For the purposes of this document the following terms and definitions as well as the terms and definitions given in OPC 10000-1, OPC 10000-2, OPC 10000-3, OPC 10000-4, OPC 10000-6 and OPC 10000-9 apply.

a software application that manages the Certificates used by Applications in an administrative domain.

a context used to manage the TrustList and Certificate(s) associated with Applications or Users.

a PKCS #10 encoded structure used to request a new Certificate from a Certificate Authority.

Note 1 to entry: Devices have hardware based mechanisms, such as a TPM, to protect Private Keys.

a physical address available on a network that allows Servers to initiate a reverse connection.

a software application, or a set of applications, that stores and organizes information about resources such as computers or services.

an Application that maintains a list of OPC UA Applications that are available on the network and provides mechanisms for other OPC UA Applications to obtain this list.

a URL for a network Endpoint that provides the information required to connect to a Client or Server.

a Server that provides numerous services related to discovery and security management.

Note 1 to entry: a GDS may also be a CertificateManager.

Note 2 to entry: a GDS may also be a KeyCredentialService.

Note 3 to entry: a GDS may also be a AuthorizationService.

a Server that provides centrally managed capabilities needed for a system.

Note 4 to entry: a GlobalDiscoveryServer, a CertificateManager, a KeyCredentialService and an AuthorizationService are all examples of GlobalServices.

a unique number assigned to a network interface that allows Internet Protocol (IP) requests to be routed to that interface.

Note 1 to entry: An IPAddress for a host may change over time.

a unique identifier and a secret used to access an AuthorizationService or a Broker.

Note 1 to entry: a user name and password is an example of a KeyCredential.

a software application that provides KeyCredentials needed to access an AuthorizationService or a Broker.

a DiscoveryServer that maintains a list of all Servers that have registered with it.

Note 1 to entry: Servers normally register with the LDS on the same host.

a LocalDiscoveryServer that includes the MulticastExtension.

an extension to a LocalDiscoveryServer that adds support for the mDNS protocol.

a network that allows multicast packets to be sent to all nodes connected to the network.

Note 1 to entry: a MulticastSubnet is not necessarily the same as a TCP/IP subnet.

a named set of rights which cannot be expressed as Permissions granted on Nodes.

Note 1 to entry: For example, a Privilege can be defined when the right to call a Method depends on the parameters passed to the Method.

Note 5 to entry: a Privilege is a document convention that does not appear in the Server AddressSpace.

a workflow where a Client manages its configuration by using a GlobalService.

a workflow where a GlobalService manages a Server’s configuration.

a short identifier which uniquely identifies a set of discoverable capabilities supported by an OPC UA Application.

Note 1 to entry: the list of the currently defined CapabilityIdentifiers is in Annex D.

APIApplication Programming Interface

CACertificate Authority

CRLCertificate Revocation List

CSRCertificate Signing Request

DERDistinguished Encoding Rules

DHCPDynamic Host Configuration Protocol

DNSDomain Name System

ESTEnrolment over Secure Transport

GDSGlobal Discovery Server

IANA The Internet Assigned Numbers Authority

LDAPLightweight Directory Access Protocol

LDSLocal Discovery Server

LDS-MELocal Discovery Server with the Multicast Extension

mDNSMulticast Domain Name System

NATNetwork Address Translation

PEM Privacy Enhanced Mail

PFXPersonal Information Exchange

PKCSPublic Key Cryptography Standards

SHA1Secure Hash Algorithm

SSLSecure Socket Layer

TLSTransport Layer Security

TPMTrusted Platform Module

UA Unified Architecture

UDDIUniversal Description, Discovery and Integration