UA Part 15: Safety

OPC 10000-15: UA Part 15: Safety

Released 1.05.04

2024-11-29

This document is subject to the license terms described here.

The general OPC Foundation specification license agreement also applies and can be found here.

This document is a copy of the original which can be found here.

This document defines nodes in the following nodesets:

http://opcfoundation.org/UA/Safety

1 Scope 2 Normative references 3 Terms, definitions, symbols, abbreviated terms and conventions 3.1 Terms and definitions 3.1.1 Common terms and definitions 3.1.1.1 Cyclic Redundancy Check 3.1.1.2 error 3.1.1.3 failure 3.1.1.4 fault 3.1.1.5 message 3.1.1.6 performance level 3.1.1.7 residual error probability 3.1.1.8 residual error rate 3.1.1.9 safety communication layer 3.1.1.10 safety function response time 3.1.1.11 safety integrity level 3.1.1.12 safety measure 3.1.1.13 safety PDU 3.1.2 Additional terms and definitions 3.1.2.1 fail-safe 3.1.2.2 fail-safe substitute values 3.1.2.3 flag 3.1.2.4 Globally Unique Identifier 3.1.2.5 MonitoringNumber 3.1.2.6 Non-safety- 3.1.2.7 OPC UA Mapper 3.1.2.8 process values 3.1.2.9 qualifier 3.1.2.10 SafetyAutomationComponent 3.1.2.11 SafetyConsumer 3.1.2.12 SafetyData 3.1.2.13 SafetyProvider 3.1.2.14 SafetyBaseID 3.1.2.15 SafetyProviderID 3.1.2.16 standard transmission system 3.2 Symbols and abbreviated terms 3.2.1 Abbreviated terms from IEC 61784-3 3.2.2 Additional symbols and abbreviated terms 3.2.2.1 Abbreviated terms 3.2.2.2 Symbols 3.3 Conventions 3.3.1 General conventions 3.3.2 Conventions for requirements numbering 3.3.3 Conventions in state machines 4 Overview of OPC UA Safety 4.1 General 4.2 Implementation aspects 4.3 Features 4.4 Security policy 5 General 5.1 External documents providing specifications for the profile 5.2 Safety functional requirements 5.3 Safety measures 5.4 Safety communication layer structure 5.5 Requirements for CRC calculation 6 Safety communication layer services 6.1 General 6.2 Information models 6.2.1 General 6.2.2 Object and ObjectType Definitions 6.2.2.1 SafetyACSet Object 6.2.2.2 Safety ObjectType definitions 6.2.2.3 Method ReadSafetyData 6.2.2.4 Method ReadSafetyDiagnostics 6.2.2.5 Object SafetyPDUs 6.2.2.6 Objects SafetyProviderParameters and SafetyConsumerParameters 6.2.3 DataType definition 6.2.3.1 InFlagsType 6.2.3.2 OutFlagsType 6.2.3.3 RequestSPDUDataType 6.2.3.4 ResponseSPDUDataType 6.2.3.5 NonSafetyDataPlaceholderDataType 6.2.4 SafetyProvider version 6.2.5 DataTypes and length of SafetyData 6.2.6 Connection establishment 6.3 Service interfaces 6.3.1 Overview 6.3.2 OPC UA Platform interface (OPC UA PI) 6.3.3 SafetyProvider interfaces 6.3.3.1 General 6.3.3.2 SAPI of SafetyProvider 6.3.3.3 SPI of SafetyProvider 6.3.4 SafetyConsumer interfaces 6.3.4.1 General 6.3.4.2 SAPI of SafetyConsumer 6.3.4.3 Motivation for SAPI Operator Acknowledge (OperatorAckConsumer) 6.3.4.4 SPI of the SafetyConsumer 6.3.4.5 Motivation for SPI SafetyOperatorAckNecessary 6.3.5 Cyclic and acyclic safety communication 6.3.6 Principle for “application variables with qualifier” 6.4 Diagnostics 6.4.1 General 6.4.2 Diagnostics messages of the SafetyConsumer 6.4.3 Method ReadSafetyDiagnostics of the SafetyProvider 7 Safety communication layer protocol 7.1 General 7.2 SafetyProvider and SafetyConsumer 7.2.1 SPDU formats 7.2.1.1 General 7.2.1.2 RequestSPDU: SafetyConsumerID 7.2.1.3 RequestSPDU: MonitoringNumber 7.2.1.4 RequestSPDU: Flags 7.2.1.5 ResponseSPDU: SafetyData 7.2.1.6 ResponseSPDU: Flags 7.2.1.7 ResponseSPDU: SPDU_ID 7.2.1.8 ResponseSPDU: SafetyConsumerID 7.2.1.9 ResponseSPDU: MonitoringNumber 7.2.1.10 ResponseSPDU: CRC 7.2.1.11 ResponseSPDU: NonSafetyData 7.2.2 Behaviour 7.2.2.1 General 7.2.2.2 SafetyProvider and SafetyConsumer Sequence diagram 7.2.2.3 Duration of demand 7.2.2.4 SafetyProvider state diagram 7.2.2.5 SafetyConsumer state diagram 7.2.2.6 SafetyConsumer sequence diagram for operator acknowledgment (informative) 7.2.3 Subroutines 7.2.3.1 Build ResponseSPDU 7.2.3.2 Calculation of the SPDU_ID_1, SPDU_ID_2, SPDU_ID_3 7.2.3.3 Example for the calculation of SPDU_ID_1, SPDU_ID_2 and SPDU_ID_3 (informative) 7.2.3.4 Coding of the SafetyProviderLevel_ID 7.2.3.5 Signature over the SafetyData Structure (SafetyStructureSignature) 7.2.3.6 Calculation of a CRC signature 8 Safety communication layer management 8.1 General 8.2 Safety function response time part of communication 9 System requirements (SafetyProvider and SafetyConsumer) 9.1 Constraints on the SPDU parameters 9.1.1 SafetyBaseID and SafetyProviderID 9.1.2 SafetyConsumerID 9.2 Initialization of the MNR in the SafetyConsumer 9.3 Constraints on the calculation of system characteristics 9.3.1 Probabilistic considerations (informative) 9.3.2 Safety related assumptions (informative) 9.4 PFH and PFD values of a logical safety communication link 9.5 Safety manual 9.6 Indicators and displays 10 Assessment 10.1 Safety policy 10.2 Obligations 10.3 Index of requirements (informative) 11 Profiles and Conformance Units 12 Namespaces 12.1 Namespace metadata 12.2 Handling of OPC UA namespaces Annex A (normative)Safety Namespace and mappings Annex B (informative)Additional information B.1 CRC calculation using tables, for the polynomial 0xF4ACFB13 B.2 Use cases B.2.1 Unidirectional communication B.2.2 Bidirectional communication B.2.3 Safety Multicast B.3 Use cases for Operator Acknowledgment B.3.1 Explanation B.3.2 Use case 1: unidirectional communication and OA on the SafetyConsumer side B.3.3 Use case 2: bidirectional communication and dual OA B.3.4 Use case 3: bidirectional communication and single, one-sided OA B.3.5 Use case 4: bidirectional communication and single, two-sided OA Annex C (informative)Information for assessment