6 PubSub communication parameters ToC Previous Next

6.2 Common configuration parameters ToC Previous Next

6.2.5 Shared PubSubGroup parameters ToC Previous Next

6.2.5.1 General ToC

The parameters are shared between WriterGroup and ReaderGroup.

The parameters are related to PubSub NetworkMessage security. See 5.4.4 for an introduction of PubSub security and Clause 8 for the definition of the PubSub Security Key Service.

6.2.5.2 SecurityMode ToC

The SecurityMode indicates the level of security applied to the NetworkMessages published by a WriterGroup or received by a ReaderGroup. The MessageSecurityMode DataType is defined in OPC 10000-4.

6.2.5.3 SecurityGroupId ToC

The SecurityGroupId with DataType String is the identifier for a SecurityGroup in the Security Key Server. It is unique within a SKS.

The parameter is null if the SecurityMode is NONE.

If the SecurityMode is not NONE the SecurityGroupId identifies the SecurityGroup. The SecurityGroup defines the SecurityPolicy and the security keys used for the NetworkMessage security. The PubSubGroup defines the SecurityMode for the NetworkMessages sent by the group.

6.2.5.4 SecurityKeyServices ToC

SecurityKeyServices is an array of the DataType EndpointDescription and defines one or more Security Key Servers (SKS) that manage the security keys for the SecurityGroup assigned to the PubSubGroup. The EndpointDescription DataType is defined in OPC 10000-4.

The parameter is null if the SecurityMode is NONE.

Each element in the array is an Endpoint for an SKS that can supply the security keys for the SecurityGroupId. Multiple Endpoints exist because an SKS may have multiple redundant instances. If the SKS supports non-transparent redundancy, each Server in the redundant set shall have one entry in the array.

The use of the EndpointDescription parameters for the SKS selection are defined in Table 31. The main key for the identification of the SKS is the ApplicationUri.

The ApplicationUri is used in the different Server discovery mechanisms to get the OPC UA endpoint information necessary to connect to the SKS.

The combination of SecurityGroupId and SKS ApplicationUri is the unique key for a SecurityGroup in a PubSub application.

Table 31 – SecurityKeyService parameter content

Field Type Definition for the values
EndpointUrl String Shall be null or empty.
Server ApplicationDescription The ApplicationDescription DataType is defined in OPC 10000-4.
   ApplicationUri String The ServerUri of the SKS.
   ProductUri String Can be null or empty.
   ApplicationName LocalizedText Can be null or empty.
   ApplicationType    EnumApplicationType    SERVER      The security keys are pulled from the SKS using the Method GetSecurityKeys.   CLIENT      The security keys are pushed from the SKS to the PubSub application using the Method SetSecurityKeys.   CLIENTANDSERVER      Invalid value.   DISCOVERYSERVER      Invalid value.If the SKS information is sent as part of a discovery announcement message for a WriterGroup, the ApplicationType shall be set to SERVER even if the Publisher is configured for push.
   GatewayServerUri String Shall be null or empty.
   DiscoveryProfileUri String Shall be null or empty.
   DiscoveryUrls [] String A list of URLs for the DiscoveryEndpoints provided by the SKS.
ServerCertificate    ApplicationInstanceCertificate Shall be null or empty.
SecurityMode MessageSecurityMode The value shall be SIGNANDENCRYPT.
SecurityPolicyUri String    ApplicationType SERVER   The URI for SecurityPolicy to use to connect to the SKS.   If the URI is null or empty, the pull access shall use the best available security policy that is also supported by the pull Client.   ApplicationType CLIENTShall be null or empty.
UserIdentityTokens [] UserTokenPolicy    ApplicationType SERVER   The user identity tokens that should be used to connect to the SKS.   The default is ANONYMOUS if the array is empty. For ANONYMOUS the authorization for accessing the keys is based on the application authentication.   If the type is USERNAME, a KeyCredentialConfigurationType instance is used to configure user name and password. The ResourceUri of the KeyCredentialConfigurationType instance shall match the ApplicationUri of the SKS. The KeyCredentialConfigurationType is defined in OPC 10000-12.   The UserTokenPolicies are defined in OPC 10000-4.   ApplicationType CLIENTThe array shall be null or empty.
TransportProfileUri String Can be null or empty.
SecurityLevel Byte Shall be 0.

6.2.5.5 MaxNetworkMessageSize ToC

The MaxNetworkMessageSize with DataType UInt32 indicates the maximum size in bytes for NetworkMessages created by the WriterGroup. It refers to the size of the complete NetworkMessage including padding and signature without any additional headers added by the transport protocol mapping. If the size of a NetworkMessage exceeds the MaxNetworkMessageSize, the behaviour depends on the message mapping.

The transport protocol mappings defined in 7.3 may define restrictions for the maximum value of this parameter.

NOTE The value for the MaxNetworkMessageSize should be configured in a way that ensures that NetworkMessages together with additional headers added by the transport protocol are still smaller than or equal than the transport protocol MTU.

6.2.5.6 GroupProperties ToC

The GroupProperties parameter is an array of DataType KeyValuePair that specifies additional properties for the configured group. The KeyValuePair DataType is defined in OPC 10000-5 and consists of a QualifiedName and a value of BaseDataType.

The mapping of the name and value to concrete functionality may be defined by transport protocol mappings, future versions of this document or vendor-specific extensions.

6.2.5.7 PubSubGroup structure ToC Model

This Structure DataType is an abstract base type for PubSubGroups. The PubSubGroupDataType is formally defined in Table 32.

Table 32 – PubSubGroupDataType structure

Name Type Description
PubSubGroupDataType Structure  
   name String    The name of the PubSubGroup. The name shall be unique across all writer groups and reader groups of a PubSubConnection.It is recommended to use a human readable name.
   enabled Boolean The enabled state of the PubSubGroup.
   securityMode MessageSecurityMode Defined in 6.2.5.2.
   securityGroupId String Defined in 6.2.5.3.
   securityKeyServices EndpointDescription[] Defined in 6.2.5.4.
   maxNetworkMessageSize UInt32 Defined in 6.2.5.5.
   groupProperties KeyValuePair[] Defined in 6.2.5.6.

The PubSubGroupDataType Structure representation in the AddressSpace is defined in Table 33.

Table 33 – PubSubGroupDataType definition

Attributes Value      
BrowseName PubSubGroupDataType      
IsAbstract True      
References NodeClass BrowseName IsAbstract Description
Subtype of Structure defined in OPC 10000-5.        
HasSubtype DataType WriterGroupDataType FALSE Defined in 6.2.6.7.1.
HasSubtype DataType ReaderGroupDataType FALSE Defined in 6.2.8.2.1.
Conformance Units        
PubSub Parameters Discovery        

Previous Next