Figure 6 shows the object model for an Application Instance Personality Set.

Figure 6 – Application Instance Personality set

GTA API identifiers used as a base to create personalities representing Application Instance Certificates for OPC UA applications should be of type org.opcfoundation.application_instance_uri and the value should be set to the ApplicationUri.

EXAMPLE

urn:manufacturer.com:2024-10:myproduct:myappid?cg=DefaultApplicationGroup

The name of an Application Instance Identity personality is set according to the description in 4.3.2.2. The names used for GTA API personalities representing Application Instance Certificates should be a qualified name with the namespace URI equal to the ApplicationUri. The qualified name used for the personality name can contain additional information to distinguish between multiple personalities sharing a single identifier.

EXAMPLE

urn:manufacturer.com:2024-10:myproduct:myappid?cg=DefaultApplicationGroup&ct=Rsa2048&ix=12

urn:manufacturer.com:2024-10:myproduct:myappid?cg=DefaultApplicationGroup&ct=EccNistP256&ix=14

The ApplicationInstance Certificate itself can be made available using a personality attribute of type ch.iec.30168.trustlist.certificate.self.x509. As the security of the Application Identity Certificate does not depend on additional protection offered by a secure element it may also be stored elsewhere.

The name of the TrustList personality is set according to the description in 4.3.2.2.

EXAMPLE

urn:manufacturer.com:2024-10:myproduct:myappid?cg=DefaultApplicationGroup