This type defines a FileType that can be used to access a Trust List.

The CertificateManager uses this type to implement the Pull Model.

Servers use this type when implementing the Push Model.

An instance of a TrustListType shall restrict access to appropriate users or applications. This may be a CertificateManager administrative user that can change the contents of a Trust List, it may be an Administrative user that is reading a TrustList to deploy to an Application host or it may be an Application that can only access the TrustList assigned to it.

The TrustList file is a UA Binary encoded stream containing an instance of TrustListDataType (see 7.8.2.6).

The Open Method shall not support modes other than Read (0x01) and the Write + EraseExisting (0x06).

If a transaction is in progress (see 7.10.6) then the Server shall return Bad_TransactionPending if Open is called with Write Mode bit set.

Servers shall automatically Close TrustLists if there are no calls to Methods on the TrustList Object within the time specified by the ActivityTimeout Property.

The Size Property inherited from FileType has no meaning for TrustList and returns the error code defined in OPC 10000-20.

When a Client opens the file for writing the Server will not actually update the TrustList until the CloseAndUpdate Method is called. Simply calling Close will discard the updates. The bit masks in TrustListDataType structure allow the Client to only update part of the Trust List.

When the CloseAndUpdate Method is called the Server will validate all new Certificates and CRLs. If this validation fails the TrustList is not updated and the Server returns the appropriate Certificate error code (see OPC 10000-4).

Table 22 – TrustListType Definition

Attribute

Value

BrowseName

0:TrustListType

IsAbstract

False

References

NodeClass

BrowseName

DataType

TypeDefinition

Modelling Rule

Subtype of the 0:FileType defined in OPC 10000-20.

0:HasProperty

Variable

0:LastUpdateTime

0:UtcTime

0:PropertyType

Mandatory

0:HasProperty

Variable

0:UpdateFrequency

0:Duration

0:PropertyType

Optional

0:HasProperty

Variable

0:ActivityTimeout

0:Duration

0:PropertyType

Optional

0:HasProperty

Variable

0:DefaultValidationOptions

TrustListValidationOptions

0:PropertyType

Optional

0:HasComponent

Method

0:OpenWithMasks

Defined in 7.8.2.2.

Mandatory

0:HasComponent

Method

0:CloseAndUpdate

Defined in 7.8.2.3.

Mandatory

0:HasComponent

Method

0:AddCertificate

Defined in 7.8.2.4.

Mandatory

0:HasComponent

Method

0:RemoveCertificate

Defined in 7.8.2.5.

Mandatory

Conformance Units

GDS Certificate Manager Pull Model

Push Model for Global Certificate and TrustList Management

The LastUpdateTime indicates when the TrustList was last updated. The LastUpdateTime shall reflect changes made using the TrustList Object Methods. A TrustList Object in a CertificateManager shall also reflect changes made in other ways.

The LastUpdateTime of a TrustList Object in a CertificateManager allows Clients using the PullManagement to know whether the TrustList has changed since the last time they accessed it. The LastUpdateTime of a TrustList Object in the ServerConfiguration allows administration Clients to check for out of date TrustLists.

The UpdateFrequency Property specifies how often the TrustList needs to be checked for changes. When the CertificateManager specifies this value, all Clients that read a copy of the TrustList should connect to the CertificateManager and check for updates to the TrustList within 2 times the UpdateFrequency. The choice of UpdateFrequency depends on how quickly system changes need to be detected and the performance constraints of the system. UpdateFrequencies that are too long create security risks because of out of date CRLs. UpdateFrequencies that are too short negatively impact system performance. If the TrustList Object is contained within a ServerConfiguration Object then this Property is not present.

The ActivityTimeout Property specifies the maximum elapsed time between the calls to Methods on the TrustList Object after Open or OpenWithMasks is called. If this time elapses the TrustList is automatically closed by the Server and any changes are discarded. The default value is 60 000 milliseconds (1 minute).

The DefaultValidationOptions Property specifies the default options to use when validating Certificates with the TrustList. The TrustListValidationOptions DataType is defined in 7.8.2.8. This Property may be updated by Clients with access to the SecurityAdmin Role.

If auditing is supported, the CertificateManager shall generate the TrustListUpdated AuditEventType (see 7.8.2.11) when the CloseAndUpdate, AddCertificate or RemoveCertificate Methods are called.