Search

29 result(s) for Registrar

• OPC-10000-21 – OPC Unified Architecture - Part 21: Device Onboarding
  3.1.16 Registrar
  Registrar an OPC UA Application that registers and authenticates Devices added to the network
• OPC-10000-12 – OPC Unified Architecture - Part 12: Discovery and Global Services
  7.3 Pull Management
  include Certificates previously issued to the application being accessed, Device Certificates issued by the Registrar defined in OPC 10000-21 or Certificates issued to an application with access ... anonymous user credentials are used. The Client may be a DCA authenticated by a Registrar (see OPC 10000-21 ), a Client with a previously issued Certificate , or a Client authorized
• OPC-10000-21 – OPC Unified Architecture - Part 21: Device Onboarding
  3.1.9 Device Configuration Application (DCA)
  which is a Client uses PullManagement (see 7.2 ) to interact with the Registrar. Note 2 to entry: the Registrar uses PushManagement (see 7.3 ) to interact with a DCA which
• OPC-10000-21 – OPC Unified Architecture - Part 21: Device Onboarding
  4.1 Device Lifecycle
  network (see 3.1.17 ). RegistrarAdmin A user authorized to change the configuration of the Registrar . SoftwareUpdateAdmin A user authorized to update the firmware running on a Device. SecurityAdmin A user authorized
• OPC-10000-21 – OPC Unified Architecture - Part 21: Device Onboarding
  4.2.6 Roles and Privileges
  Onboarding Name Description RegistrarAdmin The Role grants rights to manage the Tickets known the Registrar and approve Devices when automatic authentication was not possible. SoftwareUpdateAdmin The Role grants rights ... Device . SecurityAdmin The Role grants the right to changes the security configuration of a Registrar or a DCA Server . For the DCA Server this includes the right
• OPC-10000-21 – OPC Unified Architecture - Part 21: Device Onboarding
  4.3.2 Onboarding
  When this happens the authenticity of the Device is verified via interactions with a Registrar running on the network. Every Device has a Device Configuration Application (DCA) which interacts with ... Registrar using the interactions described in PullManagement ( 7.2 ) or PushManagement ( 7.3 ). These interactions are secured with a DeviceIdentity Certificate . After authentication completes, the DCA is issued a Certificate
• OPC-10000-21 – OPC Unified Architecture - Part 21: Device Onboarding
  6.2 Ticket Distribution
  systems controlled by the OwnerOperator. Automatic validation of Devices requires a service, called a Registrar , running on the network. The Registrar is able to communicate with new Devices ... they match a Ticket known to the Registrar . The mechanism for providing the Tickets to the Registrar depends on the Registrar . A completely automated solution would integrate the Registrar with
• OPC-10000-21 – OPC Unified Architecture - Part 21: Device Onboarding
  6.3 Authentication
  network and verify their authenticity. This process is automated by the use of a Registrar that detects new Devices added to the network, inspects their DeviceIdentity Certificates and finds ... because these values are not known when the DeviceIdentity Certificate is created. Therefore, the Registrar shall suppress host name validation errors when communicating with a DCA. The Registrar should verify
• OPC-10000-21 – OPC Unified Architecture - Part 21: Device Onboarding
  6.4 Acquiring and Validating Tickets
  Devices are connected to the network. This could be done automatically if the Registrar is integrated with the ERP. It can also be a manual process where a digital file ... delivered to an RegistrarAdmin that uploads it to Registrar . When a new Device is detected on the network the matching Ticket is found which confirms that the Device is authorized
• OPC-10000-21 – OPC Unified Architecture - Part 21: Device Onboarding
  7.1 Overview
  Device that indicates that it has been authenticated. The initial communication between the Registrar and the Device is secured with a DeviceIdentity Certificate . When using PushManagement ( 7.3 ), the Registrar ... shall provide at least one EndpointDescription for each DeviceIdentity Certificate . The Registrar chooses a DeviceIdentity Certificate, establishes a secure connection using an EndpointDescription that uses that Certificate. This provides proof
• OPC-10000-21 – OPC Unified Architecture - Part 21: Device Onboarding
  7.2 Pull Management
  Device authentication process. The sequence begins when the Device discovers the location of the Registrar via mDNS (see OPC 10000-12 ), the SetRegistrarEndpoints Method is called ( Servers only ... sequence restarts from the beginning. Note that step requires that the DCA trust any Registrar it finds since it does not have a valid TrustList (see 4.2.4 ). If multiple Registrars
• OPC-10000-21 – OPC Unified Architecture - Part 21: Device Onboarding
  7.3 Push Management
  process. Each of the DeviceIdentity Certificates is returned in EndpointDescriptions returned by GetEndpoints . The Registrar looks for a pre-validated Ticket that matches the Certificate in one of the Endpoints ... none found it chooses any one and establishes a SecureChannel and calls RequestTickets . The Registrar needs to validate the Tickets returned by the Device which requires access to the Certificate
• OPC-10000-21 – OPC Unified Architecture - Part 21: Device Onboarding
  7.4.1 Overview
  Device and supply a Certificate to the DCA that is trusted by the Registrar, SoftwareUpdateManager and CertificateManager . This Certificate shall also contain a ProductInstanceUri (see 5.2 ) which uniquely identifies ... Authentication Service cannot supply this Endpoint, the DCA can get it from the Registrar which may be discovered with mDNS and then calling the GetManagers Method . Once any software update
• OPC-10000-21 – OPC Unified Architecture - Part 21: Device Onboarding
  7.4.2.2 Integration with the Registrar
  Integration with the Registrar Figure 9 illustrates the handoff from the FDO protocol to the mechanisms defined in this document. Figure 9 - Device Authentication with the FDO Protocol Specifically ... device with a Certificate that can be used to create a SecureChannel with the Registrar . The Registrar is preconfigured with the CA Certificate used by the FDO Owner to issue
• OPC-10000-21 – OPC Unified Architecture - Part 21: Device Onboarding
  9.1 Overview
  completely implement the workflows. Clause 9.2 defines the Information Model implemented in a Registrar that provides support for PullManagement defined in 7.2 . Clause 9.3 defines the Information Model implemented
• OPC-10000-21 – OPC Unified Architecture - Part 21: Device Onboarding
  9.2.1 Overview
  Overview The Registrar described in 7 is a Server that implements the Information Model shown in Figure 10 . This Information Model allows new Devices to use pull management described ... manually registered for PushManagement when no multicast discovery mechanism is available. Figure 10 - Registrar Address Space for Onboarding Workflow
• OPC-10000-21 – OPC Unified Architecture - Part 21: Device Onboarding
  9.2.2 DeviceRegistrarType
  Mandatory 0:HasComponent Object 2:Administration 2:DeviceRegistrarAdminType Optional Conformance Units Onboarding Registrar PullManagement The ProvideIdentities Method allows a Device to request that it be authenticated so it can have ... network. The UpdateSoftwareStatus Method is used by the SoftwareUpdateManager to tell the Registrar that the Device has up to date software. The RegisterDeviceEndpoint Method allows an administration Client to provide
• OPC-10000-21 – OPC Unified Architecture - Part 21: Device Onboarding
  9.2.3 ProvideIdentities
  network. It is called by a Device using PullManagement to provide the Registrar with its DeviceIdentity Certificates . The Registrar follows the process described in 7 to select and validate ... signed Tickets stored on the Device . This argument may be null. If the Registrar returns a Bad_TicketRequired error this Method needs to called again with any available Tickets . Tickets
• OPC-10000-21 – OPC Unified Architecture - Part 21: Device Onboarding
  9.2.5 RegisterDeviceEndpoint
  that allows a human to provide information that cannot be discovered automatically. Once the Registrar knows the location of a Device it schedules a task that uses PushManagement to complete
• OPC-10000-21 – OPC Unified Architecture - Part 21: Device Onboarding
  9.2.6 GetManagers
  GetManagers The GetManagers Method allows a Registrar to provide the location of other managers on a network which are needed to support onboarding of Devices . The managers have network Endpoints
• OPC-10000-21 – OPC Unified Architecture - Part 21: Device Onboarding
  9.2.7 ManagerDescription
  specification: http://opcfoundation.org/UA/Onboarding/CertificateManager http://opcfoundation.org/UA/Onboarding/SoftwareUpdateManager Other purposes may be defined by the Registrar . The fields of this DataType are defined in Table 7 . Table 22 - ManagerDescription Structure Name ... Other Subtype of the Structure DataType defined in OPC 10000-5 . Conformance Units Onboarding Registrar PullManagement
• OPC-10000-21 – OPC Unified Architecture - Part 21: Device Onboarding
  9.2.8 RegisterManagedApplication
  allows a DCA using pull management to register an application that it manages. The Registrar creates whatever records are needed in the CertificateManager and returns the ApplicationIds which are needed ... Application does not support OPC UA . It indicates what protocol the Application supports. The Registrar shall have some mechanism to verify that a DCA is authorized to manage Application
• OPC-10000-21 – OPC Unified Architecture - Part 21: Device Onboarding
  9.2.9 DeviceRegistrar
  known Object that is present in the AddressSpace of a Server that is a Registrar . It is formally defined in Table 25 . Table 25 - DeviceRegistrar Definition Attribute Value BrowseName ... Modelling Rule OrganizedBy the Objects Object defined in OPC 10000-5 . Conformance Units Onboarding Registrar PullManagement
• OPC-10000-21 – OPC Unified Architecture - Part 21: Device Onboarding
  9.2.10 DeviceRegistrarAdminType
  bjectType that provides an interface to manage the TrustLists and Tickets used by the Registrar when authenticating Devices on a network. The ObjectType is defined in Table 26 Table ... TrustListType Mandatory 0:HasComponent Object 2:DeviceIdentityAuthorities 0:TrustListType Mandatory Conformance Units Onboarding Registrar Administration The RegisterTickets Method allows an administration Client to provide a list of Tickets for Devices
• OPC-10000-21 – OPC Unified Architecture - Part 21: Device Onboarding
  9.2.14 DeviceIdentityAcceptedAuditEventType
  DeviceIdentityAcceptedAuditEventType This abstract Event is raised when the Registrar accepts a DeviceIdentity . This occurs when the Registrar finds a matching validated Ticket and is able to validate a DeviceIdentity Certificate ... Mandatory 0:HasProperty Variable 2:Composite 0:EncodedTicket 0:PropertyType Mandatory Conformance Units Onboarding Registrar PullManagement This EventType inherits all Properties of the AuditEventType. Their semantic is defined
• OPC-10000-21 – OPC Unified Architecture - Part 21: Device Onboarding
  9.2.15 DeviceSoftwareUpdatedAuditEventType
  DeviceSoftwareUpdatedAuditEventType This abstract Event is raised when the Registrar receives the Device software status has changed. This Event and it subtypes are security related and Servers shall only report them ... Mandatory 0:HasProperty Variable 2:SoftwareRevision 0:String 0:PropertyType Mandatory Conformance Units Onboarding Registrar PullManagement This EventType inherits all Properties of the AuditEventType. Their semantic is defined
• OPC-10000-21 – OPC Unified Architecture - Part 21: Device Onboarding
  9.3.1 Overview
  instance of the ProvisionableDeviceType ObjectType which defines Methods used by the Registrar when it authenticates a Device . The DefaultApplicationGroup Object is a well-known CertificateGroup that stores the Application Instance ... Certificate and TrustList for the DCA provided by the Registrar . This group is initially empty when the Device is first connected to the network. It is updated by the Registrar
• OPC-10000-21 – OPC Unified Architecture - Part 21: Device Onboarding
  9.3.3 ProvisionableDeviceType
  whether the DCA and the operational Server are the same. If TRUE, it tells Registrar that the DCA Certificate shall have rights associated with a Application Instance Certificate ... have any ApplicationConfiguration components if IsSingleton is TRUE. The RequestTickets Method allows the Registrar to request the list of Tickets stored on the Device . The SetRegistrarEndpoints Method allows a configuration
• OPC-10000-21 – OPC Unified Architecture - Part 21: Device Onboarding
  9.3.4 RequestTickets
  Device . It is called by a Client using PushManagement to authenticate a Device. The Registrar follows the process described in 7 to select and validate one of the Tickets . Signature