OPC 10000-21: UA Part 21: Device Onboarding


Released 1.05.04

2024-11-29

This document is subject to the license terms described here.

The general OPC Foundation specification license agreement also applies and can be found here.

This document is a copy of the original which can be found here.


1 Scope 2 Normative references 3 Terms, definitions, and conventions 3.1 Terms and definitions 3.1.1 Application 3.1.2 ApplicationUri 3.1.3 Composite 3.1.4 CompositeBuilder 3.1.5 CompositeInstanceUri 3.1.6 DCA Client 3.1.7 DCA Server 3.1.8 Device 3.1.9 Device Configuration Application (DCA) 3.1.10 DeviceIdentity Certificate 3.1.11 Distributor 3.1.12 Manufacturer 3.1.13 OwnerOperator 3.1.14 Privilege 3.1.15 ProductInstanceUri 3.1.16 Registrar 3.1.17 SystemIntegrator 3.1.18 SecureElement 3.1.19 Ticket 3.2 Abbreviations and symbols 4 Onboarding Model 4.1 Device Lifecycle 4.2 Concepts 4.2.1 Secure Elements 4.2.2 Firmware and Applications 4.2.3 Transfer of Physical Control 4.2.4 Trust on First Use (TOFU) 4.2.5 SoftwareUpdateManager 4.2.6 Roles and Privileges 4.3 Device Workflows 4.3.1 Distribution 4.3.2 Onboarding 4.3.3 Application Setup 4.3.4 Configuration 4.3.5 Operation 4.3.6 Decommissioning 5 Identities 5.1 Device Identity 5.2 ProductInstanceUri 5.3 Composite Identity 6 Ticket Semantics 6.1 Tickets 6.2 Ticket Distribution 6.3 Authentication 6.4 Acquiring and Validating Tickets 7 Device Authentication 7.1 Overview 7.2 Pull Management 7.3 Push Management 7.4 Alternate Authentication Models 7.4.1 Overview 7.4.2 FDO 7.4.2.1 Overview 7.4.2.2 Integration with the Registrar 8 Ticket Syntax 8.1 Signed Ticket Encoding 8.2 Ticket Types 8.2.1 EncodedTicket 8.2.2 BaseTicketType 8.2.3 DeviceIdentityTicketType 8.2.4 CompositeIdentityTicketType 8.2.5 TicketListType 8.2.6 CertificateAuthorityType 9 Information Model 9.1 Overview 9.2 Registrar 9.2.1 Overview 9.2.2 DeviceRegistrarType 9.2.3 ProvideIdentities 9.2.4 UpdateSoftwareStatus 9.2.5 RegisterDeviceEndpoint 9.2.6 GetManagers 9.2.7 ManagerDescription 9.2.8 RegisterManagedApplication 9.2.9 DeviceRegistrar 9.2.10 DeviceRegistrarAdminType 9.2.11 RegisterTickets 9.2.12 UnregisterTickets 9.2.13 DeviceRegistrationAuditEventType 9.2.14 DeviceIdentityAcceptedAuditEventType 9.2.15 DeviceSoftwareUpdatedAuditEventType 9.3 Device Configuration Application (DCA) 9.3.1 Overview 9.3.2 ProvisionableDevice 9.3.3 ProvisionableDeviceType 9.3.4 RequestTickets 9.3.5 SetRegistrarEndpoints 10 Namespaces 10.1 Namespace Metadata 10.2 Handling of OPC UA Namespaces Annex A (normative)Namespaces and Identifiers A.1 Namespace and Identifiers for the Onboarding Information Model