7.8 Common Information Model

7.8.1 Overview

The common information model defines types that are used in both the Push and the Pull Model.

7.8.2 TrustLists

7.8.2.1 TrustListType

This type defines a FileType that can be used to access a TrustList.

The CertificateManager uses this type to implement the Pull Model.

Servers use this type when implementing the Push Model.

An instance of a TrustListType shall restrict access to appropriate users or applications. This may be a CertificateManager administrative user that can change the contents of a TrustList, it may be an administrative user that is reading a TrustList to configure applications or it may be an application that can only access the TrustList assigned to it.

The TrustList file is a UA Binary encoded stream containing an instance of TrustListDataType (see 7.8.2.8). The encoded structure is not wrapped in an ExtensionObject.

The Size Property inherited from FileType has no meaning for TrustList and returns the error code defined in OPC 10000-20.

When a Client opens the file for writing the Server will not actually update the TrustList until the CloseAndUpdate Method is called. Simply calling Close will discard the updates. The bit Masks in TrustListDataType structure allow the Client to only update part of the TrustList.

Its representation in the AddressSpace is formally defined in Table 27.

The LastUpdateTime indicates when the TrustList was last updated. The LastUpdateTime shall reflect changes made using the TrustList Object Methods. A TrustList Object in a CertificateManager shall also reflect changes made in other ways.

The LastUpdateTime of a TrustList Object in a CertificateManager allows Clients using the PullManagement to know whether the TrustList has changed since the last time they accessed it. The LastUpdateTime of a TrustList Object in the ServerConfiguration allows administration Clients to verify the date of TrustLists. If a Server is not able to determine the LastUpdateTime after an event such as a restart, then the LastUpdateTime shall be DateTime.MinValue.

The UpdateFrequency Property specifies how often the TrustList shall be checked for changes. When the CertificateManager specifies this value, all Clients that read a copy of the TrustList should connect to the CertificateManager and check for updates to the TrustList within 2 times the UpdateFrequency. The choice of UpdateFrequency depends on how quickly system changes are required to be detected and the performance constraints of the system. UpdateFrequencies that are too long create security risks because of out of date CRLs. UpdateFrequencies that are too short negatively impact system performance. If the TrustList Object is contained within a ServerConfiguration Object then this Property is not present.

When a CertificateManager is updating a TrustList as part of PushManagement, it sets this UpdateFrequency based on when the Server should raise Alarms if the CRLs are about to expire (see 7.8.3.1). If the Server supports this Property, it shall make it writeable to Clients authorized to update the TrustList.

The ActivityTimeout Property specifies the maximum elapsed time between the calls to Methods on the TrustList Object after Open or OpenWithMasks is called. If this time elapses the TrustList is automatically closed by the Server and any changes are discarded. The default value is 60 000 milliseconds (1 minute).

The DefaultValidationOptions Property specifies the default options to use when validating Certificates with the TrustList. The TrustListValidationOptions DataType is defined in 7.8.2.10. This Property may be updated by Clients with access to the SecurityAdmin Role.

If auditing is supported, the CertificateManager shall generate the TrustListUpdatedAuditEventType (see 7.8.2.13) when the TrustList is updated via the CloseAndUpdate (see 7.8.2.5), AddCertificate (see 7.8.2.6), RemoveCertificate (see 7.8.2.7) or ApplyChanges (see 7.10.9) Methods. The Event is only raised once after the asynchronous update process completes.

7.8.2.2 Open

The Open Method is inherited from FileType which is defined in OPC 10000-5.

The Open Method shall not support modes other than Read (0x01) and the Write + EraseExisting (0x06). If other modes are requested the return code is Bad_NotSupported.

If a transaction is in progress (see 7.10.9) on another Session then the Server shall return Bad_TransactionPending if Open is called with the Write Mode bit set. If the Server supports transactions, then the Server creates a new transaction or continues an existing transaction if Open is called with the Write Mode bit set.

If the SecureChannel is not authenticated the Server shall return Bad_SecurityModeInsufficient.

Method Result Codes

7.8.2.3 OpenWithMasks

The OpenWithMasks Method allows a Client to read only a portion of the TrustList.

This Method can only be used to read the TrustList.

After calling this Method, the Client calls Read one or more times to get the TrustList. If the Server is able to detect out of band changes to theTrustList before the Client calls the Close Method, then the next Read returns Bad_InvalidState. If the Server cannot detect out of band changes it shall ensure the Client receives a consistent snapshot.

For PullManagement, this Method shall be called from an authenticated SecureChannel and from a Client that has access to the CertificateAuthorityAdmin Role, the ApplicationSelfAdmin Privilege, or the ApplicationAdmin Privilege (see 7.2).

For PushManagement, this Method shall be called from an authenticated SecureChannel and from a Client that has access to the SecurityAdmin Role (see 7.2).

Signature

OpenWithMasks(
	[in]  UInt32 Masks
	[out] UInt32 FileHandle
);

Method Result Codes (defined in Call Service)

Table 28 specifies the AddressSpace representation for the OpenWithMasks Method.

7.8.2.4 Read

The Read Method is inherited from FileType which is defined in OPC 10000-5.

If the Server is able to detect out of band changes to the TrustList before the Client calls the Close Method, then this Method returns Bad_InvalidState.

Additional Method Result Codes

7.8.2.5 CloseAndUpdate

The CloseAndUpdate Method closes the TrustList and applies the changes to the TrustList. It can only be called if the TrustList was opened for writing. If the Close Method is called any cached data is discarded and the TrustList is not changed.

If only part of the TrustList is being updated the Server creates a new TrustList that includes the existing TrustList plus any updates and validates the new TrustList.

The Purpose of the associated CertificateGroup determines the validation rules for Certificates placed in the TrustList. For ApplicationCertificateType, the Server shall verify that every Certificate in the new TrustList is valid using the validation process defined in OPC 10000-4. All suppressible errors shall be ignored; however, they may be logged as warnings. If the validation fails, the appropriate StatusCode defined in OPC 10000-4 shall be reported.

For Purposes other than ApplicationCertificateType, the validation rules are not defined by this specification.

If the Server does not support transactions, it applies the changes immediately and sets ApplyChangesRequired to FALSE. If the Server supports transactions, then the Server creates a new transaction or continues an existing transaction and sets ApplyChangesRequired to TRUE.

If a transaction exists on the current Session, the Server does not update the TrustList until ApplyChanges (see 7.10.9) is called. Any Clients that read the TrustList before ApplyChanges is called will receive the existing TrustList before the transaction started.

If any errors occur, the new TrustList shall be discarded.

When the TrustList changes the Server shall re-evaluate the Certificate associated with any open Sessions and SecureChannels. Sessions or SecureChannels with an untrusted or revoked Certificate shall be closed. This process may not complete before the Method returns and could take a significant amount of time on systems with limited resources.

The structure uploaded includes a mask (see 7.8.2.9) which specifies which fields are updated. If a bit is not set then the associated field is not changed.

For PullManagement, this Method shall be called from an authenticated SecureChannel and from a Client that has access to the CertificateAuthorityAdmin Role, the ApplicationSelfAdmin Privilege, or the ApplicationAdmin Privilege (see 7.2).

For PushManagement, this Method shall be called from an authenticated SecureChannel and from a Client that has access to the SecurityAdmin Role (see 7.2).

Signature

CloseAndUpdate(
	[in]  UInt32 FileHandle
	[out] Boolean ApplyChangesRequired
);

Method Result Codes (defined in Call Service)

Table 29 specifies the AddressSpace representation for the CloseAndUpdate Method.

7.8.2.6 AddCertificate

The AddCertificate Method allows a Client to add a single Certificate to the TrustList.

The Purpose of the associated CertificateGroup determines the validation rules for the Certificate. For ApplicationCertificateType, the Server shall verify that the Certificate is valid using the validation process defined in OPC 10000-4. All suppressible errors shall be ignored; however, they may be logged as warnings. If the validation fails, the appropriate StatusCode defined in OPC 10000-4 shall be reported.

For Purposes other than ApplicationCertificateType, the validation rules are not defined by this specification.

This Method will return a validation error if the Certificate is issued by a CA and the Certificate for the issuer is not in the TrustList.

This Method cannot provide CRLs so issuer Certificates cannot be added with this Method. Instead, CA Certificates and their CRLs shall be managed with the Write Method on the containing TrustList Object.

This Method cannot be called if the containing TrustList Object is open.

This Method returns Bad_TransactionPending if a transaction is in progress (see 7.10.9).

This Method returns Bad_NotWritable if the TrustList Object is read only.

For PullManagement, this Method shall be called from an authenticated SecureChannel and from a Client that has access to the CertificateAuthorityAdmin Role (see 7.2).

For PushManagement, this Method shall be called from an authenticated SecureChannel and from a Client that has access to the SecurityAdmin Role (see 7.2).

Signature

AddCertificate(
	[in] ByteString Certificate
	[in] Boolean IsTrustedCertificate
);

Method Result Codes (defined in Call Service)

Table 30 specifies the AddressSpace representation for the AddCertificate Method.

7.8.2.7 RemoveCertificate

The RemoveCertificate Method allows a Client to remove a single Certificate from the TrustList. It returns Bad_InvalidArgument if the Thumbprint does not match a Certificate in the TrustList.

If the Certificate is a CA Certificate that has CRLs then all CRLs for that CA are removed as well.

This Method returns Bad_CertificateChainIncomplete if the Certificate is a CA Certificate needed to validate another Certificate in the TrustList.

This Method returns Bad_TransactionPending if a transaction is in progress (see 7.10.9).

This Method returns Bad_NotWritable if the TrustList Object is read only. For PullManagement, this Method shall be called from an authenticated SecureChannel and from a Session that has access to the CertificateAuthorityAdmin Role (see 7.2).

For PushManagement, this Method shall be called from an authenticated SecureChannel and from a Session that has access to the SecurityAdmin Role (see 7.2).

Signature

RemoveCertificate(
	[in] String Thumbprint
	[in] Boolean IsTrustedCertificate
);

Method Result Codes (defined in Call Service)

Table 31 specifies the AddressSpace representation for the RemoveCertificate Method.

7.8.2.8 TrustListDataType

This type defines a DataType which stores the TrustList of a Server. Its values are defined in Table 32.

Its representation in the AddressSpace is defined in Table 33.

7.8.2.9 TrustListMasks

This is a DataType that defines the values used for the SpecifiedLists field in the TrustListDataType. Its values are defined in Table 34.

Its representation in the AddressSpace is defined in Table 35.

7.8.2.10 TrustListValidationOptions

This DataType defines flags for TrustListValidationOptions is formally defined in Table 36.

If CheckRevocationStatusOnline is set, the Certificate validation process defined in OPC 10000-4 will look for the authorityInformationAccess extension to find an OCSP (RFC 6960) endpoint which can be used to determine if the Certificate has been revoked.

If the OCSP endpoint is not reachable then the Certificate validation process looks for offline CRLs if the CheckRevocationStatusOffline bit is set. Otherwise, validation fails.

The revocation status flags only have meaning for issuer Certificates and are used when validating Certificates issued by that issuer.

The default value for this DataType only has the CheckRevocationStatusOffline bit set.

The TrustListValidationOptions representation in the AddressSpace is defined in Table 37.

7.8.2.11 TrustListOutOfDateAlarmType

This SystemOffNormalAlarmType is raised by the Server when the UpdateFrequency elapses and the TrustList has not been updated. This alarm automatically returns to normal when the TrustList is updated.

Its representation in the AddressSpace is defined in Table 38.

TrustListId Property specifies the NodeId of the out-of-date TrustList Object.

LastUpdateTime Property specifies when the TrustList was last updated.

UpdateFrequency Property specifies how frequently the TrustList is updated.

7.8.2.12 TrustListUpdateRequestedAuditEventType

This event is raised when a Method that changes the TrustList is called

It is raised when CloseAndUpdate, AddCertificate or RemoveCertificate Method on a TrustListType Object is called.

Its representation in the AddressSpace is formally defined in Table 39.

This EventType inherits all Properties of the AuditUpdateMethodEventType. Their semantic is defined in OPC 10000-5.

7.8.2.13 TrustListUpdatedAuditEventType

This event is raised when a TrustList is successfully changed.

This is the result of a CloseAndUpdate Method on a TrustListType Object or the result of a ApplyChanges Method on the ServerConfigurationType Object being called.

It shall also be raised when the AddCertificate or RemoveCertificate Method causes an update to the TrustList.

Its representation in the AddressSpace is formally defined inTable 40.

This EventType inherits all Properties of the AuditUpdateMethodEventType. Their semantic is defined in OPC 10000-5.

The TrustListId Property is the NodeId of the TrustList Object that was changed.

7.8.3 CertificateGroups

7.8.3.1 CertificateGroupType

This ObjectType is used for Objects which represent CertificateGroups in the AddressSpace. A CertificateGroup is a context that contains a TrustList and one or more CertificateTypes that can be assigned to an application. This ObjectType allows an application which has multiple TrustLists and/or ApplicationInstance Certificates to express them in its AddressSpace.

A CertificateManager can have many CertificateGroups which manage CertificateTypes and TrustLists for the applications in the system.

A Server has one or more CertificateGroups which specify the CertificateTypes and TrustLists managed by the Server. Typically, there is a mapping between a CertificateGroup in a Server and a CertificateGroup in the CertificateManager. The mechanisms for creating that mapping are outside the scope of this specification.

This type is defined in Table 41.

The TrustList Object is the TrustList associated with the CertificateGroup.

The CertificateTypes Property specifies the NodeIds of the CertificateTypes which may be assigned to applications which belong to the CertificateGroup. For example, a CertificateGroup with the NodeId of RsaMinApplicationCertificateType (see 7.8.4.8) and the NodeId RsaSha256ApplicationCertificate (see 7.8.4.9) specified allows an OPC UA Application to have one ApplicationInstance Certificates for each type. If this list is empty then the CertificateGroup does not allow Certificates to be assigned to Applications (i.e. a UserToken CertificateGroup only exists to allow the associated TrustList to be read or updated). All CertificateTypes for a given CertificateGroup shall be subtypes of a single common type (see Purpose in 7.8.3.4).

The Purpose Property specifies the allowed CertificateTypes. It shall be a direct subtype of CertificateType. See 7.8.3.4 for more details.

The CertificateExpired Alarm which is raised when a Certificate associated with the CertificateGroup is about to expire. If multiple Certificates are about to expire an Alarm for each Certificate is raised. The CertificateExpirationAlarmType is defined in OPC 10000-9.

The TrustListOutOfDate Alarm which is raised when a CRL or an IssuerCertificate is about to expire. The Alarm is raised no later than the period specified by the UpdateFrequency before the actual expiry time (see 7.8.2.1). The TrustListOutOfDateAlarmType is defined in 7.8.2.11.

The Alarm instances are optional and should not appear on TrustList instances even when the TrustList generates the Alarms. If a specific TrustList instance generates the CertificateExpired or TrustListOutOfDate Alarms, the corresponding HasCondition References shall be specified on the instance.

The GetRejectedList Method returns the list of Certificates that have been rejected by the Server when using the TrustList associated with the CertificateGroup. It can be used to track activity or allow administrators to move a rejected Certificate into the TrustList. This Method shall only be present on CertificateGroups which are part of the ServerConfiguration Object defined in 7.10.4.

7.8.3.2 GetRejectedList

GetRejectedList Method returns the list of Certificates that have been rejected by the Server.

No rules are defined for how the Server updates this list or how long a Certificate is kept in the list. It is recommended that every valid but untrusted Certificate be added to the rejected list as long as storage is available. Servers can delete entries from the list returned if the maximum message size is not large enough to allow the entire list to be returned.

Servers only add Certificates to this list that have no unsuppressed validation errors but are not trusted.

For PullManagement, this Method is not present on the CertificateGroup.

For PushManagement, this Method shall be called from an authenticated SecureChannel and from a Client that has access to the SecurityAdmin Role (see 7.2).

Signature

GetRejectedList(
	[out] ByteString[] Certificates
);

Method Result Codes (defined in Call Service)

Table 42 specifies the AddressSpace representation for the GetRejectedList Method.

7.8.3.3 CertificateGroupFolderType

This type is used for Folders which organize CertificateGroups in the AddressSpace. This type is defined in Table 43.

The DefaultApplicationGroup Object represents the default CertificateGroup for Applications. It is used to access the default application TrustList and to define the CertificateTypes allowed for the Certificates used by the application when communicating with peers:

For OPC UA Applications and CertificateManagers these CertificateTypes specify what is allowed for ApplicationInstance Certificates. They shall specify one or more subtypes of ApplicationCertificateType (see 7.8.4.2).

For NonUaApplications, these CertificateTypes specify what is allowed for the NonUaApplications Certificates. They shall specify one or more subtypes of CertificateType (see 7.8.4.1 and Table 99).

The DefaultHttpsGroup Object represents the default CertificateGroup for HTTPS communication. It is used to access the default HTTPS TrustList and to define the CertificateTypes allowed for the HTTPS Certificate. This Object shall specify the HttpsCertificateType NodeId (see 7.8.4.3) as a single entry in the CertificateTypes list or it shall specify one or more subtypes of HttpsCertificateType.

This DefaultUserTokenGroup Object represents the default CertificateGroup for validating user credentials. It is used to access the default user credential TrustList and to define the CertificateTypes allowed for user credentials Certificate. This Object shall leave CertificateTypes list empty.

Any additional CertificateGroups shall have a BrowseName where the Name is unique within the CertificateGroupFolder.

7.8.3.4 CertificateGroupDataType

This type is used to serialize a single CertificateGroup configuration. It is defined in Table 44.

This type is used as part of the ApplicationConfigurationDataType defined in 7.10.19 which allows multiple of CertificateGroups in a Server to be updated at once.

The Name of the record is the name portion of the BrowseName of the associated CertificateGroup Object in the AddressSpace.

It may not be possible to delete CertificateGroups such as DefaultApplicationGroup.

Note that when a new CertificateGroup is added, Clients need to browse the CertificateGroups folder to discover the NodeId assigned by the Server that is needed for Certificate management Methods.

Each element in the CertificateTypes list shall be unique and not abstract. The set of permitted CertificateTypes is defined by the ApplicationConfigurationFileType Object (see 7.10.20).

When the CertificateTypes list is updated, if an element already exists it is not changed, if an element does not exist a new CertificateType is added. If existing CertificateTypes are not in the list they are deleted if no Certificate is assigned. The update is rejected if a Certificate is assigned to a deleted CertificateType. The DeleteCertificate Method is used to remove Certificates.

The Purpose imposes restrictions on the allowed CertificateTypes. The update to the CertificateGroup is rejected if the Purpose is changed and the CertificateTypes are not consistent.

The set of permitted Purposes is defined by the ApplicationConfigurationFileType Object (see 7.10.20).

This type is defined in Table 44.

Its representation in the AddressSpace is defined in Table 45.

7.8.4 CertificateTypes

7.8.4.1 CertificateType

This type is an abstract base type for types that describe the purpose of a Certificate. This type is defined in Table 46.

7.8.4.2 ApplicationCertificateType

This type is an abstract base type for types that describe the purpose of an ApplicationInstanceCertificate. This type is defined in Table 47.

7.8.4.3 HttpsCertificateType

This type is used to describe Certificates that are intended for use as HTTPS Certificates. This type is defined in Table 48.

7.8.4.4 UserCertificateType

This type is used to describe Certificates that are intended to identify users. This type is defined in Table 48.

7.8.4.5 TlsCertificateType

This type is used to describe Certificates that are intended for use as TLS Certificates. This type is defined in Table 48.

7.8.4.6 TlsServerCertificateType

This type is used to describe a Certificates that is a TLS server Certificate. This type is defined in Table 51.

7.8.4.7 TlsClientCertificateType

This type is used to describe a Certificates that is a TLS client Certificate. This type is defined in Table 52.

7.8.4.8 RsaMinApplicationCertificateType

This type is used to describe Certificates intended for use as an ApplicationInstanceCertificate. They shall have an RSA key size of 1024 or 2048 bits. All Applications which support the Basic128Rsa15 and Basic256 profiles (see OPC 10000-7) shall have a Certificate of this type. This type is defined in Table 53.

7.8.4.9 RsaSha256ApplicationCertificateType

This type is used to describe Certificates intended for use as an ApplicationInstanceCertificate. They shall have an RSA key size of 2048, 3072 or 4096 bits. All Applications which support the Basic256Sha256 profile (see OPC 10000-7) shall have a Certificate of this type. This type is defined in Table 54.

7.8.4.10 EccApplicationCertificateType

This type is used to describe Certificates intended for use as an ApplicationInstanceCertificate. They shall have an ECC Public Key. Applications which support the ECC profiles (see OPC 10000-7) shall have a Certificate of this type. This type is defined in Table 55.

7.8.4.11 EccNistP256ApplicationCertificateType

This type is used to describe Certificates intended for use as an ApplicationInstanceCertificate. They shall have an ECC nistP256 Public Key. Applications which support the ECC NIST P256 curve profiles (see OPC 10000-7) shall have a Certificate of this type or a Certificate of the EccNistP384ApplicationCertificateType defined in 7.8.4.12. This type is defined in Table 56.

7.8.4.12 EccNistP384ApplicationCertificateType

This type is used to describe Certificates intended for use as an ApplicationInstanceCertificate. They shall have an ECC nistP384 Public Key. Applications which support the ECC NIST P384 curve profiles (see OPC 10000-7) shall have a Certificate of this type. This type is defined in Table 57.

7.8.4.13 EccBrainpoolP256r1ApplicationCertificateType

This type is used to describe Certificates intended for use as an ApplicationInstanceCertificate. They shall have an ECC brainpoolP256r1 Public Key. Applications which support the ECC brainpoolP256r1 curve profiles (see OPC 10000-7) shall have a Certificate of this type or a Certificate of the EccBrainpoolP384r1ApplicationCertificateType defined in 7.8.4.14. This type is defined in Table 58.

7.8.4.14 EccBrainpoolP384r1ApplicationCertificateType

This type is used to describe Certificates intended for use as an ApplicationInstanceCertificate. They shall have an ECC brainpoolP384r1 Public Key. Applications which support the ECC brainpoolP384r1 curve profiles (see OPC 10000-7) shall have a Certificate of this type. This type is defined in Table 59.

7.8.4.15 EccCurve25519ApplicationCertificateType

This type is used to describe Certificates intended for use as an ApplicationInstanceCertificate. They shall have an ECC curve25519 Public Key. Applications which support the ECC curve25519 curve profiles (see OPC 10000-7) shall have a Certificate of this type. This type is defined in Table 60.

7.8.4.16 EccCurve448ApplicationCertificateType

This type is used to describe Certificates intended for use as an ApplicationInstanceCertificate. They shall have an ECC curve448 Public Key. Applications which support the ECC curve448 curve profiles (see OPC 10000-7) shall have a Certificate of this type. This type is defined in Table 61.

7.8.5 ConfigurationFiles

7.8.5.1 ConfigurationFileType

This type defines a FileType that can be used to access the configuration associated with an Object.

The file is a stream containing an instance of UABinaryFileDataType serialized using one of the DataEncodings defined in OPC 10000-6. The DataEncoding used depends on the DataEncoding used for the messages sent to the Server. The body of the UABinaryFileDataType shall be an instance of the DataType specified by the SupportedDataType Property.

An instance of a ConfigurationFileType shall restrict access to appropriate users or applications. This should be ConfigureAdmin, SecurityAdmin or an equivalent administrative Role.

The Open Method shall not support modes other than Read (0x01) and Read + Write (0x03).

When a Client opens the file for reading and writing, the Client shall follow the following steps.

Read the existing configuration with the FileType Read Method.

Set the position to the beginning of the file with the FileType SetPosition Method.

Write the changes with the FileType Write Method.

Apply the changes with the CloseAndUpdate Method.

Servers shall automatically Close ConfigurationFiles if there are no calls to Methods on the ConfigurationFile Object within the time specified by the ActivityTimeout Property.

The Size Property inherited from FileType has no meaning for ConfigurationFile and returns the error code defined in OPC 10000-20.

When the CloseAndUpdate Method is called the Server will validate the configuration and then schedules the update. The Server returns initial results in the CloseAndUpdate response and may return additional errors after applying the changes in the response to ConfirmUpdate.

If CloseAndUpdate succeeds it returns a UpdateId that is used to confirm that the Client can connect after the update by calling the ConfirmUpdate Method. If it is not necessary to call ConfirmUpdate, the Server returns a empty value for the UpdateId.

The LastUpdateTime Property indicates when the configuration was last updated. The LastUpdateTime shall reflect changes made using the ConfigurationFile Object Methods. A ConfigurationFile Object should also reflect changes made in other ways.

The CurrentVersion Property is the value of the Version for the currently active configuration.

The ActivityTimeout Property specifies the maximum elapsed time between the calls to Methods on the ConfigurationFile Object after Open is called. If this time elapses the ConfigurationFile is automatically closed by the Server and any changes are discarded. The default value is 60 000 milliseconds (1 minute).

The SupportedDataType Property specifies the NodeId of the DataType that is put into the body of the UABinaryFileDataType during reading and writing. Any DataType shall be a subtype of BaseConfigurationDataType which is defined in 7.8.5.4.

The CloseAndUpdate Method validates the configuration and returns any validation errors.

The ConfirmUpdate Method is used to confirm that the Client can reconnect after the changes were applied.

7.8.5.2 CloseAndUpdate

The CloseAndUpdate Method closes the ConfigurationFile and applies the changes to the configuration. It can only be called if the ConfigurationFile was opened for writing. If the Close Method is called any cached data is discarded and the configuration is not changed.

The Client may partially update the configuration by specifying one or more targets. Each target refers to a component of the configuration that will be inserted, updated or deleted. The Server shall attempt to apply all changes. If any errors occur then all changes are rolled back.

Updating the configuration will often require the endpoints to be closed and all active Sessions be interrupted. When the new configuration is applied it is possible that a configuration error made the Server unreachable. The RestartDelayTime argument is used to delay the restart process to give the Client a chance to receive results from the CloseAndUpdate call. The RevertAfterTime argument is used to automatically restore the previous configuration if the Client is not able to reconnect and call the ConfirmUpdate Method.

If auditing is supported, the Server shall generate the ConfigurationUpdatedAuditEventType (see 7.8.5.8) when the configuration is updated. This may occur before CloseAndUpdate completes or when the update is scheduled to occur based on the RestartDelayTime.

Signature

CloseAndUpdate(
	[in]  0:UInt32 FileHandle
	[in]  0:VersionTime VersionToUpdate
	[in]  0:ConfigurationUpdateTargetType[] Targets
	[in]  0:Duration RevertAfterTime
	[in]  0:Duration RestartDelayTime
	[out] 0:StatusCode[] UpdateResults
	[out] 0:VersionTime NewVersion
	[out] 0:Guid UpdateId
);

Method Result Codes (defined in Call Service)

Operation Result Codes (Returned in UpdateResults)

Table 29 specifies the AddressSpace representation for the CloseAndUpdate Method.

7.8.5.3 ConfirmUpdate

The ConfirmUpdate Method allows a Client to confirm that it can connect after the configuration has been applied. The Client shall disconnect from the Server and reconnect before calling ConfirmUpdate. The RevertAfterTime parameter passed to the CloseAndUpdate Method specifies how long the Server shall wait for confirmation.

If the Server could not apply all changes then the return code is Bad_TransactionFailed and no changes were applied.

If the Method is called too soon the Server returns Bad_InvalidState.

The permissions needed to call this method shall be specified by the subtype and should require one of the administrator Roles.

Signature

ConfirmUpdate(
	[in]  0:Guid UpdateId
);

Method Result Codes (defined in Call Service)

Table 28 specifies the AddressSpace representation for the ConfirmUpdate Method.

7.8.5.4 BaseConfigurationDataType

This DataType is the base DataType used to serialize configurations. It is defined in Table 65.

7.8.5.5 BaseConfigurationRecordDataType

This DataType is the base DataType for a named record contained within a configuration. It is defined in Table 67.

Its representation in the AddressSpace is defined in Table 66.

7.8.5.6 ConfigurationUpdateTargetType

This is a DataType that defines a target for an update operation It allows the Client to specify the type of update operation (insert, replace or delete).

The Path field defines the path to the target record of the update operation within the configuration. Only fields which are subtypes of BaseConfigurationRecordDataType are valid targets of the path.

The UpdateType specifies that operation to be performed.

Examples of paths:

CertificateGroups.[1]

ApplicationIdentity

UserTokenSettings.[2]

The ConfigurationUpdateTargetType is defined in Table 69.

Its representation in the AddressSpace is defined in Table 70.

7.8.5.7 ConfigurationUpdateType

This is a DataType that defines the values used for the UpdateType field in the ConfigurationUpdateTargetType. Its values are defined in Table 71.

The update operation is applied to a target within the configuration identified by a path (see 7.8.5.6). The Replace and Delete operations use the Name field in the Structure to match a target with an existing record. For Insert operations no existing record with the same Name may exist. For Delete operations the contents of the record are ignored.

Its representation in the AddressSpace is defined in Table 72.

7.8.5.8 ConfigurationUpdatedAuditEventType

This event is raised when a configuration been updated.

The SourceNode Property for Events of this type shall be assigned to the NodeId for the Node that owns the configuration (usually the parent of the ConfigurationFile Object). The SourceName for Events of this type shall be the BrowseName of the configuration owner.

Its representation in the AddressSpace is formally defined in Table 73.

This EventType inherits all Properties of the AuditEventType. Their semantic is defined in OPC 10000-5.

The DataType Property specifies the DataType of the configuration that was updated.