OPC 10000-12: UA Part 12: Discovery and Global Services


Released 1.04 (Replaced by 1.05.04)

2018-02-07

This document is subject to the license terms described here.

The general OPC Foundation specification license agreement also applies and can be found here.

This document is a copy of the original which can be found here.


1 Scope 2 Normative references 3 Terms, definitions, and conventions 3.1 Terms and definitions 3.1.1 CertificateManagement Server 3.1.2 Certificate Group 3.1.3 Certificate Request 3.1.4 KeyCredential 3.1.5 KeyCredentialService 3.1.6 DirectoryService 3.1.7 DiscoveryServer 3.1.8 DiscoveryUrl 3.1.9 GlobalDiscoveryServer (GDS) 3.1.10 IPAddress 3.1.11 LocalDiscoveryServer (LDS) 3.1.12 LocalDiscoveryServer-ME (LDS-ME) 3.1.13 MulticastExtension 3.1.14 MulticastSubnet 3.1.15 Network Service 3.1.16 ServerCapabilityIdentifier 3.2 Abbreviations and symbols 3.3 Conventions for Namespaces 4 The Discovery Process 4.1 Overview 4.2 Registration and Announcement of Applications 4.2.1 Overview 4.2.2 Hosts with a LocalDiscoveryServer 4.2.3 Hosts without a LocalDiscoveryServer 4.3 The Discovery Process for Clients to Find Servers 4.3.1 Overview 4.3.2 Security 4.3.3 Simple Discovery with a DiscoveryUrl 4.3.4 Local Discovery 4.3.5 MulticastSubnet Discovery 4.3.6 Global Discovery 4.3.7 Combined Discovery Process for Clients 5 Local Discovery Server 5.1 Overview 5.2 Security Considerations for Multicast DNS 6 Global Discovery Server 6.1 Overview 6.2 Network Architectures 6.2.1 Overview 6.2.2 Single MulticastSubnet 6.2.3 Multiple MulticastSubnet 6.2.4 No MulticastSubnet 6.2.5 Domain Names and MulticastSubnets 6.3 Information Model 6.3.1 Overview 6.3.2 Directory 6.3.3 DirectoryType 6.3.4 FindApplications 6.3.5 ApplicationRecordDataType 6.3.6 RegisterApplication 6.3.7 UpdateApplication 6.3.8 UnregisterApplication 6.3.9 GetApplication 6.3.10 QueryApplications 6.3.11 QueryServers (depreciated) 6.3.12 ApplicationRegistrationChangedAuditEventType 7 Certificate Management Overview 7.1 Overview 7.2 Pull Management 7.3 Push Management 7.4 Provisioning 7.5 Common Information Model 7.5.1 Overview 7.5.2 TrustListType 7.5.3 OpenWithMasks 7.5.4 CloseAndUpdate 7.5.5 AddCertificate 7.5.6 RemoveCertificate 7.5.7 TrustListDataType 7.5.8 TrustListMasks 7.5.9 TrustListOutOfDateAlarmType 7.5.10 CertificateGroupType 7.5.10.1 GetRejectedList 7.5.11 CertificateType 7.5.12 ApplicationCertificateType 7.5.13 HttpsCertificateType 7.5.14 UserCredentialCertificateType 7.5.15 RsaMinApplicationCertificateType 7.5.16 RsaSha256ApplicationCertificateType 7.5.17 CertificateGroupFolderType 7.5.18 TrustListUpdatedAuditEventType 7.6 Information Model for Pull Certificate Management 7.6.1 Overview 7.6.2 CertificateDirectoryType 7.6.3 StartSigningRequest 7.6.4 StartNewKeyPairRequest 7.6.5 FinishRequest 7.6.6 GetCertificateGroups 7.6.7 GetTrustList 7.6.8 GetCertificateStatus 7.6.8.1 RevokeCertificate 7.6.9 CertificateRequestedAuditEventType 7.6.10 CertificateDeliveredAuditEventType 7.7 Information Model for Push Certificate Management 7.7.1 Overview 7.7.2 ServerConfiguration 7.7.3 ServerConfigurationType 7.7.4 UpdateCertificate 7.7.5 ApplyChanges 7.7.6 CreateSigningRequest 7.7.7 GetRejectedList 7.7.8 CertificateUpdatedAuditEventType 8 KeyCredentialManagement 8.1 Overview 8.2 Pull Management 8.3 Push Management 8.4 Information Model for Pull Management 8.4.1 Overview 8.4.2 KeyCredentialManagement 8.4.3 KeyCredentialServiceType 8.4.4 StartRequest 8.4.5 FinishRequest 8.4.6 Revoke 8.4.7 KeyCredentialAuditEventType 8.4.8 KeyCredentialRequestedAuditEventType 8.4.9 KeyCredentialDeliveredAuditEventType 8.4.10 KeyCredentialRevokedAuditEventType 8.5 Information Model for Push Management 8.5.1 KeyCredentialConfiguration 8.5.2 KeyCredentialConfigurationType 8.5.3 UpdateCredential 8.5.4 DeleteCredential 8.5.5 KeyCredentialUpdatedAuditEventType 8.5.6 KeyCredentialDeletedAuditEventType 8.5.7 GetEncryptingKey 9 Authorization Services 9.1 Overview 9.2 Implicit 9.3 Explicit 9.4 Chained 9.5 Information Model for Requesting Access Tokens 9.5.1 Overview 9.5.2 AuthorizationServices 9.5.3 AuthorizationServiceType 9.5.4 RequestAccessToken 9.5.5 GetServiceDescription 9.5.6 AccessTokenIssuedAuditEventType 9.6 Information Model for Configuring Servers 9.6.1 Overview 9.6.2 AuthorizationServices 9.6.3 AuthorizationServiceConfigurationType Annex A (informative)Deployment and Configuration A.1 Firewalls and Discovery A.2 Resolving References to Remote Servers Annex B (normative)Constants B.1 Numeric Node Ids Annex C (normative)OPC UA Mapping to mDNS C.1 DNS Server (SRV) Record Syntax C.2 DNS Text (TXT) Record Syntax C.3 DiscoveryUrl Mapping Annex D (normative)Server Capability Identifiers Annex E (normative)DirectoryServices E.1 Global Discovery via Other DirectoryServices E.2 UDDI E.3 LDAP Annex F (normative)Local Discovery Server F.1 Certificate Store Directory Layout F.2 Installation Directories on Windows Annex G (normative)Application Installation Process G.1 Provisioning with Pull Management G.2 Provisioning with the Push Management G.3 Setting Permissions Annex H (informative) Comparison with RFC 7030 H.1 Overview H.2 Obtaining CA Certificates H.3 Initial Enrolment H.4 Client Certificate Reissuance H.5 Server Key Generation H.6 Certificate Signing Request (CSR) Attributes Request