Search

28 result(s) for OPC UA Applications

• OPC-10000-1 – OPC Unified Architecture - Part 1: Overview and Concepts
  3.2 Specification parts
  Security Model Part 2 describes the model for securing interactions between OPC UA Applications . Part 3 ( OPC 10000-3 ) - Address Space Model Part 3 describes the contents and structure ... level certification. OPC UA Applications will be tested against the Profiles . Part 8 ( OPC 10000-8 ) - Data Access Part 8 specifies the use of OPC UA for data access. Part
• OPC-10000-1 – OPC Unified Architecture - Part 1: Overview and Concepts
  4.2 General
  employs mechanisms for authentication, encryption, and integrity checks to ensure the identity of OPC UA Applications as well as identification of users and protect against attacks. Using the ClientServer model
• OPC-10000-1 – OPC Unified Architecture - Part 1: Overview and Concepts
  4.3 Design goals
  provide greater interoperability between higher level functions. Figure 1 - OPC UA target applications OPC UA is designed to provide robustness of published data. A major feature of all OPC servers ... Binary, JSON. In addition, several protocols are defined: OPC UA TCP, HTTPS, WebSockets. OPC UA Applications that support multiple transports and encodings will allow the end users to make decisions
• OPC-10000-1 – OPC Unified Architecture - Part 1: Overview and Concepts
  4.4.1.1 General
  given site and may be specified by other standards. Rather, OPC UA provides a security model, described in OPC 10000-2 , in which security measures can be selected and configured ... This framework also defines a minimum set of security Profiles that all OPC UA Applications support, a subset of which can be enabled in each installation. Profiles are defined
• OPC-10000-1 – OPC Unified Architecture - Part 1: Overview and Concepts
  4.4.1.4 Transport security
  capabilities are provided by the underlying communications technology used to exchange Messages between OPC UA Applications . OPC 10000-7 defines the encryption and signature algorithms to be used
• OPC-10000-1 – OPC Unified Architecture - Part 1: Overview and Concepts
  5.5 Publish-Subscribe
  alternative to the ClientServer model, enabling efficient and/or decoupled communication. With PubSub,   OPC UA Applications do not directly exchange requests and responses. Instead, Publishers send messages to a Message Oriented ... Middleware how this distribution is implemented. To cover a large number of use cases, OPC UA PubSub supports two largely different Message Oriented Middleware variants. These are: A broker-less
• OPC-10000-1 – OPC Unified Architecture - Part 1: Overview and Concepts
  6.3 SecureChannel Service Set
  provided by the communication stack that the OPC UA Application is built on. OPC UA Applications simply need to verify that a SecureChannel is active whenever it receives a Message ... SecureChannel Service Set . The relationship between the UA Application Session and the SecureChannel is illustrated in Figure 8 . The UA applications use the communication stack to exchange Messages . First
• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  1 Scope
  There are many different aspects of security that are addressed when developing applications. However, since OPC UA specifies a communication protocol, the focus is on securing the data exchanged between ... addressed in the application. This document is directed to readers who will develop OPC UA Applications . It is also for end Users that wish to understand the various security features
• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  4.1 OPC UA security environment
  Figure 1 is a composite that shows a combination of such environments. Some OPC UA Applications are on the same host and can be easily protected from external attack. Some ... network from external connections. Some OPC UA Applications run in relatively open environments where users and applications could be difficult to control. Other OPC UA Applications are embedded in control
• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  4.6 SecurityPolicies
  choice of allowed SecurityPolicies is normally made by the administrator typically when the OPC UA Applications are installed. The available security policies are specified in OPC 10000-7 . The Administrator ... future, therefore, it makes sense to support different security policies in an OPC UA Application and to be able to adopt more as they become available. NIST or other agencies
• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  4.12 Roles
  Figure 6 - Role overview OPC UA defines a set of standard Roles that OPC UA Applications can use, these include SecurityAdmin , ConfigureAdmin , Supervisor , Engineer, Operator , Observer and AuthenticatedUser. They
• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  5.2.2 Application Authentication
  OPC UA Applications support Authentication of the entities with which they are communicating. As specified in the GetEndpoints and OpenSecureChannel services in OPC 10000-4 , OPC UA Client and Server
• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  5.2.3 User Authentication
  UA Applications support Authentication of users by providing the necessary Authentication credentials to the other entities. As described in the ActivateSession service in OPC 10000-4 , the OPC UA Client ... OPC UA Server . The OPC UA Server authenticates the user token. OPC UA Applications accept tokens in any of the following forms: username/password, X.509 v3 Certificate (see X509 ), or JSON
• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  5.2.4 Authorization
  environment of mixed vendor products, the GDS can provide a consistent Authorization management. OPC UA Applications that are part of a larger industrial automation product can manage Authorizations consistent with ... that product. Identification and Authentication of users is specified in OPC UA so that Client and Server applications can recognize the user in order to determine the Authorization level
• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  5.2.7 Auditability
  scheme can be part of a larger industrial automation product of which the OPC UA Applications are a part
• OPC-10000-2 – OPC Unified Architecture - Part 2: Security Model
  9.4.2 Certificate management for developers
  ApplicationInstanceCertificate which it uses to identify itself when connecting to other OPC UA Applications (the Public Key and Private Key ). Each ApplicationInstance has a globally unique URI which identifies ... created by anyone and can be used in situations where the administrators of OPC UA Applications are able to verify the Claims by reviewing the contents themselves. A system that
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  6.1.2 Obtaining and installing an ApplicationInstanceCertificate
  Obtaining and installing an ApplicationInstanceCertificate All OPC UA Applications require an ApplicationInstanceCertificate which shall contain the following information: The network name or address of the computer where the application runs ... deploying the OPC UA Application . OPC UA defines interfaces and workflows to register OPC UA Applications with a central discovery service and to execute the interaction necessary with a CertificateManager
• OPC-10000-4 – OPC Unified Architecture - Part 4: Services
  6.1.4 Creating a SecureChannel
  Creating a SecureChannel All OPC UA Applications shall establish a SecureChannel before creating a Session . This SecureChannel requires that both applications have access to Certificates that can be used ... Certificates for Certificate Authorities or they may be OPC UA ApplicationInstanceCertificates . OPC UA Applications shall be configured to reject connections with applications that do not have a trusted Certificate . Certificates
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  3.1.17 NonUaApplication
  NonUaApplication support other industrial protocols but have the same certificate management requirements as OPC UA Applications
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  6.1 Overview
  GlobalDiscoveryServer (GDS) is an OPC UA Server which allows Clients to search for OPC UA Applications within the administrative domain. When compared to the LDS, the GDS provides an authoritative ... OPC UA Applications which have been verified by administrators and accessed via a secure communication channel. The GDS provides Methods that allow administrators to register applications and allow applications
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  7.1 Overview
  Certificate management functions comprise the management and distribution of certificates and TrustLists for OPC UA Applications. An application that provides the certificate management functions is called CertificateManager . GDS and CertificateManager ... Directory. The CertificateManager provides a standard OPC UA based information model that all OPC UA Applications can support without needing to know the specifics of a particular Certificate management system
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  7.2 Roles and Privileges
  request or revoke any Certificate , update any TrustList or assign CertificateGroups to OPC UA Applications . RegistrationAuthorityAdmin This Role grants rights to approve Certificate Signing requests or NewKeyPair requests. SecurityAdmin This ... request or renew Certificates, read TrustLists or CertificateGroups for one or more OPC UA Applications. The Certificate used to create the SecureChannel is used to determine the identity
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  7.8.3.3 CertificateGroupFolderType
  allowed for the Certificates used by the application when communicating with peers: For OPC UA Applications and CertificateManagers these CertificateTypes specify what is allowed for ApplicationInstance Certificates . They shall specify
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  8.1 Overview
  Overview KeyCredential management functions allow the management and distribution of KeyCredentials which OPC UA Applications use to access AuthorizationServices and/or Brokers . An application that provides the KeyCredential management functions ... intermediary between a Client and a system that does not support OPC UA such as Azure AD or LDAP. Note that KeyCredentials are secrets that are directly passed to AuthorizationServices
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  8.2 Roles and Privileges
  Application. ApplicationAdmin This Privilege grants rights to request KeyCredentials for one or more OPC UA Applications. The Certificate used to create the SecureChannel is used to determine the identity ... OPC UA Application and the set of OPC UA Applications that it is authorized to manage
• OPC-10000-21 – OPC Unified Architecture - Part 21: Device Onboarding
  4.3.3 Application Setup
  running on a Device that will allow the Applications to communicate with other OPC UA Applications running on the network. These mechanisms are provided by the CertificateManager Information Model
• OPC-10000-21 – OPC Unified Architecture - Part 21: Device Onboarding
  9.1 Overview
  Overview The workflows described in 4.3 define interactions between OPC UA Applications . Implementing these workflows requires an OPC UA Information Model . This section builds on existing Information Models and defines
• OPC-10000-26 – Part 26: LogObject - Part 26: LogObject Model
  5.6.1 Overview
  messages in one OPC UA Application and/or multiple log messages across multiple OPC UA Applications . The TraceId is a unique identifier for a trace. Once assigned it never changes ... applications, they have the same TraceId . A span represents a unit of work or operation. Spans are the building blocks of traces. A span is local to an OPC UA