Search

Scope: Core (OPC-10000-*) All specs

62 result(s) for Application

OPC-10000-7 – OPC Unified Architecture - Part 7: Profiles

3.1.1 application

application a software program that executes or implements some aspect of OPC UA Note 1 to entry: The application could run on any machine and perform any function. The application ... could be software or it could be a hardware application, the only requirement is that it implements
OPC-10000-21 – OPC Unified Architecture - Part 21: Device Onboarding

3.1.1 Application

Application a program that runs on a Device and communicates with other Applications on the network. Note 1 to entry: Each Application has an identifier that is unique within ... network. Note 2 to entry: An OPC UA Application is an Application that supports
OPC-10000-1 – OPC Unified Architecture - Part 1: Overview and Concepts

2.1.19 Message Oriented Middleware

sending and receiving NetworkMessages between distributed systems Note 1 to entry: An OPC UA Application may support different types of Message Oriented Middleware infrastructures and protocols like AMQP, MQTT
OPC-10000-1 – OPC Unified Architecture - Part 1: Overview and Concepts

2.1.42 Subscriber

Oriented Middleware Note 1 to entry: A Subscriber can be a native OPC UA Application or an application that has just knowledge about the Message Oriented Middleware and the rules
OPC-10000-1 – OPC Unified Architecture - Part 1: Overview and Concepts

5.3.7 Server to Server interactions

interactions can also be accomplished using the OPC UA PubSub model where each peer Application is both a Publisher and a Subscriber . Figure 6 extends the previous example and illustrates
OPC-10000-1 – OPC Unified Architecture - Part 1: Overview and Concepts

5.4 Redundancy

Server and Network Redundancy . Whether and what Redundancy is supported by an OPC UA Application is defined by its Profiles . Profiles are described in OPC 10000-7 . Required Client
OPC-10000-1 – OPC Unified Architecture - Part 1: Overview and Concepts

5.6 Synergy of models

used for efficient, high-speed dissemination of real-time data. For instance, a Client application might use ClientServer to configure a Server and set up PubSub connections. Subsequently, the Server/Publisher ... Subscribers using the OPC UA ClientServer model. Figure 7 depicts a single OPC UA Application that acts as both a Server and a Publisher . Figure 7 - Integrated ClientServer and PubSub
OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model

4.3.2.2 Message flooding

could receive a flood from a compromised Server which could disrupt the OPC UA Application . Message flooding attacks can use both well-formed and malformed Message s. In the first
OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model

4.5.2.5 Session-less Service invocation

HTTPS , which relies on transport protocols to provide security. In addition, User Authentication and/or Application Authentication can also be established by the use of an AccessToken which is obtained from
OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model

4.6 SecurityPolicies

future, therefore, it makes sense to support different security policies in an OPC UA Application and to be able to adopt more as they become available. NIST or other agencies ... support new algorithms that improve the level of security of OPC UA products. The application architecture of OPC UA Application should be designed in a way that it is possible
OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model

4.7 Security Profiles

informative specification of the Profiles, but Profiles are normatively defined in an on-line application ( OPC Profiles ) allowing for updating of Profiles , especially security related profiles, in a more timely ... Applications in accordance with the Profiles with which the OPC UA Application complies. At the site, however, the security mechanisms could be deployed optionally. In this way each individual site
OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model

4.12 Roles

Roles based on connection information ( Session creation). Roles could be restricted by User Authentication , Application Authentication , SecurityModes , or Transports . The assignment of Roles and AccessRestrictions is application specific, but they
OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model

5.1.2.4 Application Crashes

Application Crashes OPC UA provides certification of OPC UA Applications . The lab testing and certification includes testing by injecting error and junk commands which could discover common faults. OPC Foundation ... fuzz tested to ensure they are resilient to errors. Although a certified OPC UA Application does not guarantee fault free operation, the certified OPC UA Application is more likely
OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model

6.8 Cryptographic Keys

bits. It is important that an OPC UA Application supports the entire set of values for its ApplicationInstanceCertificate . This allows an end user to generate a key ( ApplicationInstanceCertificate ) that meets ... user generates certificates for the high end of the set (4096), the application could still be considered secure (depending on the other algorithms
OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model

6.16 Additional Security considerations

Additional Security considerations If an OPC UA Application becomes aware of compromised credentials, which could be application level or user level credentials, the application should terminate any connection using
OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model

9.1 Overview

Overview OPC UA Applications typically have ApplicationInstanceCertificates to provide application-level security. They are used for establishing a secure connection using Asymmetric Cryptography. These ApplicationInstanceCertificates are Certificates which are X.509 ... keys - a Private Key and a Public Key . An OPC UA Application will have a list of trusted Public Keys that represent the applications it trusts. The Private
OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model

9.4.2 Certificate management for developers

developer point of view, it is a best practice for your OPC UA Application to automatically provide a self-signed ApplicationInstanceCertificate on installation. In addition, the OPC UA Application ... kept in a separate list than those of a CA. Also, an OPC UA Application has to be able to handle Certificate Revocation Lists (CRL). These are lists of Public
OPC-10000-4 – OPC Unified Architecture - Part 4: Services

5.6.1 Overview

unlike other Services because they are not implemented directly by the OPC UA Application . Instead, they are provided by the Communication Stack on which the OPC UA Application is built ... allows applications to establish a SecureChannel using HTTPS. In these cases, the OPC UA Application shall verify that the Message it received was in the context of an HTTPS connection
OPC-10000-4 – OPC Unified Architecture - Part 4: Services

6.1.3 Determining if a Certificate is trusted

Determining if a Certificate is trusted Applications shall never communicate with another application that they do not trust. An Application decides if another application is trusted by checking whether ... ApplicationInstanceCertificate for the other application is trusted. A Certificate is only trusted if its chain can be validated. Applications shall rely on lists of Certificates provided by the Administrator
OPC-10000-4 – OPC Unified Architecture - Part 4: Services

7.4 ApplicationType

ApplicationType The ApplicationType is an enumeration that specifies the type of OPC UA Application . The possible values are described in Table 111 . Table 111 - ApplicationType values Name Value Description SERVER ... application is a Server . CLIENT 1 The application is a Client . CLIENTANDSERVER 2 The application is a Client and a Server . DISCOVERYSERVER 3 The application is a DiscoveryServer
OPC-10000-7 – OPC Unified Architecture - Part 7: Profiles

4.6 Conventions for Profile definitions

Conventions for Profile definitions Profiles have the following naming conventions: Profiles intended for specific application types have the application type in their titles. Currently defined application types are Server, Client ... specific feature of OPC UA. Such Profiles are expected to be combined with Application Profiles to define the complete functionality of an OPC UA application
OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services

6.5.1 Overview

discovery is shown in Figure 12 . Most of the interactions between the GlobalDiscoveryServer and Application administrator or the Client will be via Methods defined on the Directory folder. Figure
OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services

7.6 Pull Management Workflow

Pull Management Workflow In this workflow the application that gets Certificates from the CertificateManager is the Client that executes the workflow and the CertificateManager is the Server processing the request ... workflow. The application is authenticated with the Certificate signed by the CertificateManager (or the Certificate assigned during registration). The UserTokenType is always Anonymous using the ApplicationSelfAdmin Privilege . The workflow
OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub

5.4.4 Configuration Tool

Configuration Tool An OPC UA Application can be pre-configured to send messages as a Publisher but commonly it is required to configure the information to be included into messages
OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub

5.4.6.2.2 Broker-less model with OPC UA UDP

values of the DataSetMessage that they are interested in. An OPC UA Application that maps data fields from UADP DataSetMessages to internal Variables can be configured through the DataSetReader Object ... which field in the DataSet is mapped to which Variable in the OPC UA Application . With OPC UA UDP there is no guarantee of timeliness, delivery, ordering, or duplicate protection
OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub

6.2.7.1 PublisherId

DataType of UInt64 . If the default PublisherId is created by the OPC UA Application , it is recommended to set the first 6 bytes with the MAC address ... remaining bytes to the OPC UA Server port of the OPC UA Application . The default PublisherId for broker based transports equals the PublisherId for datagram transport protocols but the DataType
OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub

6.2.12.1 PubSubConfigurationDataType

This Structure DataType is used to represent the PubSub configuration of an OPC UA Application . The PubSubConfigurationDataType is formally defined in Table 86 . Table 86 - PubSubConfigurationDataType structure Name Type Description
OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub

6.2.12.2 SecurityGroupDataType

represent the configuration of a SecurityGroup in a PubSub configuration of an OPC UA Application . If the SecurityPolicyUri or the KeyLifetime of an existing SecurityGroup are modified, all existing keys
OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub

6.2.12.3 PubSubKeyPushTargetDataType

represent the configuration of a PubSubKeyServicePushTarget in a PubSub configuration of an OPC UA Application . The PubSubKeyPushTargetDataType is formally defined in Table 91 . Table 91 - PubSubKeyPushTargetDataType structure Name Type Description
OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub

6.2.12.4 PubSubConfiguration2DataType

Structure DataType is used to represent the extended PubSub configuration of an OPC UA Application . It is a subtype of the PubSubConfigurationDataType defined in 6.2.12.1 . The PubSubConfiguration2DataType is formally defined
OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub

7.2.4.6.2 Discovery scope for Datagram transport protocols

default PublisherIds as defined in 6.2.7.1 for the following discovery messages. OPC UA Application information announcement Publisher endpoint announcement PubSubConnection configuration announcement These messages use the standard discovery address
OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub

7.2.4.6.3 Discovery announcement header

DataSetWriter configuration message (see 7.2.4.6.9 ) 4 PubSubConnection configuration message (see 7.2.4.6.8 ) 5 OPC UA Application information message (see Table 169 ) 6 ActionResponder configuration message (see 7.2.4.6.10 ) 7 ActionMetaData announce message ... announcement sent in the scope of a PublisherId . The encoding of the OPC UA Application information announcement message structure is specified in Table 169 . Table 169 - OPC UA Application information
OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub

7.2.4.6.5 ApplicationDescription

ApplicationDescription The encoding of the OPC UA Application description message fields for ApplicationInformationType equals 1 is specified in Table 171 . It contains the ApplicationDescription and the capabilities. Table 171 - ApplicationInformationType ... application description fields Name Type Description ApplicationDescription ApplicationDescription ApplicationDescription for the OPC UA Application. The ApplicationDescription DataType is defined in OPC 10000-4 . Capabilities String[] The list of capability identifiers
OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub

7.2.4.6.8 PubSubConnection

Table 174 . It contains an array of PubSubConnections configured in the OPC UA Application . Table 174 - PubSubConnection configuration announcement message structure Name Type Description PubSubConnections PubSubConnectionDataType [] PubSubConnections configured ... Application. The PubSubConnectionDataType is defined in 6.2.7.5.1 . The ReaderGroup lists in PubSubConnectionDataType shall be empty. The WriterGroup list shall be contained, if the IncludeWriterGroups is true in the PubSubConnection information
OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub

7.2.4.6.10 ActionResponder configuration announcement message

Table 176 . It contains an array of PubSubConnections configured in the OPC UA Application . Table 176 - ActionResponder configuration announcement message structure Name Type Description ActionResponder PubSubConnectionDataType [] ActionResponder configured ... Application. The PubSubConnectionDataType is defined in 6.2.7.5.1 . Only DataSetWriters used for Actions are included. All WriterGroups and DataSetWriters not used for Actions shall be excluded. The ReaderGroup lists in PubSubConnectionDataType
OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub

7.2.5.5.4 ServerEndpoints

value is mandatory. Endpoints EndpointDescription [] The list of Server Endpoints of the OPC UA Application . The EndpointDescription Structure is described in OPC 10000-4. This value is mandatory
OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub

7.3.2.1 General

shall have a unique Address across all PubSubConnections of an OPC UA Application . If the Address specifies a domain name then the resolution to an IP address requires access
OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub

7.3.2.2 UDP multicast and broadcast

devices is essential in order to create well-functioning OPC UA Application networks. OPC UA Applications shall issue an IGMP membership report message (V1, V2 or V3 as appropriate
OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub

8.8 Security Key Service Roles

management of SecurityGroups and PushTargets on an SKS. SecurityKeyServerAccess This Role allows a PubSub Application to access an SKS to pull keys. It is the default Role for pull
OPC-10000-14 – OPC Unified Architecture - Part 14: PubSub

9.1.12.1 PubSubCapabilitiesType

used to indicate the configuration capabilities of the PubSub functionality in the OPC UA Application . The PubSubCapabilitiesType is formally defined in Table 332 . Table 332 - PubSubCapabilitiesType definition Attribute Value BrowseName ... objects related to configuration capabilities are expected to be configurable in the OPC UA Application but the capability to operate all configured objects at the same time depends on different
OPC-10000-18 – OPC Unified Architecture - Part 18: Role-Based Security

4.4.3 IdentityMappingRuleType

criteria shall be null or an empty string. The criteriaType applies for any Client application with a trusted ApplicationInstance Certificate . The Client Certificate shall be trusted by the Server ... Session shall use at least a signed communication channel. If the criteriaType is Application , the criteria is the ApplicationUri from the Client Certificate used for the Session . The Client Certificate
OPC-10000-21 – OPC Unified Architecture - Part 21: Device Onboarding

4.1 Device Lifecycle

single Device on a network or it may appear as multiple Devices (see 3.1.3 ). Application A program that runs on a Device . Each Application has a unique identifier and communicates ... Device matches the identity in a Ticket provided by the Manufacturer or CompositeBuilder . Application Setup The SystemIntegrator configures the Applications running on the Device or Composite so they can communicate
OPC-10000-21 – OPC Unified Architecture - Part 21: Device Onboarding

4.2.2 Firmware and Applications

LDevID) shall be placed in this storage. A Device shall have a Device Configuration Application (DCA) which is used for Device authentication and setup of other Applications on the Device ... which have their own configuration and security configuration. A Device has storage for the Application security configuration that does not need to be in the protected storage. This storage
OPC-10000-21 – OPC Unified Architecture - Part 21: Device Onboarding

4.2.3 Transfer of Physical Control

restrict what the new owner is able to do, i.e., CompositeBuilder may install an Application used for maintenance that the OwnerOperator cannot access. The workflows (see 4.3 ) describe this process
OPC-10000-21 – OPC Unified Architecture - Part 21: Device Onboarding

4.3.2 Onboarding

interactions with a Registrar running on the network. Every Device has a Device Configuration Application (DCA) which interacts with the Registrar using the interactions described in PullManagement ( 7.2 ) or PushManagement ... determining if a DCA is authorized to request Certificates on behalf a specific Application . For example, the DCA rights may be limited to Applications with the same hostname
OPC-10000-21 – OPC Unified Architecture - Part 21: Device Onboarding

4.3.3 Application Setup

Application Setup Application Setup is the process of issuing an Application Instance Certificate and a TrustList to one or more Applications running on a Device that will allow the Applications ... Certificate that allows it to request or accept Certificates on behalf of any Application running on the Device . If the DCA is a Client it can connect to CertificateManager
OPC-10000-21 – OPC Unified Architecture - Part 21: Device Onboarding

4.3.5 Operation

this stage it is possible to update the TrustList and/or renew the Application Instance Certificate using the CertificateManager PushManagement or PullManagement described in OPC 10000-12 . Some Devices may allow ... Application configuration to be changed while in this stage
OPC-10000-21 – OPC Unified Architecture - Part 21: Device Onboarding

6.3 Authentication

Client or Server installed on the Device which is used for Device Onboarding , Application Setup and Configuration. This Application is called the "Device Configuration Application" or DCA. When ... connected the DCA is configured to use any of its DeviceIdentity Certificates as its Application Instance Certificate . Note that DeviceIdentity Certificates will not have a DNS name or IP address
OPC-10000-21 – OPC Unified Architecture - Part 21: Device Onboarding

7.1 Overview

secure connection to the Device using the selected DeviceIdentity Certificate. Issue a DCA Application Instance Certificate to the Device that indicates that it has been authenticated. The initial communication between ... Client that calls GetEndpoints via connection without security on the Device Configuration Application (DCA). The DCA shall provide at least one EndpointDescription for each DeviceIdentity Certificate . The Registrar chooses
OPC-10000-21 – OPC Unified Architecture - Part 21: Device Onboarding

7.3 Push Management

Registrar . Once the Device has updated software the CertificateManager will be able to push Application Instance Certificates and TrustLists for all Applications exposed via an ApplicationConfiguration Object (see Figure ... network, the DCA shall accept the first one to provide an Application Instance Certificate and a TrustList . Once configured, the DCA shall reject connections from Registrars that
OPC-10000-21 – OPC Unified Architecture - Part 21: Device Onboarding

9.2.8 RegisterManagedApplication

RegisterManagedApplication The RegisterManagedApplication Method allows a DCA using pull management to register an application that it manages. The Registrar creates whatever records are needed in the CertificateManager and returns ... ApplicationIds which are needed to request Certificates and TrustLists for the Application . The ProtocolUri is only specified when the Application does not support OPC UA . It indicates what protocol
OPC-10000-21 – OPC Unified Architecture - Part 21: Device Onboarding

9.3.1 Overview

authenticates a Device . The DefaultApplicationGroup Object is a well-known CertificateGroup that stores the Application Instance Certificate and TrustList for the DCA provided by the Registrar . This group is initially ... Reference from the ServerConfiguration CertificateGroups Folder to the CertificateGroup Object under the Application
OPC-10000-26 – Part 26: LogObject - Part 26: LogObject Model

5.6.1 Overview

distributed system. Such a trace may produce multiple log messages in one OPC UA Application and/or multiple log messages across multiple OPC UA Applications . The TraceId is a unique identifier ... building blocks of traces. A span is local to an OPC UA Application . The SpanId is a unique identifier assigned by an OPC UA Application for a local span
OPC-10000-26 – Part 26: LogObject - Part 26: LogObject Model

5.6.3 TraceContextDataType Structure

root span. ParentIdentifier 0:String If the parent span is from another OPC UA Application, the ParentIdentifier contains the ApplicationUri of the other OPC UA Application . If the parent span
OPC-10000-26 – Part 26: LogObject - Part 26: LogObject Model

C.1 Open Telemetry Overview

excluding 0), and it should be unique inside of a TraceId inside of an application. An easy manner of achieving this is to just increment an UInt64 and persist ... last value across the Application . If an Application receives a passed in TraceId and SpanId , the passed in SpanId becomes a ParentId and unique SpanIds are generated in the Application
OPC-10000-100 – OPC Unified Architecture - Part 100: Devices

7.2 LockingServices Type

status information. Locked when True indicates that this element has been locked by some Application and that no or just limited access is available for other Applications . When the lock
OPC-10000-100 – OPC Unified Architecture - Part 100: Devices

7.6 ExitLock Method

Method ExitLock removes the lock. This Method can only be called from the same Application which initiated the lock. The signature of this Method is specified below. Table
OPC-10000-100 – OPC Unified Architecture - Part 100: Devices

7.7 RenewLock Method

from automatically removing the lock. This Method can only be called from the same Application which initiated the lock. The signature of this Method is specified below. Table
OPC-10000-100 – OPC Unified Architecture - Part 100: Devices

8.4.12 SoftwareFolderType

declares what items are managed by the folder. The value shall either be Application or Configuration
OPC-10000-210 – OPC Unified Architecture - Part 210: Relative Spatial Location

D.1 Example Client Server sequence flow using the RSL concept

concept The entities represented in the above sequence diagram ( Figure 24 ) are as follows: Application : The application that provides the relative spatial location information to the OPC UA Server that ... server by using the OPC UA Services provided by the server. User : The consumer application that uses the OPC UA Client (mentioned above
OPC-30010 – OPC UA for AutoId Devices - AutoID: OPC UA for AutoId Devices

6.1.3.8 Variable ScanActive

limit with Roles and RolePermissions . Roles can be limited to a single OPC UA Application . The scan result is provided through the Variable LastScanData . Further restrictions for this simple mechanism
OPC-30300 – Using Generic Trust Anchor (GTA) API with OPC UA - Part 1: Generic Trust Anchor (GTA) API Profile for OPC UA

4.1 OPC UA Security Object Model

contains a TrustList and one or more CertificateTypes that can be assigned to an Application (See OPC 10000-12 ). This ObjectType allows an Application which has multiple TrustLists and/or ApplicationInstance