OPC 10000-12: UA Part 12: Discovery and Global Services
Released 1.04 (Replaced by 1.05.02)
2018-02-07
This document is subject to the license terms described here.
The general OPC Foundation specification license agreement also applies and can be found here.
This document is a copy of the original which can be found here.
This document defines nodes in the following nodesets:
1 Scope
2 Normative references
3 Terms, definitions, and conventions
3.1 Terms and definitions
3.1.1 CertificateManagement Server
3.1.2 Certificate Group
3.1.3 Certificate Request
3.1.4 KeyCredential
3.1.5 KeyCredentialService
3.1.6 DirectoryService
3.1.7 DiscoveryServer
3.1.8 DiscoveryUrl
3.1.9 GlobalDiscoveryServer (GDS)
3.1.10 IPAddress
3.1.11 LocalDiscoveryServer (LDS)
3.1.12 LocalDiscoveryServer-ME (LDS-ME)
3.1.13 MulticastExtension
3.1.14 MulticastSubnet
3.1.15 Network Service
3.1.16 ServerCapabilityIdentifier
3.2 Abbreviations and symbols
3.3 Conventions for Namespaces
4 The Discovery Process
4.1 Overview
4.2 Registration and Announcement of Applications
4.2.1 Overview
4.2.2 Hosts with a LocalDiscoveryServer
4.2.3 Hosts without a LocalDiscoveryServer
4.3 The Discovery Process for Clients to Find Servers
4.3.1 Overview
4.3.2 Security
4.3.3 Simple Discovery with a DiscoveryUrl
4.3.4 Local Discovery
4.3.5 MulticastSubnet Discovery
4.3.6 Global Discovery
4.3.7 Combined Discovery Process for Clients
5 Local Discovery Server
5.1 Overview
5.2 Security Considerations for Multicast DNS
6 Global Discovery Server
6.1 Overview
6.2 Network Architectures
6.2.1 Overview
6.2.2 Single MulticastSubnet
6.2.3 Multiple MulticastSubnet
6.2.4 No MulticastSubnet
6.2.5 Domain Names and MulticastSubnets
6.3 Information Model
6.3.1 Overview
6.3.2 Directory
6.3.3 DirectoryType
6.3.4 FindApplications
6.3.5 ApplicationRecordDataType
6.3.6 RegisterApplication
6.3.7 UpdateApplication
6.3.8 UnregisterApplication
6.3.9 GetApplication
6.3.10 QueryApplications
6.3.11 QueryServers (depreciated)
6.3.12 ApplicationRegistrationChangedAuditEventType
7 Certificate Management Overview
7.1 Overview
7.2 Pull Management
7.3 Push Management
7.4 Provisioning
7.5 Common Information Model
7.5.1 Overview
7.5.2 TrustListType
7.5.3 OpenWithMasks
7.5.4 CloseAndUpdate
7.5.5 AddCertificate
7.5.6 RemoveCertificate
7.5.7 TrustListDataType
7.5.8 TrustListMasks
7.5.9 TrustListOutOfDateAlarmType
7.5.10 CertificateGroupType
7.5.10.1 GetRejectedList
7.5.11 CertificateType
7.5.12 ApplicationCertificateType
7.5.13 HttpsCertificateType
7.5.14 UserCredentialCertificateType
7.5.15 RsaMinApplicationCertificateType
7.5.16 RsaSha256ApplicationCertificateType
7.5.17 CertificateGroupFolderType
7.5.18 TrustListUpdatedAuditEventType
7.6 Information Model for Pull Certificate Management
7.6.1 Overview
7.6.2 CertificateDirectoryType
7.6.3 StartSigningRequest
7.6.4 StartNewKeyPairRequest
7.6.5 FinishRequest
7.6.6 GetCertificateGroups
7.6.7 GetTrustList
7.6.8 GetCertificateStatus
7.6.8.1 RevokeCertificate
7.6.9 CertificateRequestedAuditEventType
7.6.10 CertificateDeliveredAuditEventType
7.7 Information Model for Push Certificate Management
7.7.1 Overview
7.7.2 ServerConfiguration
7.7.3 ServerConfigurationType
7.7.4 UpdateCertificate
7.7.5 ApplyChanges
7.7.6 CreateSigningRequest
7.7.7 GetRejectedList
7.7.8 CertificateUpdatedAuditEventType
8 KeyCredentialManagement
8.1 Overview
8.2 Pull Management
8.3 Push Management
8.4 Information Model for Pull Management
8.4.1 Overview
8.4.2 KeyCredentialManagement
8.4.3 KeyCredentialServiceType
8.4.4 StartRequest
8.4.5 FinishRequest
8.4.6 Revoke
8.4.7 KeyCredentialAuditEventType
8.4.8 KeyCredentialRequestedAuditEventType
8.4.9 KeyCredentialDeliveredAuditEventType
8.4.10 KeyCredentialRevokedAuditEventType
8.5 Information Model for Push Management
8.5.1 KeyCredentialConfiguration
8.5.2 KeyCredentialConfigurationType
8.5.3 UpdateCredential
8.5.4 DeleteCredential
8.5.5 KeyCredentialUpdatedAuditEventType
8.5.6 KeyCredentialDeletedAuditEventType
8.5.7 GetEncryptingKey
9 Authorization Services
9.1 Overview
9.2 Implicit
9.3 Explicit
9.4 Chained
9.5 Information Model for Requesting Access Tokens
9.5.1 Overview
9.5.2 AuthorizationServices
9.5.3 AuthorizationServiceType
9.5.4 RequestAccessToken
9.5.5 GetServiceDescription
9.5.6 AccessTokenIssuedAuditEventType
9.6 Information Model for Configuring Servers
9.6.1 Overview
9.6.2 AuthorizationServices
9.6.3 AuthorizationServiceConfigurationType
Annex A (informative)Deployment and Configuration
A.1 Firewalls and Discovery
A.2 Resolving References to Remote Servers
Annex B (normative)Constants
B.1 Numeric Node Ids
Annex C (normative)OPC UA Mapping to mDNS
C.1 DNS Server (SRV) Record Syntax
C.2 DNS Text (TXT) Record Syntax
C.3 DiscoveryUrl Mapping
Annex D (normative)Server Capability Identifiers
Annex E (normative)DirectoryServices
E.1 Global Discovery via Other DirectoryServices
E.2 UDDI
E.3 LDAP
Annex F (normative)Local Discovery Server
F.1 Certificate Store Directory Layout
F.2 Installation Directories on Windows
Annex G (normative)Application Installation Process
G.1 Provisioning with Pull Management
G.2 Provisioning with the Push Management
G.3 Setting Permissions
Annex H (informative) Comparison with RFC 7030
H.1 Overview
H.2 Obtaining CA Certificates
H.3 Initial Enrolment
H.4 Client Certificate Reissuance
H.5 Server Key Generation
H.6 Certificate Signing Request (CSR) Attributes Request