9.3 Device Configuration Application (DCA)
9.3.1 Overview
Devices that support PushManagement described in 7.3 have a Server that implements the Information Model shown in Figure 11. This Information Model allows Registrars to authenticate Devices on the network. It also allows the location of the Registrars to be manually provided if the Device needs to use PullManagement and no multicast discovery capabilities are available.
The ProvisionableDevice Object shall be organized by the Resources Object (see OPC 10000-22) used to provision the Device the Server is running on. It is an instance of the ProvisionableDeviceType ObjectType which defines Methods used by the Registrar when it authenticates a Device.
The DefaultApplicationGroup Object is a well-known CertificateGroup that stores the Application Instance Certificate and TrustList for the DCA provided by the Registrar. This group is initially empty when the Device is first connected to the network. It is updated by the Registrar when the Device Authentication process completes.
The Applications that may be configured via the Server are components of the ProvisionableDevice Object. They are instances of ApplicationConfigurationType. The Server itself is configured via the ServerConfiguration Object. Some DCAs may choose to have CertificateGroups for individual Applications organized by the CertificateGroups Folder in the ServerConfiguration Object. In these cases, DCAs shall add a Reference from the ServerConfiguration CertificateGroups Folder to the CertificateGroup Object under the Application.
9.3.2 ProvisionableDevice
This Object is an instance of ProvisionableDeviceType. It is the well-known Resource which is used to authenticate a Device using PushManagement.
It is a target of an Organizes Reference from the Resources Object defined in OPC 10000-22.
It It is defined in Table 32.
| Attribute | Value | ||||
| BrowseName | 0:ProvisionableDevice | ||||
| TypeDefinition | 0:ProvisionableDeviceType defined in 9.3.3. | ||||
| References | Node Class | BrowseName | DataType | TypeDefinition | Modelling Rule |
|---|---|---|---|---|---|
| OrganizedBy the Resources Object defined in OPC 10000-22. | |||||
| Conformance Units | |||||
|---|---|---|---|---|---|
| Onboarding Server PushManagement |
9.3.3 ProvisionableDeviceType
The ProvisionableDeviceType ObjectType defines Objects that support PushManagement described in 7.3. The ObjectType is defined in Table 33.
| Attribute | Value | ||||||
| BrowseName | 0:ProvisionableDeviceType | ||||||
| IsAbstract | False | ||||||
| References |
Node
Class | BrowseName | DataType | TypeDefinition | Modelling Rule | ||
|---|---|---|---|---|---|---|---|
| Subtype of the BaseObjectType defined in OPC 10000-5. | |||||||
| 0:HasProperty | Variable | 0:IsSingleton | 0:Boolean | 0:PropertyType | Mandatory | ||
| 0:HasComponent | Method | 0:RequestTickets | Defined in 9.3.4. | Mandatory | |||
| 0:HasComponent | Method | 0:SetRegistrarEndpoints | Defined in 9.3.5. | Optional | |||
| 0:HasComponent | Object | 0:<ApplicationName> | 0:ApplicationConfigurationType | OptionalPlaceholder | |||
| Conformance Units | |||||||
|---|---|---|---|---|---|---|---|
| Onboarding Server PushManagement |
The IsSingleton Property indicates whether the DCA and the operational Server are the same. If TRUE, it tells Registrar that the DCA Certificate shall have rights associated with a Application Instance Certificate (i.e., it cannot be used to access the security configuration for different Applications). A ProvisionableDevice shall not have any ApplicationConfiguration components if IsSingleton is TRUE.
The RequestTickets Method allows the Registrar to request the list of Tickets stored on the Device.
The SetRegistrarEndpoints Method allows a configuration Client to provide the location of one or more Registrars which the Device can use to authenticate itself via PullManagement.
The :<ApplicationName> Objects defines an API which represents the configuration of an Client or Server running on a Device. The ApplicationConfigurationType is defined in OPC 10000-12.
9.3.4 RequestTickets
The RequestTickets Method allows a Client to request the list of Tickets stored on the Device. It is called by a Client using PushManagement to authenticate a Device. The Registrar follows the process described in 7 to select and validate one of the Tickets.
Signature
RequestTickets (
[out] 0:EncodedTicket [] tickets
);| Argument | Description |
| tickets | The signed Tickets stored on the Device. |
Method Result Codes (defined in Call Service)
| Result Code | Description |
Table 34 specifies the AddressSpace representation for the RequestTickets Method.
| Attribute | Value | ||||
| BrowseName | 0:RequestTickets | ||||
| References | NodeClass | BrowseName | DataType | TypeDefinition | ModellingRule |
|---|---|---|---|---|---|
| 0:HasProperty | Variable | 0:OutputArguments | 0:Argument [] | 0:PropertyType | Mandatory |
9.3.5 SetRegistrarEndpoints
The SetRegistrarEndpoints Method allows a Client to provide the location of one or more Registrars which the Device can use to authenticate itself via PullManagement.
The Client may be an engineering tool or other administrative application that allows a human to provide information that cannot be discovered automatically.
This Method shall be called from a Session that has access to the SecurityAdmin Role (see 4.2.6).
Signature
SetRegistrarEndpoints (
[in] 0:ApplicationDescription [] registrars
);| Argument | Description |
| registrars | The Servers which allow a Device to be authenticated via PullManagement. |
Method Result Codes (defined in Call Service)
| Result Code | Description |
| Bad_UserAccessDenied | The Session does not have rights to call the Method. |
Table 35 specifies the AddressSpace representation for the SetRegistrarEndpoints Method.
| Attribute | Value | ||||
| BrowseName | 0:SetRegistrarEndpoints | ||||
| References | NodeClass | BrowseName | DataType | TypeDefinition | ModellingRule |
|---|---|---|---|---|---|
| 0:HasProperty | Variable | 0:InputArguments | 0:Argument [] | 0:PropertyType | Mandatory |