Devices that support PushManagement described in 7.3 have a Server that implements the Information Model shown in Figure 10. This Information Model allows Registrars to authenticate Devices on the network. It also allows the location of the Registrars to be manually provided if the Device needs to use PullManagement and no multicast discovery capabilities are available.
Figure 10 – Device Address Space for Onboarding Workflows
The ProvisionableDevice Object shall be organized by the Resources Object (see OPC 10000-22) used to provision the Device the Server is running on. It is an instance of the ProvisionableDeviceType ObjectType which defines Methods used by the Registrar when it authenticates a Device.
The DefaultApplicationGroup Object is a well-known CertificateGroup that stores the Application Instance Certificate and TrustList for the DCA provided by the Registrar. This group is initially empty when the Device is first connected to the network. It is updated by the Registrar when the Device Authentication process completes.
The Applications that may be configured via the Server are components of the ProvisionableDevice Object. They are instances of ApplicationConfigurationType. The Server itself is configured via the ServerConfiguration Object. Some DCAs may choose to have CertificateGroups for individual Applications organized by the CertificateGroups Folder in the ServerConfiguration Object. In these cases, DCAs shall add a Reference from the ServerConfiguration CertificateGroups Folder to the CertificateGroup Object under the Application.
This Object is an instance of ProvisionableDeviceType. It is the well-known Resource which is used to authenticate a Device using PushManagement.
It is a target of an Organizes Reference from the Resources Object defined in OPC 10000-22.
It It is defined in Table 32.
Table 32 – ProvisionableDevice Object Definition
Attribute |
Value |
||||
BrowseName |
0:ProvisionableDevice |
||||
TypeDefinition |
0:ProvisionableDeviceType defined in 9.3.3. |
||||
References |
Node Class |
BrowseName |
DataType |
TypeDefinition |
Modelling Rule |
OrganizedBy the Resources Object defined in OPC 10000-22. |
|||||
|
|||||
Conformance Units |
|||||
Onboarding Server PushManagement |
The ProvisionableDeviceType ObjectType defines Objects that support PushManagement described in 7.3. The ObjectType is defined in Table 33.
Table 33 – ProvisionableDeviceType Definition
Attribute |
Value |
||||||
BrowseName |
0:ProvisionableDeviceType |
||||||
IsAbstract |
False |
||||||
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
Modelling Rule |
||
Subtype of the BaseObjectType defined in OPC 10000-5. |
|||||||
0:HasProperty |
Variable |
0:IsSingleton |
0:Boolean |
0:PropertyType |
Mandatory |
||
0:HasComponent |
Method |
0:RequestTickets |
Defined in 9.3.4. |
Mandatory |
|||
0:HasComponent |
Method |
0:SetRegistrarEndpoints |
Defined in 9.3.5. |
Optional |
|||
0:HasComponent |
Object |
0:<ApplicationName> |
|
0:ApplicationConfigurationType |
OptionalPlaceholder |
||
Conformance Units |
|||||||
Onboarding Server PushManagement |
The IsSingleton Property indicates whether the DCA and the operational Server are the same. If TRUE, it tells Registrar that the DCA Certificate shall have rights associated with a Application Instance Certificate (i.e., it cannot be used to access the security configuration for different Applications). A ProvisionableDevice shall not have any ApplicationConfiguration components if IsSingleton is TRUE.
The RequestTickets Method allows the Registrar to request the list of Tickets stored on the Device.
The SetRegistrarEndpoints Method allows a configuration Client to provide the location of one or more Registrars which the Device can use to authenticate itself via PullManagement.
The RequestTickets Method allows a Client to request the list of Tickets stored on the Device. It is called by a Client using PushManagement to authenticate a Device. The Registrar follows the process described in 7 to select and validate one of the Tickets.
Signature
RequestTickets (
[out]0:EncodedTicket [] tickets
);
Argument |
Description |
tickets |
Method Result Codes (defined in Call Service)
Result Code |
Description |
|
|
Table 34 specifies the AddressSpace representation for the RequestTickets Method.
Table 34 – RequestTickets Method AddressSpace Definition
Attribute |
Value |
||||
BrowseName |
0:RequestTickets |
||||
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
ModellingRule |
0:HasProperty |
Variable |
0:OutputArguments |
0:Argument [] |
0:PropertyType |
Mandatory |
The SetRegistrarEndpoints Method allows a Client to provide the location of one or more Registrars which the Device can use to authenticate itself via PullManagement.
The Client may be an engineering tool or other administrative application that allows a human to provide information that cannot be discovered automatically.
This Method shall be called from a Session that has access to the SecurityAdmin Role (see 4.2.6).
Signature
SetRegistrarEndpoints (
[in]0:ApplicationDescription [] registrars
);
Argument |
Description |
registrars |
The Servers which allow a Device to be authenticated via PullManagement. |
Method Result Codes (defined in Call Service)
Result Code |
Description |
Bad_UserAccessDenied |
The Session does not have rights to call the Method. |
Table 35 specifies the AddressSpace representation for the SetRegistrarEndpoints Method.
Table 35 – SetRegistrarEndpoints Method AddressSpace Definition
Attribute |
Value |
||||
BrowseName |
0:SetRegistrarEndpoints |
||||
References |
NodeClass |
BrowseName |
DataType |
TypeDefinition |
ModellingRule |
0:HasProperty |
Variable |
0:InputArguments |
0:Argument [] |
0:PropertyType |
Mandatory |
The ApplicationConfigurationType ObjectType defines an API which represents the configuration of an Client or Server running on a Device. Its values are defined in Table 36. A DCA Server will add the Objects that represent the Applications it manages to the ProvisionableDevice Object (see Figure 10).
Table 36 – ApplicationConfigurationType Definition
Attribute |
Value |
||||
BrowseName |
0:ApplicationConfigurationType |
||||
IsAbstract |
False |
||||
References |
NodeClass |
BrowseName |
DataType |
Type Definition |
Modelling Rule |
Subtype of the ServerConfigurationType defined in OPC 10000-12. |
|||||
0:HasProperty |
Variable |
0:Enabled |
0:Boolean |
0:PropertyType |
Mandatory |
0:HasProperty |
Variable |
0:ProductUri |
0:UriString |
0:PropertyType |
Mandatory |
0:HasProperty |
Variable |
0:ApplicationUri |
0:UriString |
0:PropertyType |
Mandatory |
0:HasProperty |
Variable |
0:ApplicationType |
0:ApplicationType |
0:PropertyType |
Mandatory |
|
|||||
Conformance Units |
|||||
Onboarding Server PushManagement |
The Enabled Property indicates whether the Application is enabled. If FALSE the Application will not run. If TRUE the Application runs.
The ProductUri Property is the unique identifier for the product. Applications running on different Devices with the same ProductUri are based on the same software.
The ApplicationUri Property is the unique identifier for the Application which is not the same as the ProductInstanceUri which identifiers the Device that is executing the Application.
The ApplicationType Property specifies whether the Application is a Client, a Server or both. A DCA allows the LDS running on the Device to be configured would expose an ApplicationConfiguration Object for it with ApplicationType set to DiscoveryServer. Applications which do not support OPC UA specify an ApplicationType of Client.
The Application may require software updates. In this case, the software update model described in OPC 10000-100 specifies an instance of the SoftwareUpdateType that may be added to the ApplicationConfiguration instance.