OPC 10000-15: UA Part 15: Safety


Released 1.04 (Replaced by 1.05.03)

2020-07-06

This document is subject to the license terms described here.

The general OPC Foundation specification license agreement also applies and can be found here.

This document is a copy of the original which can be found here.


1 Scope 2 General 2.1 Reference Documents 2.2 Relation to safety-, security- and OPC UA-standards 3 Terms, definitions and conventions 3.1 Overview 3.2 Terms 3.2.1 Cyclic Redundancy Check 3.2.2 error 3.2.3 failure 3.2.4 fail-safe 3.2.5 fail-safe substitute values 3.2.6 fault 3.2.7 flag 3.2.8 Globally Unique Identifier 3.2.9 MonitoringNumber 3.2.10 Non-safety- 3.2.11 OPC UA Mapper 3.2.12 performance level 3.2.13 process values 3.2.14 qualifier 3.2.15 residual error probability 3.2.16 residual error rate 3.2.17 safety communication layer 3.2.18 SafetyConsumer 3.2.19 safety data 3.2.20 safety function response time 3.2.21 safety integrity level 3.2.22 safety measure 3.2.23 safety PDU 3.2.24 SafetyProvider 3.2.25 SafetyBaseID Randomly generated authenticity ID which is used to safely authenticate SafetyProviders having the same SafetyProviderID. 3.2.26 SafetyProviderID User-assigned, locally unique ID which is used to safely authenticate SafetyProviders within a certain area. All SafetyProviders within this area may share the identical SafetyBaseID. 3.3 Abbreviations and symbols 3.4 Conventions 3.4.1 Conventions in this part 3.4.2 Conventions on CRC calculation 3.4.3 Conventions in state machines 4 Introduction to OPC UA Safety 4.1 What is OPC UA Safety? 4.2 Safety functional requirements 4.3 Communication structure 4.4 Implementation aspects 4.5 Features of OPC UA Safety 4.6 Security policy 4.7 Safety measures 5 Use cases (informative) 5.1 Use cases for different types of communication links 5.1.1 Unidirectional communication 5.1.2 Bidirectional communication 5.1.3 Safety Multicast 5.2 Cyclic and acyclic safety communication 5.3 Principle for “Application variables with qualifier” 6 Information Model 6.1 ObjectType Definition 6.1.1 Method ReadSafetyData 6.1.2 Method ReadSafetyDiagnostics 6.2 Datatype Definition 6.3 SafetyProvider Version 6.4 DataTypes and length of user data 6.5 Connection establishment 7 Safety communication layer services and management 7.1 Overview 7.2 OPC UA Platform interface (OPC UA PI) 7.3 SafetyProvider interfaces 7.3.1 SAPI of SafetyProvider 7.3.2 SPI of SafetyProvider 7.3.3 Characteristics of SafetyProvider 7.4 SafetyConsumer interfaces 7.4.1 SAPI of SafetyConsumer 7.4.2 Motivation for SAPI Operator Acknowledge (OperatorAckConsumer) 7.4.3 SPI of the SafetyConsumer 7.4.4 Motivation for SPI SafetyOperatorAckNecessary 8 Safety communication layer protocol 8.1 SafetyProvider and SafetyConsumer 8.1.1 SPDU formats 8.1.1.1 RequestSPDU: SafetyConsumerID 8.1.1.2 RequestSPDU: MonitoringNumber 8.1.1.3 RequestSPDU: Flags 8.1.1.4 ResponseSPDU: SafetyData 8.1.1.5 ResponseSPDU: Flags 8.1.1.6 ResponseSPDU: SPDU_ID 8.1.1.7 ResponseSPDU: SafetyConsumerID 8.1.1.8 ResponseSPDU: MonitoringNumber 8.1.1.9 ResponseSPDU: CRC 8.1.1.10 ResponseSPDU: NonSafetyData 8.1.2 OPC UA Safety behavior 8.1.2.1 General 8.1.2.2 SafetyProvider/-Consumer Sequence diagram 8.1.2.3 SafetyProvider state diagram 8.1.2.4 SafetyConsumer state diagram 8.1.2.5 SafetyConsumer sequence diagram for OA (informative) 8.1.3 Subroutines 8.1.3.1 Build ResponseSPDU 8.1.3.2 Calculation of the SPDU_ID_1, SPDU_ID_2, SPDU_ID_3 8.1.3.3 Coding of the SafetyProviderLevel_ID 8.1.3.4 Signature over the Safety Data (SafetyStructureSignature) 8.1.3.5 Calculation of a CRC checksum 9 Diagnostics 9.1 Diagnostics messages 9.2 Method ReadSafetyDiagnostics 10 Safety communication layer management 10.1 SPDU parameter assignment 10.2 Safety function response time part of communication 11 System requirements 11.1 Constraints on the SPDU-Parameters 11.1.1 SafetyBaseID and SafetyProviderID 11.1.2 SafetyConsumerID 11.2 Initialization of the MNR 11.3 Constraints on the calculation of system characteristics 11.3.1 Probabilistic considerations (informative) 11.3.2 Safety related assumptions (informative) 11.4 PFH/PFD-values of a logical OPC UA Safety communication link 11.5 Safety manual 11.6 Indicators and displays 12 Assessment 12.1 Safety policy 12.2 Obligations 12.3 Automated layer test for OPC UA Safety (informative) 12.3.1 Testing principle 12.3.2 Test configuration 13 Profiles and Namespaces 13.1 Namespace Metadata 13.2 Handling of OPC UA Namespaces Annex A : Safety Namespace and mappings (normative) A.1 Namespace and identifiers for Safety Information Model Annex B : Additional information (informative) B.1 CRC-calculation using tables, for the polynomial 0xF4ACFB13 B.2 Use cases for Operator Acknowledgment B.2.1 Explanation B.2.2 Use case 1: unidirectional comm. and OA on the SafetyConsumer side B.2.3 Use case 2: bidirectional comm. and dual OA B.2.4 Use case 3: bidirectional comm. and single, one-sided OA B.2.5 Use case 4: bidirectional comm. and single, two-sided OA Annex C : Bibliography