OPC 10000-15: UA Part 15: Safety


Released 1.05.03

2023-12-13

This document is subject to the license terms described here.

The general OPC Foundation specification license agreement also applies and can be found here.

This document is a copy of the original which can be found here.


1 Scope 2 Normative references 3 Terms, definitions and conventions 3.1 Terms and definitions 3.1.1 Terms and definitions from IEC 61784-3 3.1.1.1 cyclic redundancy check (CRC) 3.1.1.2 error 3.1.1.3 failure 3.1.1.4 fault 3.1.1.5 message 3.1.1.6 performance level (PL) 3.1.1.7 residual error probability 3.1.1.8 residual error rate 3.1.1.9 safety communication layer (SCL) 3.1.1.10 safety function response time 3.1.1.11 safety integrity level 3.1.1.12 safety measure 3.1.1.13 safety PDU (SPDU) 3.1.2 Additional terms and definitions 3.1.2.1 fail-safe 3.1.2.2 fail-safe substitute values (FSV) 3.1.2.3 flag 3.1.2.4 Globally Unique Identifier 3.1.2.5 MonitoringNumber (MNR) 3.1.2.6 Non-safety- 3.1.2.7 OPC UA Mapper 3.1.2.8 process values 3.1.2.9 qualifier 3.1.2.10 SafetyAutomationComponent (SafetyAC) 3.1.2.11 SafetyConsumer 3.1.2.12 SafetyData 3.1.2.13 SafetyProvider 3.1.2.14 SafetyBaseID 3.1.2.15 SafetyProviderID 3.1.2.16 standard transmission system 3.2 Symbols and abbreviated terms 3.2.1 Abbreviated terms from IEC 61784-3 3.2.2 Additional symbols and abbreviated terms 3.2.2.1 Abbreviated terms 3.2.2.2 Symbols 3.3 Conventions 3.3.1 General Conventions 3.3.2 Conventions for Requirements Numbering 3.3.3 Conventions in state machines 4 Overview of OPC UA Safety 4.1 General 4.2 Implementation aspects 4.3 Features 4.4 Security policy 5 General 5.1 External documents providing specifications for the profile 5.2 Safety functional requirements 5.3 Safety measures 5.4 Safety communication layer structure 5.5 Requirements for CRC calculation 6 Safety communication layer services 6.1 General 6.2 Information Models 6.2.1 General 6.2.2 Object and ObjectType Definitions 6.2.2.1 SafetyACSet Object 6.2.2.2 Safety ObjectType definitions 6.2.2.3 Method ReadSafetyData 6.2.2.4 Method ReadSafetyDiagnostics 6.2.2.5 Object SafetyPDUs 6.2.2.6 Objects SafetyProviderParameters and SafetyConsumerParameters 6.2.3 Datatype Definition 6.2.3.1 InFlagsType 6.2.3.2 OutFlagsType 6.2.3.3 RequestSPDUDataType 6.2.3.4 ResponseSPDUDataType 6.2.3.5 NonSafetyDataPlaceholderDataType 6.2.4 SafetyProvider Version 6.2.5 DataTypes and length of SafetyData 6.2.6 Connection establishment 6.3 Service interfaces 6.3.1 Overview 6.3.2 OPC UA Platform interface (OPC UA PI) 6.3.3 SafetyProvider interfaces 6.3.3.1 General 6.3.3.2 SAPI of SafetyProvider 6.3.3.3 SPI of SafetyProvider 6.3.4 SafetyConsumer interfaces 6.3.4.1 General 6.3.4.2 SAPI of SafetyConsumer 6.3.4.3 Motivation for SAPI Operator Acknowledge (OperatorAckConsumer) 6.3.4.4 SPI of the SafetyConsumer 6.3.4.5 Motivation for SPI SafetyOperatorAckNecessary 6.3.5 Cyclic and acyclic safety communication 6.3.6 Principle for “Application variables with qualifier” 6.4 Diagnostics 6.4.1 General 6.4.2 Diagnostics messages of the SafetyConsumer 6.4.3 Method ReadSafetyDiagnostics of the SafetyProvider 7 Safety communication layer protocol 7.1 General 7.2 SafetyProvider and SafetyConsumer 7.2.1 SPDU formats 7.2.1.1 General 7.2.1.2 RequestSPDU: SafetyConsumerID 7.2.1.3 RequestSPDU: MonitoringNumber 7.2.1.4 RequestSPDU: Flags 7.2.1.5 ResponseSPDU: SafetyData 7.2.1.6 ResponseSPDU: Flags 7.2.1.7 ResponseSPDU: SPDU_ID 7.2.1.8 ResponseSPDU: SafetyConsumerID 7.2.1.9 ResponseSPDU: MonitoringNumber 7.2.1.10 ResponseSPDU: CRC 7.2.1.11 ResponseSPDU: NonSafetyData 7.2.2 Behavior 7.2.2.1 General 7.2.2.2 SafetyProvider/-Consumer Sequence diagram 7.2.2.3 SafetyProvider state diagram 7.2.2.4 SafetyConsumer state diagram 7.2.2.5 SafetyConsumer sequence diagram for operator acknowledgment (informative) 7.2.3 Subroutines 7.2.3.1 Build ResponseSPDU 7.2.3.2 Calculation of the SPDU_ID_1, SPDU_ID_2, SPDU_ID_3 7.2.3.3 Coding of the SafetyProviderLevel_ID 7.2.3.4 Signature over the Safety Data Structure (SafetyStructureSignature) 7.2.3.5 Calculation of a CRC checksum 8 Safety communication layer management 8.1 General 8.2 Safety function response time part of communication 9 System requirements (SafetyProvider & SafetyConsumer) 9.1 Constraints on the SPDU-Parameters 9.1.1 SafetyBaseID and SafetyProviderID 9.1.2 SafetyConsumerID 9.2 Initialization of the MNR in the SafetyConsumer 9.3 Constraints on the calculation of system characteristics 9.3.1 Probabilistic considerations (informative) 9.3.2 Safety related assumptions (informative) 9.4 PFH/PFD-values of a logical safety communication link 9.5 Safety manual 9.6 Indicators and displays 10 Assessment 10.1 Safety policy 10.2 Obligations 10.3 Automated layer test for this document (informative) 10.3.1 General 10.3.2 OPC UA Safety Compliance Test Tool (UASCTT) 10.3.3 Testing principle 10.3.4 Test configuration 10.4 Index of Requirements (informative) 11 Profiles and Conformance Units 11.1 General 12 Namespaces 12.1 Namespace Metadata 12.2 Handling of OPC UA Namespaces Annex A (normative)Safety Namespace and mappings Annex B (informative)Additional information B.1 CRC-calculation using tables, for the polynomial 0xF4ACFB13 B.2 Use cases B.2.1 Unidirectional communication B.2.2 Bidirectional communication B.2.3 Safety Multicast B.3 Use cases for Operator Acknowledgment B.3.1 Explanation B.3.2 Use case 1: unidirectional comm. and OA on the SafetyConsumer side B.3.3 Use case 2: bidirectional comm. and dual OA B.3.4 Use case 3: bidirectional comm. and single, one-sided OA B.3.5 Use case 4: bidirectional comm. and single, two-sided OA