Devices that support PushManagement described in 7.3 have a Server that implements the Information Model shown in Figure 11. This Information Model allows Registrars to authenticate Devices on the network. It also allows the location of the Registrars to be manually provided if the Device needs to use PullManagement and no multicast discovery capabilities are available.
Figure 11 – Device Address Space for Onboarding Workflows
The ProvisionableDevice Object shall be organized by the Resources Object (see OPC 10000-22) used to provision the Device the Server is running on. It is an instance of the ProvisionableDeviceType ObjectType which defines Methods used by the Registrar when it authenticates a Device.
The DefaultApplicationGroup Object is a well-known CertificateGroup that stores the Application Instance Certificate and TrustList for the DCA provided by the Registrar. This group is initially empty when the Device is first connected to the network. It is updated by the Registrar when the Device Authentication process completes.
The Applications that may be configured via the Server are components of the ProvisionableDevice Object. They are instances of ApplicationConfigurationType. The Server itself is configured via the ServerConfiguration Object. Some DCAs may choose to have CertificateGroups for individual Applications organized by the CertificateGroups Folder in the ServerConfiguration Object. In these cases, DCAs shall add a Reference from the ServerConfiguration CertificateGroups Folder to the CertificateGroup Object under the Application.