Security Key Service Roles – OPC Unified Architecture

8.8 Security Key Service Roles

A SKS should support the well-known Roles for SKS which are defined in Table 231. The NodeIds for the well-known Roles are defined in OPC 10000-6.

Table 231 – Well-Known SKS Roles

BrowseName	Suggested Permissions
SecurityKeyServerAdmin	This Role allows an administrator to manage SecurityGroups and PushTargets on a SKS. This includes executing methods related to management of SecurityGroups and PushTargets on an SKS.
SecurityKeyServerAccess	This Role allows a PubSub Application to access an SKS to pull keys. It is the default Role for pull but it is expected that different custom Roles are used for different SecurityGroups.
SecurityKeyServerPush	This Role allows an SKS to push security keys to PubSub Applications. This includes executing methods related to PubSub security.

BrowseName

Suggested Permissions

SecurityKeyServerAdmin

This Role allows an administrator to manage SecurityGroups and PushTargets on a SKS. This includes executing methods related to management of SecurityGroups and PushTargets on an SKS.

SecurityKeyServerAccess

This Role allows a PubSub Application to access an SKS to pull keys.

It is the default Role for pull but it is expected that different custom Roles are used for different SecurityGroups.

SecurityKeyServerPush

This Role allows an SKS to push security keys to PubSub Applications.

This includes executing methods related to PubSub security.