historical Data AtTime ClientFacet |
False |
|
Historical Access |
Historical Access ClientStructure Data Time Instance |
False |
Table 152describes the details of the Historical Structured Data Modified ClientFacet. This Facet defines the ability to read structured values for prior historical data (values that were modified or inserted).
Table 152– Historical Structured Data Modified Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Historical Access Modified Data ClientFacet |
False |
|
Historical Access |
Historical Access ClientStructure Data Read Modified |
False |
Table 153describes the details of the Historical Structured Data Insert ClientFacet. This Facet defines the ability to insert structured historical data.
Table 153– Historical Structured Data Insert Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Historical Data Insert ClientFacet |
False |
|
Historical Access |
Historical Access ClientStructure Data Insert |
False |
Table 154describes the details of the Historical Structured Data Update ClientFacet. This Facet defines the ability to update structured historical data.
Table 154– Historical Structured Data Update Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Historical Data Update ClientFacet |
False |
|
Historical Access |
Historical Access ClientStructure Data Update |
False |
Table 155describes the details of the Historical Structured Data Replace ClientFacet. This Facet defines the ability to replace structured historical data.
Table 155– Historical Structured Data Replace Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Historical Data Replace ClientFacet |
False |
|
Historical Access |
Historical Access ClientStructure Data Replace |
False |
Table 156describes the details of the Historical Structured Data Delete ClientFacet. This Facet defines the ability to remove structured historical data.
Table 156– Historical Structured Data Delete Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Historical Data Delete ClientFacet |
False |
|
Historical Access |
Historical Access ClientStructure Data Delete |
False |
Table 157describes the details of the Historical Events ClientFacet. This Facet defines the ability to read Historical Events, including simple filtering.
Table 157– Historical Events Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
False |
||
Historical Access |
Historical Access ClientRead Events |
False |
Table 158describes the details of the Historical EventInsert ClientFacet. This Facet defines the ability to insert historical events.
Table 158– Historical Event Insert Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
False |
||
Historical Access |
False |
Table 159describes the details of the Historical EventUpdate ClientFacet. This Facet defines the ability to update historical events.
Table 159– Historical Event Update Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
False |
||
Historical Access |
False |
Table 160describes the details of the Historical EventReplace ClientFacet. This Facet defines the ability to replace historical events.
Table 160– Historical Event Replace Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
False |
||
Historical Access |
False |
Table 161describes the details of the Historical EventDelete ClientFacet. This Facet defines the ability to delete Historical events.
Table 161– Historical Event Delete Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
False |
||
Historical Access |
False |
Table 162describes the details of the Aggregate Subscriber ClientFacet. This Facet defines the ability to use the aggregate filter when subscribing for Attributevalues.
Table 162– Aggregate Subscriber Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Aggregates |
Aggregate Subscription– ClientAnnotationCount |
True |
Aggregates |
Aggregate Subscription– ClientAverage |
True |
Aggregates |
Aggregate Subscription– ClientCount |
True |
Aggregates |
Aggregate Subscription– ClientCustom Aggregates |
True |
Aggregates |
Aggregate Subscription– ClientDelta |
True |
Aggregates |
Aggregate Subscription– ClientDeltaBounds |
True |
Aggregates |
Aggregate Subscription– ClientDurationBad |
True |
Aggregates |
Aggregate Subscription– ClientDurationGood |
True |
Aggregates |
Aggregate Subscription– ClientDurationInStateNonZero |
True |
Aggregates |
Aggregate Subscription– ClientDurationInStateZero |
True |
Aggregates |
Aggregate Subscription– ClientEnd |
True |
Aggregates |
Aggregate Subscription– ClientEndBound |
True |
Aggregates |
Aggregate Subscription– ClientFilter |
False |
Aggregates |
Aggregate Subscription– ClientInterpolative |
True |
Aggregates |
Aggregate Subscription– ClientMaximum |
True |
Aggregates |
Aggregate Subscription– ClientMaximum2 |
True |
Aggregates |
Aggregate Subscription– ClientMaximumActualTime |
True |
Aggregates |
Aggregate Subscription– ClientMaximumActualTime2 |
True |
Aggregates |
Aggregate Subscription– ClientMinimum |
True |
Aggregates |
Aggregate Subscription– ClientMinimum2 |
True |
Aggregates |
Aggregate Subscription– ClientMinimumActualTime |
True |
Aggregates |
Aggregate Subscription– ClientMinimumActualTime2 |
True |
Aggregates |
Aggregate Subscription– ClientNumberOfTransitions |
True |
Aggregates |
Aggregate Subscription– ClientPercentBad |
True |
Aggregates |
Aggregate Subscription– ClientPercentGood |
True |
Aggregates |
Aggregate Subscription– ClientRange |
True |
Aggregates |
Aggregate Subscription– ClientRange2 |
True |
Aggregates |
Aggregate Subscription– ClientStandardDeviationPopulation |
True |
Aggregates |
Aggregate Subscription– ClientStandardDeviationSample |
True |
Aggregates |
Aggregate Subscription– ClientStart |
True |
Aggregates |
Aggregate Subscription– ClientStartBound |
True |
Aggregates |
Aggregate Subscription– ClientTimeAverage |
True |
Aggregates |
Aggregate Subscription– ClientTimeAverage2 |
True |
Aggregates |
Aggregate Subscription– ClientTotal |
True |
Aggregates |
Aggregate Subscription– ClientTotal2 |
True |
Aggregates |
Aggregate Subscription– ClientVariancePopulation |
True |
Aggregates |
Aggregate Subscription– ClientVarianceSample |
True |
Aggregates |
Aggregate Subscription– ClientWorstQuality |
True |
Aggregates |
Aggregate Subscription– ClientWorstQuality2 |
True |
Monitored Item Services |
Monitor ClientAggregate Filter |
False |
Monitored Item Services |
Monitor Clientby Index |
False |
Monitored Item Services |
Monitor ClientModify |
True |
Monitored Item Services |
Monitor ClientValue Change |
False |
Subscription ClientBasic |
False |
|
Subscription ClientModify |
True |
|
Subscription ClientMultiple |
True |
|
Subscription ClientRepublish |
True |
Table 163describes the details of the Standard UA Client Profile. This Profileis a FullFeatured Profilethat defines a minimum set of functionality required for generic OPC UA Clients. Such a Clientshall be able to use local, subnet and global discovery. It shall be able to maintain a connection with a single Session(as required for nano embedded Servers). If Subscriptions are used, the Clientshall respect the limits of Serverswith limited resources. If a Serverdoes not support Subscriptions, the Clientshall provide read access as fallback. The Clientmust provide connection establishment through the OPC UA TCP binary protocol with and without security.
Table 163– Standard UA Client Profile
Group |
Conformance Unit / ProfileTitle |
Optional |
AddressSpaceLookup ClientFacet |
False |
|
False |
||
False |
||
Base ClientBehaviour Facet |
False |
|
Core ClientFacet |
False |
|
DataChange Subscriber ClientFacet |
False |
|
False |
||
Entry Level Support 2015 ClientFacet |
False |
|
Global CertificateManagement ClientFacet |
False |
|
False |
||
False |
||
SecurityPolicy [B] – Basic256Sha256 |
False |
|
SecurityPolicy – Basic256 |
False |
|
False |
||
UA-TCP UA-SC UA-Binary |
False |
|
User Token – Anonymous Facet |
False |
Table 164describes the details of the Standard UA Client2017 Profile. This Profileis a FullFeatured Profilethat defines a minimum set of functionality required for generic OPC UA Clients. Such a Clientshall be able to use local, subnet and global discovery. It shall be able to maintain a connection with a single Session(as required for nano embedded Servers). If Subscriptionsare used, the Clientshall respect the limits of Serverswith limited resources. If a Serverdoes not support Subscriptions, the Clientshall provide read access as fallback. The Clientmust provide connection establishment through the OPC UA TCP binary protocol with and without security.This Profilesupersedes the “Standard UA Client Profile”
Table 164– Standard UA Client 2017 Profile
Group |
Conformance Unit / ProfileTitle |
Optional |
AddressSpaceLookup ClientFacet |
False |
|
False |
||
False |
||
Base ClientBehaviour Facet |
False |
|
Core 2017 ClientFacet |
False |
|
DataChange Subscriber ClientFacet |
False |
|
False |
||
Entry Level Support 2015 ClientFacet |
False |
|
Global CertificateManagement ClientFacet |
False |
|
False |
||
False |
||
False |
||
UA-TCP UA-SC UA-Binary |
False |
|
User Token – Anonymous Facet |
False |
Table 165describes the details of the UA-TCP UA-SC UA-Binary. This transport Facet defines a combination of network protocol, security protocol and message encoding that is optimized for low resource consumption and high performance. It combines the simple TCP based network protocol UA-TCP 1.0 with the binary security protocol UA-SecureConversation 1.0 and the binary message encoding UA-Binary 1.0.
Table 165– UA-TCP UA-SC UA-Binary
Group |
Conformance Unit / ProfileTitle |
Optional |
Protocol and Encoding |
Protocol UA TCP |
False |
Protocol and Encoding |
UA Binary Encoding |
False |
Protocol and Encoding |
UA Secure Conversation |
False |
Table 166describes the details of the HTTPS UA-Binary. This transport Facet defines a combination of network protocol, security protocol and message encoding that balances compatibility with widely used HTTPS transport and a compact UA-Binary encoded message for added performance. It is expected that this transport will be used to support installations where firewalls only permit HTTPS or where a WEB browser is used as Client. This transport requires that one of the TransportSecurity Profilesfor TLS be provided.
Group |
Conformance Unit / ProfileTitle |
Optional |
Protocol and Encoding |
Protocol HTTPS |
False |
Protocol and Encoding |
UA Binary Encoding |
False |
Security |
Security TLS General |
False |
Table 167describes the details of the HTTPS UA-XML. This transport Facet defines a combination of network protocol, security protocol and message encoding that uses HTTPS transport and a SOAP XML encoded message for use with standard SOAP V1.2 toolkits. This transport requires that one of the TransportSecurity Profilesfor TLS be provided.
Group |
Conformance Unit / ProfileTitle |
Optional |
Protocol and Encoding |
Protocol HTTPS |
False |
Protocol and Encoding |
UA SOAP-XML Encoding |
False |
Security |
Security TLS General |
False |
Table 168describes the details of the HTTPS UA-JSON. This transport Facet defines a combination of network protocol, security protocol and message encoding that uses HTTPS transport and a UA-JSON encoded message. This transport requires that one of the TransportSecurity Profilesfor TLS be provided.
Group |
Conformance Unit / ProfileTitle |
Optional |
Protocol and Encoding |
JSON Reversible Encoding |
False |
Protocol and Encoding |
Protocol HTTPS |
False |
Security |
Security TLS General |
False |
Table 169describes the details of the WSS UA-SC UA-Binary. This transport Facet defines a combination of network protocol, security protocol and message encoding that uses WSS transport as a tunnel for UA-SecureConversation and UA-Binary encoded messages. Although transport security is available in WSS via TLS, additional message security can be used to assure end-to-end security.
Table 169– WSS UA-SC UA-Binary
Group |
Conformance Unit / ProfileTitle |
Optional |
Protocol and Encoding |
Protocol Web Sockets |
False |
Protocol and Encoding |
UA Binary Encoding |
False |
Protocol and Encoding |
UA Secure Conversation |
False |
Security |
Security TLS General |
False |
Table 170describes the details of the WSS UA-JSON. This transport Facet defines a combination of network protocol, security protocol and message encoding that uses WSS transport with UA-JSON encoded messages.
Group |
Conformance Unit / ProfileTitle |
Optional |
Protocol and Encoding |
JSON Reversible Encoding |
False |
Protocol and Encoding |
Protocol Web Sockets |
False |
Security |
Security TLS General |
False |
Table 171describes the details of the Security User Access Control Full. A Serverthat supports this profile supports restricting multiple levels of access to all Nodesin the AddressSpacebased on the validated user.
Table 171– Security User Access Control Full
Group |
Conformance Unit / ProfileTitle |
Optional |
Security User Access Control Base |
False |
|
Address Space Model |
Address Space User Access Level Full |
False |
Table 172describes the details of the Security User Access Control Base. A Serverthat supports this profile supports restricting some level of access to some Nodesin the AddressSpacebased on the validated user.
Table 172– Security User Access Control Base
Group |
Conformance Unit / ProfileTitle |
Optional |
Address Space Model |
Address Space User Access Level Base |
False |
Security |
Security User IssuedToken Kerberos |
True |
Security |
Security User IssuedToken Kerberos Windows |
True |
Security |
Security User Name Password |
False |
Security |
Security User X509 |
True |
Table 173describes the details of the Security Time Synchronization. This Facet indicates that the application supports the minimum required level of time synchronization to ensure secure communication. One of the optional time synchronization conformance units must be supported.
Table 173– Security Time Synchronization
Group |
Conformance Unit / ProfileTitle |
Optional |
Security |
Security Time Synch – Configuration |
False |
Security |
Security Time Synch – NTP / OS Based support |
True |
Security |
Security Time Synch – UA based support |
True |
Table 174describes the details of the Best Practice – Audit Events. Subscriptions for Audit Events shall be restricted to authorized personnel.
Table 174– Best Practice – Audit Events
Group |
Conformance Unit / ProfileTitle |
Optional |
Miscellaneous |
Best Practice – Audit Events |
False |
Table 175describes the details of the Best Practice – AlarmHandling. A Servershould restrict critical alarm handling functionality to users that have the appropriate rights to perform these actions.
Table 175– Best Practice – Alarm Handling
Group |
Conformance Unit / ProfileTitle |
Optional |
Miscellaneous |
Best Practice – AlarmHandling |
False |
Table 176describes the details of the Best Practice – Random Numbers. All random numbers that are required for security should use appropriate cryptographic library based random number generators.
Table 176– Best Practice – Random Numbers
Group |
Conformance Unit / ProfileTitle |
Optional |
Miscellaneous |
Best Practice – Random Numbers |
False |
Table 177describes the details of the Best Practice – Timeouts. The administrator should be able to configure reasonable timeouts for Secure Channels, Sessions and Subscriptions. Setting these timeouts allows limiting Denial of Serviceattacks and overload issues.
Table 177– Best Practice – Timeouts
Group |
Conformance Unit / ProfileTitle |
Optional |
Miscellaneous |
Best Practice – Timeouts |
False |
Table 178describes the details of the Best Practice – Administrative Access. The Serverand Clientallow restricting the use of certain Servicesand access to parts of the AddressSpaceto administrative personnel. This includes multiple level of administrative access on platforms that support multiple administrative roles (such as Windows or Linux).
Table 178– Best Practice – Administrative Access
Group |
Conformance Unit / ProfileTitle |
Optional |
Miscellaneous |
Best Practice – Administrative Access |
False |
Table 179describes the details of the Best Practice – Strict MessageHandling. Serverand Clientreject messages that are incorrectly formed as specified in Part 4 and Part 6.
Table 179– Best Practice – Strict Message Handling
Group |
Conformance Unit / ProfileTitle |
Optional |
Miscellaneous |
Best Practice – Strict MessageHandling |
False |
Table 180describes the details of the Best Practice – Audit Events Client. Audit Tracking system connect to a Serverusing a Secure Channel and under the appropriate authorization to allow access to Audit Events.
Table 180– Best Practice – Audit Events Client
Group |
Conformance Unit / ProfileTitle |
Optional |
Miscellaneous |
Best Practice – Audit Events Client |
False |
Table 181describes the details of the TransportSecurity – TLS 1.2. This Facet defines a transport security for configurations with high security needs. It makes use of TLS 1.2 and uses TLS_RSA_WITH_AES_256_CBC_SHA256. As computing power increases, security algorithms are expected to expire. NIST provides guidelines for expected expiration dates for individual algorithms. These guidelines provide recommended dates at which the algorithm should be replaced or upgraded to a more secure algorithm. They do not indicate a failure of the algorithm. NIST has no recommendations for this TransportSecurity. It is recommended that Serversand Clientssupport all security profiles and developers provide the recommended profile as a default. It is up to an administrator to configure the actual exposed TransportSecurity Profiles.
Table 181– TransportSecurity – TLS 1.2
Group |
Conformance Unit / ProfileTitle |
Optional |
Security |
Security TLS_RSA with AES_256_CBC_SHA256 |
False |
Table 182describes the details of the TransportSecurity – TLS 1.2 with PFS. This Facet defines a transport security for configurations with high security needs and perfect forward secrecy (PFS). It makes use of TLS 1.2 and uses TLS_DHE_RSA_WITH_AES_128_CBC_SHA256 or TLS_DHE_RSA_WITH_AES_256_CBC_SHA256. As computing power increases, security algorithms are expected to expire. NIST provides guidelines for expected expiration dates for individual algorithms. These guidelines provide recommended dates at which the algorithm should be replaced or upgraded to a more secure algorithm. They do not indicate a failure of the algorithm. NIST has no recommendations for this TransportSecurity. It is recommended that Serversand Clientssupport all security profiles and developers provide the recommended profile as a default. It is up to an administrator to configure the actual exposed TransportSecurity Profiles.
Table 182– TransportSecurity – TLS 1.2 with PFS
Group |
Conformance Unit / ProfileTitle |
Optional |
Security |
Security TLS_DHE_RSA with AES_nnn_CBC_SHA256 |
False |
Table 183describes the details of the SecurityPolicy – None. This security Facet defines a security policy used for configurations with the lowest security needs. This security policy can affect the behaviour of the CreateSession and ActivateSession Services. It also results in a SecureChannel which has no channel security. By default this security policy should be disabled if any other security policies are available.
Table 183– SecurityPolicy – None
Group |
Conformance Unit / ProfileTitle |
Optional |
Security |
AsymmetricEncryptionAlgorithm_None |
False |
Security |
AsymmetricSignatureAlgorithm_None |
False |
Security |
KeyDerivationAlgorithm_None |
False |
Security |
Security None CreateSession ActivateSession |
False |
Security |
Security None CreateSession ActivateSession 1.0 |
True |
Security |
SecurtyPolicy_None_Limits |
False |
Security |
SymmetricEncryptionAlgorithm_None |
False |
Security |
SymmetricSignatureAlgorithm_None |
False |
SecurityPolicy – Basic128Rsa15 has been deprecated in v1.04 since the hash algorithm Sha-1 is not considered secure anymore.
SecurityPolicy – Basic128Rsa15 has been deprecated in v1.04 since the hash algorithm Sha-1 is not considered secure anymore.
Table 184describes the details of the SecurityPolicy [A] - Aes128-Sha256-RsaOaep. This security Facet defines a security policy for configurations with average security needs. It requires a PKI infrastructure. As computing power increases, security policies are expected to expire. NIST provides guidelines for expected expiration dates for individual algorithms. These guidelines provide recommended dates at which the algorithm should be replaced or upgraded to a more secure algorithm. They do not indicate a failure of the algorithm. This security policy has no published end dates as of this time. It is recommended that Serversand Clientssupport all security profiles and support configurability of actual exposed and default security policies.
Table 184– SecurityPolicy [A] - Aes128-Sha256-RsaOaep
Group |
Conformance Unit / ProfileTitle |
Optional |
Security |
Aes128-Sha256-RsaOaep_Limits |
False |
Security |
AsymmetricEncryptionAlgorithm_RSA-OAEP-SHA1 |
False |
Security |
AsymmetricSignatureAlgorithm_RSA-PKCS15-SHA2-256 |
False |
Security |
CertificateSignatureAlgorithm_RSA-PKCS15-SHA2-256 |
False |
Security |
KeyDerivationAlgorithm_P-SHA2-256 |
False |
Security |
Security CertificateValidation |
False |
Security |
Security Encryption Required |
False |
Security |
Security Signing Required |
False |
Security |
SymmetricEncryptionAlgorithm_AES128-CBC |
False |
Security |
SymmetricSignatureAlgorithm_HMAC-SHA2-256 |
False |
Table 185describes the details of the SecurityPolicy [B] – Basic256Sha256. This security Facet defines a security policy for configurations with high security needs. It requires a PKI infrastructure.As computing power increases, security policies are expected to expire. NIST provides guidelines for expected expiration dates for individual algorithms. These guidelines provided recommended dates at which the algorithm should be replaced or upgraded to a more secure algorithm. They do not indicate a failure of the algorithm. This security policy has no published end dates as of this time. It is recommended that Serversand Clientssupport all security profiles and developers provide the recommended profile as a default. It is up to an administrator to configure the actual exposed security policies.
Table 185– SecurityPolicy [B] – Basic256Sha256
Group |
Conformance Unit / ProfileTitle |
Optional |
Security |
AsymmetricEncryptionAlgorithm_RSA-OAEP-SHA1 |
False |
Security |
AsymmetricSignatureAlgorithm_RSA-PKCS15-SHA2-256 |
False |
Security |
Basic256Sha256_Limits |
False |
Security |
CertificateSignatureAlgorithm_RSA-PKCS15-SHA2-256 |
False |
Security |
KeyDerivationAlgorithm_P-SHA2-256 |
False |
Security |
Security CertificateValidation |
False |
Security |
Security Encryption Required |
False |
Security |
Security Signing Required |
False |
Security |
SymmetricEncryptionAlgorithm_AES256-CBC |
False |
Security |
SymmetricSignatureAlgorithm_HMAC-SHA2-256 |
False |
Table 186describes the details of the SecurityPolicy - Aes256-Sha256-RsaPss. This security Facet defines a security policy for configurations with a need for high security. It requires a PKI infrastructure. As computing power increases, security policies are expected to expire. NIST provides guidelines for expected expiration dates for individual algorithms. These guidelines provide recommended dates at which the algorithm should be replaced or upgraded to a more secure algorithm. They do not indicate a failure of the algorithm. This security policy has no published end dates as of this time. It is recommended that Serversand Clientssupport all security profiles and support configurability of actual exposed and default security policies.
Table 186– SecurityPolicy - Aes256-Sha256-RsaPss
Group |
Conformance Unit / ProfileTitle |
Optional |
Security |
Aes256-Sha256-RsaPss_Limits |
False |
Security |
AsymmetricEncryptionAlgorithm_RSA-OAEP-SHA2-256 |
False |
Security |
AsymmetricSignatureAlgorithm_RSA-PSS -SHA2-256 |
False |
Security |
CertificateSignatureAlgorithm_ RSA-PKCS15-SHA2-256 |
False |
Security |
KeyDerivationAlgorithm_P-SHA2-256 |
False |
Security |
Security CertificateValidation |
False |
Security |
Security Encryption Required |
False |
Security |
Security Signing Required |
False |
Security |
SymmetricEncryptionAlgorithm_AES256-CBC |
False |
Security |
SymmetricSignatureAlgorithm_HMAC-SHA2-256 |
False |
Table 187describes the details of the User Token – Anonymous Facet. This Facet indicates that anonymous User Tokens are supported.
Table 187– User Token – Anonymous Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Security |
Security User Anonymous |
False |
Table 188describes the details of the User Token – User Name Password ServerFacet. This Facet indicates that a user token that is comprised of a username and password is supported. This user token can affect the behaviour of the ActivateSession Service.
Table 188– User Token – User Name Password Server Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Security |
Security Invalid user token |
False |
Security |
Security User Name Password |
False |
Table 189describes the details of the User Token – X509 Certificate ServerFacet. This Facet indicates that the use of an X509 certificates to identify users is supported.
Table 189– User Token – X509 Certificate Server Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Security |
Security Invalid user token |
False |
Security |
Security User X509 |
False |
Table 190describes the details of the User Token – Issued Token ServerFacet. This Facet indicates that a User Token that is comprised of an issued token is supported.
Table 190– User Token – Issued Token Server Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Security |
Security Invalid user token |
False |
Security |
Security User IssuedToken Kerberos |
False |
Table 191describes the details of the User Token – Issued Token Windows ServerFacet. This Facet further refines the User Token - Issued Token to indicate a windows implementation of Kerberos
Table 191– User Token – Issued Token Windows Server Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
User Token – Issued Token ServerFacet |
False |
|
Security |
Security User IssuedToken Kerberos Windows |
False |
Table 192describes the details of the User Token – JWT ServerFacet. This Facet defines support for JSON Web Tokens (JWT) to identify the user during Sessionsetup. A JWT is the Access Token format which OPC UA requires when using OAuth2.
Table 192– User Token – JWT Server Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
||
Security |
Azure Identity Provider Authority Profile |
True |
||
Security |
OAuth2 Authority Profile |
True |
||
Security |
OPC UA Authority Profile |
True |
||
Security |
Security Invalid user token |
False |
||
Security |
Security User JWT IssuedToken |
False |
||
Security |
Security User JWT Token Policy |
False |
Table 193describes the details of the User Token – User Name Password ClientFacet. This Facet defines the ability to use a user token that is comprised of a username and password.
Table 193– User Token – User Name Password Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Security |
Security User Name Password Client |
False |
Table 194describes the details of the User Token – X509 Certificate ClientFacet. This Facet defines the ability to use an X509 certificates to identify users.
Table 194– User Token – X509 Certificate Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Security |
Security User X509 Client |
False |
Table 195describes the details of the User Token – Issued Token ClientFacet. This Facet defines the ability to use the User Token - Issued Token (Kerberos) to connect to a Server.
Table 195– User Token – Issued Token Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Security |
Security User IssuedToken Kerberos Client |
False |
Table 196describes the details of the User Token – Issued Token Windows ClientFacet. This Facet defines the ability to use the User Token - Issued Token (Windows implementation of Kerberos) to connect to a Server
Table 196– User Token – Issued Token Windows Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
Security |
Security User IssuedToken Kerberos Windows Client |
False |
Table 197describes the details of the User Token – JWT ClientFacet. This Facet defines the ability to use JSON Web Tokens (JWT) as user identification during Sessionsetup. JWTs are used to request an access token from an external Authorization Service.
Table 197– User Token – JWT Client Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
||
Security |
Azure Identity Provider Authority Profile |
True |
||
Security |
OAuth2 Authority Profile |
True |
||
Security |
OPC UA Authority Profile |
True |
||
Security |
Security User JWT IssuedToken Client |
False |
||
Security |
Security User JWT Token Policy Client |
False |
Table 198describes the details of the Global Discovery Server Profile. This Profileis a FullFeatured Profilethat covers the necessary Servicesand Information Model of a UA Serverthat acts as a GDS.
Table 198– Global Discovery Server Profile
Group |
Conformance Unit / ProfileTitle |
Optional |
Core ServerFacet |
False |
|
False |
||
SecurityPolicy – Basic128Rsa15 |
False |
|
SecurityPolicy – Basic256 |
False |
|
Standard DataChange Subscription ServerFacet |
False |
|
UA-TCP UA-SC UA-Binary |
False |
|
User Token – X509 Certificate ServerFacet |
False |
|
GDS |
GDS Application Directory |
False |
GDS |
GDS LDS-ME Connectivity |
False |
Security |
Security Default ApplicationInstance Certificate |
False |
SessionMinimum 50 Parallel |
False |
Table 199describes the details of the Global Discovery Server2017 Profile. This Profileis a FullFeatured Profilethat covers the necessary Servicesand Information Model of a UA Serverthat acts as a GDS.This Profilesupersedes the “Global Discovery Server Profile”.
Table 199– Global Discovery Server 2017 Profile
Group |
Conformance Unit / ProfileTitle |
Optional |
Core 2017 ServerFacet |
False |
|
False |
||
Standard DataChange Subscription2017 ServerFacet |
False |
|
UA-TCP UA-SC UA-Binary |
False |
|
GDS |
GDS Application Directory |
False |
GDS |
GDS LDS-ME Connectivity |
False |
GDS |
GDS Query Applications |
False |
Security |
Security Default ApplicationInstance Certificate |
False |
Security |
Security Policy Required |
False |
SessionMinimum 50 Parallel |
False |
Table 200describes the details of the Global Discoveryand CertificateManagement Server. This Profileis a FullFeatured Profilethat covers the necessary Servicesand Information Model of a UA Serverthat acts as a GDS and a global CertificateManager.
Table 200– Global Discovery and Certificate Management Server
Group |
Conformance Unit / ProfileTitle |
Optional |
Auditing ServerFacet |
False |
|
File Access ServerFacet |
False |
|
False |
||
SecurityPolicy [B] – Basic256Sha256 |
False |
|
Standard Event Subscription ServerFacet |
False |
|
GDS |
GDS CertificateManager Pull Model |
False |
GDS |
GDS CertificateManager Push Model |
False |
Table 201describes the details of the Global Discoveryand CertificateMgmt 2017 Server. This Profileis a FullFeatured Profilethat covers the necessary Servicesand Information Model of a UA Serverthat acts as a GDS and a global CertificateManager.This Profilesupersedes the “Global Discoveryand CertificateManagement Server”.
Table 201– Global Discovery and Certificate Mgmt 2017 Server
Group |
Conformance Unit / ProfileTitle |
Optional |
Auditing ServerFacet |
False |
|
File Access ServerFacet |
False |
|
False |
||
Standard Event Subscription ServerFacet |
False |
|
GDS |
GDS CertificateManager Pull Model |
False |
Table 202describes the details of the Global CertificateManagement Client Profile. This Profileis a FullFeatured Profilethat uses the Push Model for the management of Certificatesand Trust Lists.
Table 202– Global Certificate Management Client Profile
Group |
Conformance Unit / ProfileTitle |
Optional |
Core ClientFacet |
False |
|
False |
||
Entry Level Support 2015 ClientFacet |
False |
|
File Access ClientFacet |
False |
|
False |
||
SecurityPolicy [B] – Basic256Sha256 |
False |
|
SecurityPolicy – Basic256 |
False |
|
UA-TCP UA-SC UA-Binary |
False |
|
GDS |
GDS CertificateManager Push Model |
False |
Security |
Security Default ApplicationInstance Certificate |
False |
Table 203describes the details of the Global CertificateManagement Client2017 Profile. This Profileis a FullFeatured Profilethat uses the Push Model for the management of Certificatesand Trust Lists.This Profilesupersedes the “Global CertificateManagement Client Profile”.
Table 203– Global Certificate Management Client 2017 Profile
Group |
Conformance Unit / ProfileTitle |
Optional |
Core 2017 ClientFacet |
False |
|
False |
||
Entry Level Support 2015 ClientFacet |
False |
|
File Access ClientFacet |
False |
|
False |
||
UA-TCP UA-SC UA-Binary |
False |
|
GDS |
GDS CertificateManager Push Model |
False |
Security |
Security Default ApplicationInstance Certificate |
False |
Table 204describes the details of the Global ServiceAuthorization Request ServerFacet. This Facet defines the capability of a Server(like a GDS) to provide access tokes to OPC UA Clientsvia an Authorization Serviceas defined in UA Part 12.
Table 204– Global Service Authorization Request Server Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
GDS |
False |
Table 205describes the details of the Global Service KeyCredential Pull Facet. This Facet requires providing the Information Modelfor Pull Management as defined in UA Part 12. For example KeyCredentials are needed to access an Authorization Serviceor a Broker. OPC UA Clientsuse this Information Model to request and update KeyCredentials they need.
Table 205– Global Service KeyCredential Pull Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
GDS |
GDS Key Credential ServicePull Model |
False |
Table 206describes the details of the Global Service KeyCredential Push Facet. This Facet requires the use of KeyCredential Push Management functions to set or update credentials in an OPC UA Server. For example KeyCredentials are needed to access an Authorization Serviceor a Broker. This OPC UA Serverin turn has to provide the KeyCredentialConfigurationType Objectsthat represent required credentials.
Table 206– Global Service KeyCredential Push Facet
Group |
Conformance Unit / ProfileTitle |
Optional |
GDS |
GDS Key Credential ServicePush Model |
False |
______________