For the communication between dies and MES the OPC UA application authentication via X509 certificates shall be used. OPC UA provides functionalities for using self-signed certificates that have to be manually added to a “trust list” as well as for certificates issued by a certificate authority (CA).

The minimum requirements of the protocol level for a OPC 40084-12 compliant connection are:

• Use of (self-signed) certificates for OPC UA application authentication
• Security Policy: Basic256
• Message Security Mode: sign

On the calender authentication via username and password is commonly used.

For the users and roles of the connection the following applies:

• User names can be manufacturer dependent.
• Standard roles are
• “OPC40084”: read and write access for selected parameters
• “OPC40084_read_only”: no writing permissions
• Manufactures can add additional roles. They may not start with “OPC40084”. For these roles, more parameters can be writeable than for the OPC40084 role.
• The standard user “OPC40084” has the role “OPC40084” (and no other additional role), “OPC40084_read_only” has the roll “OPC40084_read_only” (and no other additional role); the passwords for the standard users are defined by the manufacturers (they may be empty).

NOTE: OPC UA also allow an anonymous-token (e.g. for testing)