OPC 10000-15: UA Part 15: Safety
Released 1.04 (Replaced by 1.05.04)
2020-07-06
This document is subject to the license terms described here.
The general OPC Foundation specification license agreement also applies and can be found here.
This document is a copy of the original which can be found here.
This document defines nodes in the following nodesets:
1 Scope
2 General
2.1 Reference Documents
2.2 Relation to safety-, security- and OPC UA-standards
3 Terms, definitions and conventions
3.1 Overview
3.2 Terms
3.2.1 Cyclic Redundancy Check
3.2.2 error
3.2.3 failure
3.2.4 fail-safe
3.2.5 fail-safe substitute values
3.2.6 fault
3.2.7 flag
3.2.8 Globally Unique Identifier
3.2.9 MonitoringNumber
3.2.10 Non-safety-
3.2.11 OPC UA Mapper
3.2.12 performance level
3.2.13 process values
3.2.14 qualifier
3.2.15 residual error probability
3.2.16 residual error rate
3.2.17 safety communication layer
3.2.18 SafetyConsumer
3.2.19 safety data
3.2.20 safety function response time
3.2.21 safety integrity level
3.2.22 safety measure
3.2.23 safety PDU
3.2.24 SafetyProvider
3.2.25 SafetyBaseID Randomly generated authenticity ID which is used to safely authenticate SafetyProviders having the same SafetyProviderID.
3.2.26 SafetyProviderID User-assigned, locally unique ID which is used to safely authenticate SafetyProviders within a certain area. All SafetyProviders within this area may share the identical SafetyBaseID.
3.3 Abbreviations and symbols
3.4 Conventions
3.4.1 Conventions in this part
3.4.2 Conventions on CRC calculation
3.4.3 Conventions in state machines
4 Introduction to OPC UA Safety
4.1 What is OPC UA Safety?
4.2 Safety functional requirements
4.3 Communication structure
4.4 Implementation aspects
4.5 Features of OPC UA Safety
4.6 Security policy
4.7 Safety measures
5 Use cases (informative)
5.1 Use cases for different types of communication links
5.1.1 Unidirectional communication
5.1.2 Bidirectional communication
5.1.3 Safety Multicast
5.2 Cyclic and acyclic safety communication
5.3 Principle for “Application variables with qualifier”
6 Information Model
6.1 ObjectType Definition
6.1.1 Method ReadSafetyData
6.1.2 Method ReadSafetyDiagnostics
6.2 Datatype Definition
6.3 SafetyProvider Version
6.4 DataTypes and length of user data
6.5 Connection establishment
7 Safety communication layer services and management
7.1 Overview
7.2 OPC UA Platform interface (OPC UA PI)
7.3 SafetyProvider interfaces
7.3.1 SAPI of SafetyProvider
7.3.2 SPI of SafetyProvider
7.3.3 Characteristics of SafetyProvider
7.4 SafetyConsumer interfaces
7.4.1 SAPI of SafetyConsumer
7.4.2 Motivation for SAPI Operator Acknowledge (OperatorAckConsumer)
7.4.3 SPI of the SafetyConsumer
7.4.4 Motivation for SPI SafetyOperatorAckNecessary
8 Safety communication layer protocol
8.1 SafetyProvider and SafetyConsumer
8.1.1 SPDU formats
8.1.1.1 RequestSPDU: SafetyConsumerID
8.1.1.2 RequestSPDU: MonitoringNumber
8.1.1.3 RequestSPDU: Flags
8.1.1.4 ResponseSPDU: SafetyData
8.1.1.5 ResponseSPDU: Flags
8.1.1.6 ResponseSPDU: SPDU_ID
8.1.1.7 ResponseSPDU: SafetyConsumerID
8.1.1.8 ResponseSPDU: MonitoringNumber
8.1.1.9 ResponseSPDU: CRC
8.1.1.10 ResponseSPDU: NonSafetyData
8.1.2 OPC UA Safety behavior
8.1.2.1 General
8.1.2.2 SafetyProvider/-Consumer Sequence diagram
8.1.2.3 SafetyProvider state diagram
8.1.2.4 SafetyConsumer state diagram
8.1.2.5 SafetyConsumer sequence diagram for OA (informative)
8.1.3 Subroutines
8.1.3.1 Build ResponseSPDU
8.1.3.2 Calculation of the SPDU_ID_1, SPDU_ID_2, SPDU_ID_3
8.1.3.3 Coding of the SafetyProviderLevel_ID
8.1.3.4 Signature over the Safety Data (SafetyStructureSignature)
8.1.3.5 Calculation of a CRC checksum
9 Diagnostics
9.1 Diagnostics messages
9.2 Method ReadSafetyDiagnostics
10 Safety communication layer management
10.1 SPDU parameter assignment
10.2 Safety function response time part of communication
11 System requirements
11.1 Constraints on the SPDU-Parameters
11.1.1 SafetyBaseID and SafetyProviderID
11.1.2 SafetyConsumerID
11.2 Initialization of the MNR
11.3 Constraints on the calculation of system characteristics
11.3.1 Probabilistic considerations (informative)
11.3.2 Safety related assumptions (informative)
11.4 PFH/PFD-values of a logical OPC UA Safety communication link
11.5 Safety manual
11.6 Indicators and displays
12 Assessment
12.1 Safety policy
12.2 Obligations
12.3 Automated layer test for OPC UA Safety (informative)
12.3.1 Testing principle
12.3.2 Test configuration
13 Profiles and Namespaces
13.1 Namespace Metadata
13.2 Handling of OPC UA Namespaces
Annex A : Safety Namespace and mappings (normative)
A.1 Namespace and identifiers for Safety Information Model
Annex B : Additional information (informative)
B.1 CRC-calculation using tables, for the polynomial 0xF4ACFB13
B.2 Use cases for Operator Acknowledgment
B.2.1 Explanation
B.2.2 Use case 1: unidirectional comm. and OA on the SafetyConsumer side
B.2.3 Use case 2: bidirectional comm. and dual OA
B.2.4 Use case 3: bidirectional comm. and single, one-sided OA
B.2.5 Use case 4: bidirectional comm. and single, two-sided OA
Annex C : Bibliography