This type defines a FileType that can be used to access a TrustList.
The CertificateManager uses this type to implement the Pull Model.
Servers use this type when implementing the Push Model.
An instance of a TrustListType shall restrict access to appropriate users or applications. This may be a CertificateManager administrative user that can change the contents of a TrustList, it may be an Administrative user that is reading a TrustList to deploy to an Application host or it may be an Application that can only access the TrustList assigned to it.
The TrustList file is a UA Binary encoded stream containing an instance of TrustListDataType (see 7.8.2.6).
The Open Method shall not support modes other than Read (0x01) and the Write + EraseExisting (0x06).
If a transaction is in progress (see 7.10.7) on another Session then the Server shall return Bad_TransactionPending if Open is called with the Write Mode bit set. If the Server supports transactions then the Server creates a new transaction or continues an existing transaction if Open is called with the Write Mode bit set.
If the SecureChannel is not authenticated the Server shall return Bad_SecurityModeInsufficient.
Servers shall automatically Close TrustLists if there are no calls to Methods on the TrustList Object within the time specified by the ActivityTimeout Property.
The Size Property inherited from FileType has no meaning for TrustList and returns the error code defined in OPC 10000-20.
When a Client opens the file for writing the Server will not actually update the TrustList until the CloseAndUpdate Method is called. Simply calling Close will discard the updates. The bit masks in TrustListDataType structure allow the Client to only update part of the TrustList.
When the CloseAndUpdate Method is called the Server will validate all new Certificates and CRLs. If this validation fails the TrustList is not updated and the Server returns the appropriate Certificate error code (see OPC 10000-4).
Its representation in the AddressSpace is formally defined in Table 22.
Table 22 – TrustListType Definition
|
Attribute |
Value |
||||
|
BrowseName |
0:TrustListType |
||||
|
IsAbstract |
False |
||||
|
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Modelling Rule |
|
Subtype of the 0:FileType defined in OPC 10000-20. |
|||||
|
0:HasProperty |
Variable |
0:LastUpdateTime |
0:UtcTime |
0:PropertyType |
Mandatory |
|
0:HasProperty |
Variable |
0:UpdateFrequency |
0:Duration |
0:PropertyType |
Optional |
|
0:HasProperty |
Variable |
0:ActivityTimeout |
0:Duration |
0:PropertyType |
Optional |
|
0:HasProperty |
Variable |
0:DefaultValidationOptions |
TrustListValidationOptions |
0:PropertyType |
Optional |
|
0:HasComponent |
Method |
0:OpenWithMasks |
Defined in 7.8.2.2. |
Mandatory |
|
|
0:HasComponent |
Method |
0:CloseAndUpdate |
Defined in 7.8.2.3. |
Mandatory |
|
|
0:HasComponent |
Method |
0:AddCertificate |
Defined in 7.8.2.4. |
Mandatory |
|
|
0:HasComponent |
Method |
0:RemoveCertificate |
Defined in 7.8.2.5. |
Mandatory |
|
|
|
|||||
|
Conformance Units |
|||||
|
GDS Certificate Manager Pull Model |
|||||
|
Push Model for Global Certificate and TrustList Management |
|||||
The LastUpdateTime indicates when the TrustList was last updated. The LastUpdateTime shall reflect changes made using the TrustList Object Methods. A TrustList Object in a CertificateManager shall also reflect changes made in other ways.
The LastUpdateTime of a TrustList Object in a CertificateManager allows Clients using the PullManagement to know whether the TrustList has changed since the last time they accessed it. The LastUpdateTime of a TrustList Object in the ServerConfiguration allows administration Clients to check for out of date TrustLists.
The UpdateFrequency Property specifies how often the TrustList needs to be checked for changes. When the CertificateManager specifies this value, all Clients that read a copy of the TrustList should connect to the CertificateManager and check for updates to the TrustList within 2 times the UpdateFrequency. The choice of UpdateFrequency depends on how quickly system changes need to be detected and the performance constraints of the system. UpdateFrequencies that are too long create security risks because of out of date CRLs. UpdateFrequencies that are too short negatively impact system performance. If the TrustList Object is contained within a ServerConfiguration Object then this Property is not present.
The ActivityTimeout Property specifies the maximum elapsed time between the calls to Methods on the TrustList Object after Open or OpenWithMasks is called. If this time elapses the TrustList is automatically closed by the Server and any changes are discarded. The default value is 60 000 milliseconds (1 minute).
The DefaultValidationOptions Property specifies the default options to use when validating Certificates with the TrustList. The TrustListValidationOptions DataType is defined in 7.8.2.8. This Property may be updated by Clients with access to the SecurityAdmin Role.
If auditing is supported, the CertificateManager shall generate the TrustListUpdated AuditEventType (see 7.8.2.11) when the TrustList is updated via the CloseAndUpdate, AddCertificate, RemoveCertificate or ApplyChanges (see 7.10.7) Methods. The Event is only raised once after the asynchronous update process completes.