Figure1_

 

 

 

Figure3_

 

     OPC UA Specification

OPC 10000-7

 

OPC Unified Architecture

Part 7: Profiles

 

 

Release 1.04

2017-11-01

 

 

 

 

 

 

 


 

Specification Type:

Industry Standard Specification

Comments:

Report or view errata: http://www.opcfoundation.org/errata

 

 

 

 

Document
Number

OPC 10000-7

 

 

 

Title:

OPC Unified Architecture

Part 7 :Profiles

Date:

2017-11-01

 

 

 

 

Version:

Release 1.04

Software:

MS-Word

 

 

Source:

OPC 10000-7 - UA Specification Part 7 - Profiles 1.04.docx

 

 

 

 

Author:

OPC Foundation

Status:

Release

 

 

 

 


 

CONTENTS

 

FIGURES. viii

TABLES. ix

1       Scope. 1

2       Normative references. 1

3       Terms, definitions, and abbreviations. 2

3.1        Terms and definitions. 2

3.2        Abbreviations. 3

4       Overview. 3

4.1        General 3

4.2        ConformanceUnit 4

4.3        Profiles. 4

4.4        Profile Categories. 5

5       Conformance Units. 5

5.1        Overview. 5

5.2        Services. 6

5.3        Transport and communication related features. 15

5.4        Information Model and AddressSpace related features. 22

5.5        Miscellaneous. 39

6       Profiles. 40

6.1        Overview. 40

6.2        Profile list 40

6.3        Conventions for Profile definitions. 45

6.4        Profile versioning. 45

6.5        Applications. 45

6.6        Profile tables. 47

6.6.1          Introduction. 47

6.6.2          Core Server Facet 47

6.6.3          Core 2017 Server Facet 48

6.6.4          Sessionless Server Facet 49

6.6.5          Reverse Connect Server Facet 49

6.6.6          Base Server Behaviour Facet 49

6.6.7          Request State Change Server Facet 49

6.6.8          Subnet Discovery Server Facet 49

6.6.9          Global Certificate Management Server Facet 50

6.6.10        Authorization Service Server Facet 50

6.6.11        KeyCredential Service Server Facet 50

6.6.12        Attribute WriteMask Server Facet 50

6.6.13        File Access Server Facet 50

6.6.14        Documentation Server Facet 51

6.6.15        Embedded DataChange Subscription Server Facet 51

6.6.16        Standard DataChange Subscription Server Facet 51

6.6.17        Standard DataChange Subscription 2017 Server Facet 52

6.6.18        Enhanced DataChange Subscription Server Facet 52

6.6.19        Enhanced DataChange Subscription 2017 Server Facet 52

6.6.20        Durable Subscription Server Facet 53

6.6.21        Data Access Server Facet 53

6.6.22        ComplexType Server Facet 53

6.6.23        ComplexType 2017 Server Facet 54

6.6.24        Standard Event Subscription Server Facet 54

6.6.25        Address Space Notifier Server Facet 55

6.6.26        A & C Base Condition Server Facet 55

6.6.27        A & C Refresh2 Server Facet 55

6.6.28        A & C Address Space Instance Server Facet 55

6.6.29        A & C Enable Server Facet 55

6.6.30        A & C AlarmMetrics Server Facet 56

6.6.31        A & C Alarm Server Facet 56

6.6.32        A & C Acknowledgeable Alarm Server Facet 56

6.6.33        A & C Exclusive Alarming Server Facet 57

6.6.34        A & C Non-Exclusive Alarming Server Facet 57

6.6.35        A & C Previous Instances Server Facet 57

6.6.36        A & C Dialog Server Facet 57

6.6.37        A & C CertificateExpiration Server Facet 58

6.6.38        A & E Wrapper Facet 58

6.6.39        Method Server Facet 59

6.6.40        Auditing Server Facet 59

6.6.41        Node Management Server Facet 59

6.6.42        User Role Base Server Facet 59

6.6.43        User Role Management Server Facet 60

6.6.44        State Machine Server Facet 60

6.6.45        Client Redundancy Server Facet 60

6.6.46        Redundancy Transparent Server Facet 60

6.6.47        Redundancy Visible Server Facet 60

6.6.48        Historical Raw Data Server Facet 61

6.6.49        Historical Aggregate Server Facet 61

6.6.50        Historical Data AtTime Server Facet 62

6.6.51        Historical Access Modified Data Server Facet 62

6.6.52        Historical Annotation Server Facet 62

6.6.53        Historical Data Insert Server Facet 62

6.6.54        Historical Data Update Server Facet 63

6.6.55        Historical Data Replace Server Facet 63

6.6.56        Historical Data Delete Server Facet 63

6.6.57        Historical Access Structured Data Server Facet 63

6.6.58        Base Historical Event Server Facet 63

6.6.59        Historical Event Update Server Facet 64

6.6.60        Historical Event Replace Server Facet 64

6.6.61        Historical Event Insert Server Facet 64

6.6.62        Historical Event Delete Server Facet 64

6.6.63        Aggregate Subscription Server Facet 64

6.6.64        Nano Embedded Device Server Profile. 65

6.6.65        Nano Embedded Device 2017 Server Profile. 66

6.6.66        Micro Embedded Device Server Profile. 66

6.6.67        Micro Embedded Device 2017 Server Profile. 66

6.6.68        Embedded UA Server Profile. 67

6.6.69        Embedded 2017 UA Server Profile. 67

6.6.70        Standard UA Server Profile. 67

6.6.71        Standard 2017 UA Server Profile. 68

6.6.72        Core Client Facet 68

6.6.73        Core 2017 Client Facet 68

6.6.74        Sessionless Client Facet 69

6.6.75        Reverse Connect Client Facet 69

6.6.76        Base Client Behaviour Facet 69

6.6.77        Discovery Client Facet 70

6.6.78        Subnet Discovery Client Facet 70

6.6.79        Global Discovery Client Facet 70

6.6.80        Global Certificate Management Client Facet 70

6.6.81        KeyCredential Service Client Facet 70

6.6.82        Access Token Request Client Facet 71

6.6.83        AddressSpace Lookup Client Facet 71

6.6.84        Request State Change Client Facet 71

6.6.85        File Access Client Facet 71

6.6.86        Entry Level Support 2015 Client Facet 71

6.6.87        Multi-Server Client Connection Facet 72

6.6.88        Documentation – Client 72

6.6.89        Attribute Read Client Facet 72

6.6.90        Attribute Write Client Facet 72

6.6.91        DataChange Subscriber Client Facet 73

6.6.92        Durable Subscription Client Facet 73

6.6.93        DataAccess Client Facet 73

6.6.94        Event Subscriber Client Facet 74

6.6.95        Base Event Processing Client Facet 74

6.6.96        Notifier and Source Hierarchy Client Facet 74

6.6.97        A & C Base Condition Client Facet 75

6.6.98        A & C Refresh2 Client Facet 75

6.6.99        A & C Address Space Instance Client Facet 75

6.6.100     A & C Enable Client Facet 75

6.6.101     A & C AlarmMetrics Client Facet 75

6.6.102     A & C Alarm Client Facet 75

6.6.103     A & C Exclusive Alarming Client Facet 76

6.6.104     A & C Non-Exclusive Alarming Client Facet 76

6.6.105     A & C Previous Instances Client Facet 76

6.6.106     A & C Dialog Client Facet 77

6.6.107     A & C CertificateExpiration Client Facet 77

6.6.108     A & E Proxy Facet 77

6.6.109     Method Client Facet 78

6.6.110     Auditing Client Facet 78

6.6.111     Node Management Client Facet 78

6.6.112     Advanced Type Programming Client Facet 79

6.6.113     User Role Management Client Facet 79

6.6.114     State Machine Client Facet 79

6.6.115     Diagnostic Client Facet 79

6.6.116     Redundant Client Facet 80

6.6.117     Redundancy Switch Client Facet 80

6.6.118     Historical Access Client Facet 80

6.6.119     Historical Data AtTime Client Facet 80

6.6.120     Historical Aggregate Client Facet 80

6.6.121     Historical Annotation Client Facet 81

6.6.122     Historical Access Modified Data Client Facet 81

6.6.123     Historical Data Insert Client Facet 81

6.6.124     Historical Data Update Client Facet 82

6.6.125     Historical Data Replace Client Facet 82

6.6.126     Historical Data Delete Client Facet 82

6.6.127     Historical Access Client Server Timestamp Facet 82

6.6.128     Historical Structured Data Access Client Facet 82

6.6.129     Historical Structured Data AtTime Client Facet 83

6.6.130     Historical Structured Data Modified Client Facet 83

6.6.131     Historical Structured Data Insert Client Facet 83

6.6.132     Historical Structured Data Update Client Facet 83

6.6.133     Historical Structured Data Replace Client Facet 83

6.6.134     Historical Structured Data Delete Client Facet 83

6.6.135     Historical Events Client Facet 84

6.6.136     Historical Event Insert Client Facet 84

6.6.137     Historical Event Update Client Facet 84

6.6.138     Historical Event Replace Client Facet 84

6.6.139     Historical Event Delete Client Facet 84

6.6.140     Aggregate Subscriber Client Facet 85

6.6.141     Standard UA Client Profile. 86

6.6.142     Standard UA Client 2017 Profile. 86

6.6.143     UA-TCP UA-SC UA-Binary. 87

6.6.144     HTTPS UA-Binary. 87

6.6.145     HTTPS UA-XML. 87

6.6.146     HTTPS UA-JSON. 87

6.6.147     WSS UA-SC UA-Binary. 88

6.6.148     WSS UA-JSON. 88

6.6.149     Security User Access Control Full 88

6.6.150     Security User Access Control Base. 88

6.6.151     Security Time Synchronization. 89

6.6.152     Best Practice – Audit Events. 89

6.6.153     Best Practice – Alarm Handling. 89

6.6.154     Best Practice – Random Numbers. 89

6.6.155     Best Practice – Timeouts. 89

6.6.156     Best Practice – Administrative Access. 89

6.6.157     Best Practice – Strict Message Handling. 90

6.6.158     Best Practice – Audit Events Client 90

6.6.159     TransportSecurity – TLS 1.2. 90

6.6.160     TransportSecurity – TLS 1.2 with PFS. 90

6.6.161     SecurityPolicy – None. 91

6.6.162     SecurityPolicy – Basic128Rsa15. 91

6.6.163     SecurityPolicy – Basic256. 91

6.6.164     SecurityPolicy [A] - Aes128-Sha256-RsaOaep. 91

6.6.165     SecurityPolicy [B] – Basic256Sha256. 91

6.6.166     SecurityPolicy - Aes256-Sha256-RsaPss. 92

6.6.167     User Token – Anonymous Facet 92

6.6.168     User Token – User Name Password Server Facet 92

6.6.169     User Token – X509 Certificate Server Facet 93

6.6.170     User Token – Issued Token Server Facet 93

6.6.171     User Token – Issued Token Windows Server Facet 93

6.6.172     User Token – JWT Server Facet 93

6.6.173     User Token – User Name Password Client Facet 93

6.6.174     User Token – X509 Certificate Client Facet 94

6.6.175     User Token – Issued Token Client Facet 94

6.6.176     User Token – Issued Token Windows Client Facet 94

6.6.177     User Token – JWT Client Facet 94

6.6.178     Global Discovery Server Profile. 94

6.6.179     Global Discovery Server 2017 Profile. 95

6.6.180     Global Discovery and Certificate Management Server 95

6.6.181     Global Discovery and Certificate Mgmt 2017 Server 95

6.6.182     Global Certificate Management Client Profile. 96

6.6.183     Global Certificate Management Client 2017 Profile. 96

6.6.184     Global Service Authorization Request Server Facet 96

6.6.185     Global Service KeyCredential Pull Facet 96

6.6.186     Global Service KeyCredential Push Facet 97


 

FIGURES

 

Figure 1 – Profile – ConformanceUnit – TestCases.................................... 4

Figure 2 – HMI Client sample............................................................... 46

Figure 3 – Embedded Server sample..................................................... 46

Figure 4 – Standard UA Server sample.................................................. 47


 

TABLES

 

Table 1 – Profile Categories.................................................................. 5

Table 2 – Conformance Groups............................................................. 5

Table 3 – Discovery Services................................................................ 6

Table 4 – Session Services................................................................... 8

Table 5 – Node Management Services.................................................... 9

Table 6 – View Services....................................................................... 9

Table 7 – Attribute Services................................................................. 10

Table 8 – Method Services.................................................................. 11

Table 9 – Monitored Item Services........................................................ 12

Table 10 – Subscription Services.......................................................... 13

Table 11 – Security............................................................................ 15

Table 12 – Protocol and Encoding........................................................ 22

Table 13 – Base Information................................................................ 22

Table 14 – Address Space Model......................................................... 25

Table 15 – Data Access...................................................................... 26

Table 16 – Alarms and Conditions........................................................ 27

Table 17 – Historical Access................................................................ 30

Table 18 – Aggregates....................................................................... 32

Table 19 – Auditing............................................................................ 38

Table 20 – Redundancy...................................................................... 38

Table 21 – Global Discovery Server...................................................... 38

Table 22 – Miscellaneous.................................................................... 39

Table 23 – Profile list......................................................................... 41

Table 24 – Core Server Facet.............................................................. 48

Table 25 – Core 2017 Server Facet....................................................... 48

Table 26 – Sessionless Server Facet.................................................... 49

Table 27 – Reverse Connect Server Facet............................................. 49

Table 28 – Base Server Behaviour Facet............................................... 49

Table 29 – Request State Change Server Facet...................................... 49

Table 30 – Subnet Discovery Server Facet............................................. 50

Table 31 – Global Certificate Management Server Facet........................... 50

Table 32 – Authorization Service Server Facet........................................ 50

Table 33 – KeyCredential Service Server Facet....................................... 50

Table 34 – Attribute WriteMask Server Facet.......................................... 50

Table 35 – File Access Server Facet..................................................... 51

Table 36 – Documentation Server Facet................................................ 51

Table 37 – Embedded DataChange Subscription Server Facet................... 51

Table 38 – Standard DataChange Subscription Server Facet..................... 51

Table 39 – Standard DataChange Subscription 2017 Server Facet.............. 52

Table 40 – Enhanced DataChange Subscription Server Facet.................... 52

Table 41 – Enhanced DataChange Subscription 2017 Server Facet............. 53

Table 42 – Durable Subscription Server Facet......................................... 53

Table 43 – Data Access Server Facet.................................................... 53

Table 44 – ComplexType Server Facet.................................................. 53

Table 45 – ComplexType 2017 Server Facet........................................... 54

Table 46 – Standard Event Subscription Server Facet.............................. 54

Table 47 – Address Space Notifier Server Facet...................................... 55

Table 48 – A & C Base Condition Server Facet....................................... 55

Table 49 – A & C Refresh2 Server Facet................................................ 55

Table 50 – A & C Address Space Instance Server Facet........................... 55

Table 51 – A & C Enable Server Facet................................................... 56

Table 52 – A & C AlarmMetrics Server Facet.......................................... 56

Table 53 – A & C Alarm Server Facet.................................................... 56

Table 54 – A & C Acknowledgeable Alarm Server Facet............................ 56

Table 55 – A & C Exclusive Alarming Server Facet.................................. 57

Table 56 – A & C Non-Exclusive Alarming Server Facet............................ 57

Table 57 – A & C Previous Instances Server Facet.................................. 57

Table 58 – A & C Dialog Server Facet................................................... 58

Table 59 – A & C CertificateExpiration Server Facet................................. 58

Table 60 – A & E Wrapper Facet.......................................................... 58

Table 61 – Method Server Facet........................................................... 59

Table 62 – Auditing Server Facet.......................................................... 59

Table 63 – Node Management Server Facet........................................... 59

Table 64 – User Role Base Server Facet................................................ 59

Table 65 – User Role Management Server Facet..................................... 60

Table 66 – State Machine Server Facet................................................. 60

Table 67 – Client Redundancy Server Facet........................................... 60

Table 68 – Redundancy Transparent Server Facet................................... 60

Table 69 – Redundancy Visible Server Facet.......................................... 61

Table 70 – Historical Raw Data Server Facet.......................................... 61

Table 71 – Historical Aggregate Server Facet......................................... 61

Table 72 – Historical Data AtTime Server Facet...................................... 62

Table 73 – Historical Access Modified Data Server Facet.......................... 62

Table 74 – Historical Annotation Server Facet......................................... 62

Table 75 – Historical Data Insert Server Facet........................................ 62

Table 76 – Historical Data Update Server Facet...................................... 63

Table 77 – Historical Data Replace Server Facet..................................... 63

Table 78 – Historical Data Delete Server Facet....................................... 63

Table 79 – Historical Access Structured Data Server Facet....................... 63

Table 80 – Base Historical Event Server Facet........................................ 64

Table 81 – Historical Event Update Server Facet..................................... 64

Table 82 – Historical Event Replace Server Facet.................................... 64

Table 83 – Historical Event Insert Server Facet....................................... 64

Table 84 – Historical Event Delete Server Facet...................................... 64

Table 85 – Aggregate Subscription Server Facet..................................... 64

Table 86 – Nano Embedded Device Server Profile................................... 65

Table 87 – Nano Embedded Device 2017 Server Profile............................ 66

Table 88 – Micro Embedded Device Server Profile................................... 66

Table 89 – Micro Embedded Device 2017 Server Profile........................... 66

Table 90 – Embedded UA Server Profile................................................ 67

Table 91 – Embedded 2017 UA Server Profile......................................... 67

Table 92 – Standard UA Server Profile.................................................. 67

Table 93 – Standard 2017 UA Server Profile........................................... 68

Table 94 – Core Client Facet............................................................... 68

Table 95 – Core 2017 Client Facet........................................................ 69

Table 96 – Sessionless Client Facet...................................................... 69

Table 97 – Reverse Connect Client Facet.............................................. 69

Table 98 – Base Client Behaviour Facet................................................ 69

Table 99 – Discovery Client Facet........................................................ 70

Table 100 – Subnet Discovery Client Facet............................................ 70

Table 101 – Global Discovery Client Facet............................................. 70

Table 102 – Global Certificate Management Client Facet.......................... 70

Table 103 – KeyCredential Service Client Facet...................................... 71

Table 104 – Access Token Request Client Facet..................................... 71

Table 105 – AddressSpace Lookup Client Facet...................................... 71

Table 106 – Request State Change Client Facet...................................... 71

Table 107 – File Access Client Facet..................................................... 71

Table 108 – Entry Level Support 2015 Client Facet.................................. 72

Table 109 – Multi-Server Client Connection Facet.................................... 72

Table 110 – Documentation – Client...................................................... 72

Table 111 – Attribute Read Client Facet................................................. 72

Table 112 – Attribute Write Client Facet................................................. 72

Table 113 – DataChange Subscriber Client Facet.................................... 73

Table 114 – Durable Subscription Client Facet........................................ 73

Table 115 – DataAccess Client Facet.................................................... 73

Table 116 – Event Subscriber Client Facet............................................. 74

Table 117 – Base Event Processing Client Facet..................................... 74

Table 118 – Notifier and Source Hierarchy Client Facet............................ 74

Table 119 – A & C Base Condition Client Facet....................................... 75

Table 120 – A & C Refresh2 Client Facet............................................... 75

Table 121 – A & C Address Space Instance Client Facet........................... 75

Table 122 – A & C Enable Client Facet.................................................. 75

Table 123 – A & C AlarmMetrics Client Facet.......................................... 75

Table 124 – A & C Alarm Client Facet................................................... 76

Table 125 – A & C Exclusive Alarming Client Facet.................................. 76

Table 126 – A & C Non-Exclusive Alarming Client Facet........................... 76

Table 127 – A & C Previous Instances Client Facet.................................. 77

Table 128 – A & C Dialog Client Facet................................................... 77

Table 129 – A & C CertificateExpiration Client Facet................................ 77

Table 130 – A & E Proxy Facet............................................................ 77

Table 131 – Method Client Facet.......................................................... 78

Table 132 – Auditing Client Facet......................................................... 78

Table 133 – Node Management Client Facet........................................... 78

Table 134 – Advanced Type Programming Client Facet............................ 79

Table 135 – User Role Management Client Facet.................................... 79

Table 136 – State Machine Client Facet................................................. 79

Table 137 – Diagnostic Client Facet...................................................... 79

Table 138 – Redundant Client Facet..................................................... 80

Table 139 – Redundancy Switch Client Facet.......................................... 80

Table 140 – Historical Access Client Facet............................................. 80

Table 141 – Historical Data AtTime Client Facet...................................... 80

Table 142 – Historical Aggregate Client Facet......................................... 80

Table 143 – Historical Annotation Client Facet........................................ 81

Table 144 – Historical Access Modified Data Client Facet......................... 81

Table 145 – Historical Data Insert Client Facet........................................ 82

Table 146 – Historical Data Update Client Facet...................................... 82

Table 147 – Historical Data Replace Client Facet.................................... 82

Table 148 – Historical Data Delete Client Facet....................................... 82

Table 149 – Historical Access Client Server Timestamp Facet.................... 82

Table 150 – Historical Structured Data Access Client Facet....................... 82

Table 151 – Historical Structured Data AtTime Client Facet....................... 83

Table 152 – Historical Structured Data Modified Client Facet..................... 83

Table 153 – Historical Structured Data Insert Client Facet......................... 83

Table 154 – Historical Structured Data Update Client Facet....................... 83

Table 155 – Historical Structured Data Replace Client Facet...................... 83

Table 156 – Historical Structured Data Delete Client Facet........................ 84

Table 157 – Historical Events Client Facet............................................. 84

Table 158 – Historical Event Insert Client Facet...................................... 84

Table 159 – Historical Event Update Client Facet.................................... 84

Table 160 – Historical Event Replace Client Facet................................... 84

Table 161 – Historical Event Delete Client Facet..................................... 84

Table 162 – Aggregate Subscriber Client Facet....................................... 85

Table 163 – Standard UA Client Profile.................................................. 86

Table 164 – Standard UA Client 2017 Profile.......................................... 86

Table 165 – UA-TCP UA-SC UA-Binary................................................. 87

Table 166 – HTTPS UA-Binary............................................................. 87

Table 167 – HTTPS UA-XML............................................................... 87

Table 168 – HTTPS UA-JSON............................................................. 88

Table 169 – WSS UA-SC UA-Binary...................................................... 88

Table 170 – WSS UA-JSON................................................................ 88

Table 171 – Security User Access Control Full........................................ 88

Table 172 – Security User Access Control Base...................................... 88

Table 173 – Security Time Synchronization............................................ 89

Table 174 – Best Practice – Audit Events............................................... 89

Table 175 – Best Practice – Alarm Handling........................................... 89

Table 176 – Best Practice – Random Numbers........................................ 89

Table 177 – Best Practice – Timeouts................................................... 89

Table 178 – Best Practice – Administrative Access.................................. 90

Table 179 – Best Practice – Strict Message Handling............................... 90

Table 180 – Best Practice – Audit Events Client...................................... 90

Table 181 – TransportSecurity – TLS 1.2............................................... 90

Table 182 – TransportSecurity – TLS 1.2 with PFS.................................. 90

Table 183 – SecurityPolicy – None........................................................ 91

Table 184 –  SecurityPolicy [A] - Aes128-Sha256-RsaOaep....................... 91

Table 185 – SecurityPolicy [B] – Basic256Sha256................................... 92

Table 186 – SecurityPolicy - Aes256-Sha256-RsaPss............................... 92

Table 187 – User Token – Anonymous Facet.......................................... 92

Table 188 – User Token – User Name Password Server Facet................... 93

Table 189 – User Token – X509 Certificate Server Facet.......................... 93

Table 190 – User Token – Issued Token Server Facet.............................. 93

Table 191 – User Token – Issued Token Windows Server Facet................. 93

Table 192 – User Token – JWT Server Facet.......................................... 93

Table 193 – User Token – User Name Password Client Facet.................... 94

Table 194 – User Token – X509 Certificate Client Facet............................ 94

Table 195 – User Token – Issued Token Client Facet............................... 94

Table 196 – User Token – Issued Token Windows Client Facet.................. 94

Table 197 – User Token – JWT Client Facet........................................... 94

Table 198 – Global Discovery Server Profile........................................... 94

Table 199 – Global Discovery Server 2017 Profile................................... 95

Table 200 – Global Discovery and Certificate Management Server.............. 95

Table 201 – Global Discovery and Certificate Mgmt 2017 Server................ 95

Table 202 – Global Certificate Management Client Profile......................... 96

Table 203 – Global Certificate Management Client 2017 Profile.................. 96

Table 204 – Global Service Authorization Request Server Facet................. 96

Table 205 – Global Service KeyCredential Pull Facet............................... 97

Table 206 – Global Service KeyCredential Push Facet.............................. 97

 


OPC Foundation

____________

 

UNIFIED ARCHITECTURE –

FOREWORD

This specification is the specification for developers of OPC UA applications. The specification is a result of an analysis and design process to develop a standard interface to facilitate the development of applications by multiple vendors that shall inter-operate seamlessly together.

Copyright © 2006-2018, OPC Foundation, Inc.

AGREEMENT OF USE

COPYRIGHT RESTRICTIONS

Any unauthorized use of this specification may violate copyright laws, trademark laws, and communications regulations and statutes. This document contains information which is protected by copyright. All Rights Reserved. No part of this work covered by copyright herein may be reproduced or used in any form or by any means--graphic, electronic, or mechanical, including photocopying, recording, taping, or information storage and retrieval systems--without permission of the copyright owner.

OPC Foundation members and non-members are prohibited from copying and redistributing this specification. All copies must be obtained on an individual basis, directly from the OPC Foundation Web site
HTUhttp://www.opcfoundation.orgUTH.

PATENTS

The attention of adopters is directed to the possibility that compliance with or adoption of OPC specifications may require use of an invention covered by patent rights. OPC shall not be responsible for identifying patents for which a license may be required by any OPC specification, or for conducting legal inquiries into the legal validity or scope of those patents that are brought to its attention. OPC specifications are prospective and advisory only. Prospective users are responsible for protecting themselves against liability for infringement of patents.

WARRANTY AND LIABILITY DISCLAIMERS

WHILE THIS PUBLICATION IS BELIEVED TO BE ACCURATE, IT IS PROVIDED "AS IS" AND MAY CONTAIN ERRORS OR MISPRINTS. THE OPC FOUDATION MAKES NO WARRANTY OF ANY KIND, EXPRESSED OR IMPLIED, WITH REGARD TO THIS PUBLICATION, INCLUDING BUT NOT LIMITED TO ANY WARRANTY OF TITLE OR OWNERSHIP, IMPLIED WARRANTY OF MERCHANTABILITY OR WARRANTY OF FITNESS FOR A PARTICULAR PURPOSE OR USE. IN NO EVENT SHALL THE OPC FOUNDATION BE LIABLE FOR ERRORS CONTAINED HEREIN OR FOR DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, RELIANCE OR COVER DAMAGES, INCLUDING LOSS OF PROFITS, REVENUE, DATA OR USE, INCURRED BY ANY USER OR ANY THIRD PARTY IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS MATERIAL, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

The entire risk as to the quality and performance of software developed using this specification is borne by you.

RESTRICTED RIGHTS LEGEND

This Specification is provided with Restricted Rights. Use, duplication or disclosure by the U.S. government is subject to restrictions as set forth in (a) this Agreement pursuant to DFARs 227.7202-3(a); (b) subparagraph (c)(1)(i) of the Rights in Technical Data and Computer Software clause at DFARs 252.227-7013; or (c) the Commercial Computer Software Restricted Rights clause at FAR 52.227-19 subdivision (c)(1) and (2), as applicable. Contractor / manufacturer are the OPC Foundation,. 16101 N. 82nd Street, Suite 3B, Scottsdale, AZ, 85260-1830

COMPLIANCE

The OPC Foundation shall at all times be the sole entity that may authorize developers, suppliers and sellers of hardware and software to use certification marks, trademarks or other special designations to indicate compliance with these materials. Products developed using this specification may claim compliance or conformance with this specification if and only if the software satisfactorily meets the certification requirements set by the OPC Foundation. Products that do not meet these requirements may claim only that the product was based on this specification and must not claim compliance or conformance with this specification.

Trademarks

Most computer and software brand names have trademarks or registered trademarks. The individual trademarks have not been listed here.

GENERAL PROVISIONS

Should any provision of this Agreement be held to be void, invalid, unenforceable or illegal by a court, the validity and enforceability of the other provisions shall not be affected thereby.

This Agreement shall be governed by and construed under the laws of the State of Minnesota, excluding its choice or law rules.

This Agreement embodies the entire understanding between the parties with respect to, and supersedes any prior understanding or agreement (oral or written) relating to, this specification.

ISSUE REPORTING

The OPC Foundation strives to maintain the highest quality standards for its published specifications; hence they undergo constant review and refinement. Readers are encouraged to report any issues and view any existing errata here: HTUhttp://www.opcfoundation.org/errataUTH


 

 

Revision 1.04 Highlights

The following table includes the Mantis issues resolved with this revision.

Mantis ID

Summary

Resolution

3628

New Transport Profiles:WSS and HTTPS/JSON

Created encoding units for JSON, UA Binary and XML.

Created transport profiles for https/json, wss/binary and wss/json.

3603

Under specified Security Policy Basic256Sha256

Added following explanatory text:

“uses PKCS#1 v1.5 padding” to AsymmetricSignatureAlgorithm
“uses Sha1 for padding” to AsymmetricEncryptionAlgorithm

3442

No Push model in client profile

Changed global certification facets so that client only includes “pull” and server only includes “push”.

3634

Add profile for JSON web token

JSON web token created for server and client.

3606

Add CU for MultiStateValueDiscreteType

Added CU for MultiStateValueDiscrete type to DataAccess server and client facet.

3644

Require handling of repeated invalid username/pwd

Created new CU and added it to all user tokens

3369

Durable Subscriptions: Determining reasonable queue sizes / timeouts

Updated the facet for durable subscriptions to include multiple storage levels where support of one of them is required.

3233

New facets needed for structures with the new DataTypeDefinition attribute

Created 2017 version for ComplexType Server Facet which requires the DataTypeDefinition Attribute
Created ComplexType read and write facet for client (was an optional CU in read/write)

3347

Need CU/Profile for ResendData

Created 2017 version for the “Standard DataChange Subscription Server Facet” where GetMonitoredItems and ResendData are mandatory. This required a 2017 version of "Enhanced DataChange Subscription Server Facet".

Also added to "DataChange Subscriber Client Facet" as optional CUs.

3650

Estimated return time needs CU

EstimatedReturnTime CUs created and added (optional) to

·      Core 2017 Server Facet

·      Core Client Facet

3673

Need CUs for atomicity

Atomicity CUs created and added to

·      Core 2017 Server Facet (mandatory)

·      Read/Write Attribute Client Facet (optional)

3674

Need CUs for “full array only”

FullArrayOnly CUs created and added to

·      Core 2017 Server Facet (mandatory)

·      Read/Write Attribute + DataChange Subscriber Client Facet (optional)

2382

CUs and Facets for state machine

Created Server and Client facets for state machines.

3640

Profiles for user authorization

Created “User Role Management” Client and Server profiles.

3646

Profiles for sessionless invoke

Created server and client facets. The server facet requires support of a GetEndpoint filter to request only endpoints that support sessionless invocation.

3645

Profiles for server-initiated connections

Added two facets:

·      Reverse Connect Server Facet

·      Reverse Connect Client Facet

3748

Add CUs for Available States and Available Transistions.

Created CUs for Client and Server and added them to StateMachine facets.

3759

Alarming: Silencing

Added conformance units for silencing to the Alarm facets.

3763

Alarming: Out Of Service

Added conformance units for out of service state to the Alarm facets.

3771

Alarming: Suppressed State

Added conformance units for suppressed state to the Alarm facets.

Separate CU for the Suppress and Unsuppress Methods.

3761

Add Discrepancy Alarm type

Added conformance units for discrepancy Alarm to the Alarm facets.

3760

Alarm Metrics Profiles

Added new facets for Client and Server.

3764

Alarm properties for IEC 62682

Added CUs for:

OnDelay and OffDelay
ReAlarmTime, ReAlarmRepeatCount
FirstInGroup
AudibleSound

ConditionSubClass

 

3817

SelectionListType missing

Created CUs for this new Variable Type and inserted them as optional to the Core Facets

3791

SHA1 broken

Deprecated Base128Rsa15 and Base256.

Created new security policies.

3769

Remove specific security policies.

Base128Rsa15 and Base256 are now deprecated.

In addition, all profiles that explicitely referenced security policies have been updated. They do not reference a security policy but rather require SecurityPolicy [A] and [B].

3756

GDS QueryApplications

Added new optional CUs for Global Client Discovery Facet and for the GDS.

3757

GDS Credential Management

Added new facets for Client and Server as well as for the GDS.

3758

GDS Authorization Service

Added new facets for Client and Server as well as for the GDS.

 

 


OPC Unified Architecture Specification

 

Part 7: Profiles

 

 

 

         Scope

This part describes the OPC Unified Architecture (OPC UA) Profiles. The Profiles in this document are used to segregate features with regard to testing of OPC UA products and the nature of the testing (tool based or lab based). This includes the testing performed by the OPC Foundation provided OPC UA CTT (a self-test tool) and by the OPC Foundation provided Independent certification test labs. This could equally as well refer to test tools provided by another organization or a test lab provided by another organization. What is important is the concept of automated tool based testing versus lab based testing. The scope of this standard includes defining functionality that can only be tested in an a lab and defining the grouping of functionality that is to be used when testing OPC UA products either in a lab or using automated tools. The definition of actual TestCases is not within the scope of this document, but the general categories of TestCases are within the scope of this document.

Most OPC UA applications will conform to several, but not all of the Profiles.

         Normative references

The following documents, in whole or in part, are normatively referenced in this document and are indispensable for its application. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments and errata) applies.

OPC 10000-1, OPC Unified Architecture - Part 1: Overview and Concepts

http://www.opcfoundation.org/UA/Part1/

OPC 10000-2, OPC Unified Architecture - Part 2: Security Model

http://www.opcfoundation.org/UA/Part2/

OPC 10000-3, OPC Unified Architecture - Part 3: Address Space Model

http://www.opcfoundation.org/UA/Part3/

OPC 10000-4, OPC Unified Architecture - Part 4: Services

http://www.opcfoundation.org/UA/Part4/

OPC 10000-5, OPC Unified Architecture - Part 5: Information Model

http://www.opcfoundation.org/UA/Part5/

OPC 10000-6, OPC Unified Architecture - Part 6: Mappings

http://www.opcfoundation.org/UA/Part6/

OPC 10000-8, OPC Unified Architecture - Part 8: Data Access

http://www.opcfoundation.org/UA/Part8/

OPC 10000-9, OPC Unified Architecture - Part 9: Alarms and Conditions

http://www.opcfoundation.org/UA/Part9/

OPC 10000-10, OPC Unified Architecture - Part 10: Programs

http://www.opcfoundation.org/UA/Part10/

OPC 10000-11, OPC Unified Architecture - Part 11: Historical Access

http://www.opcfoundation.org/UA/Part11/

OPC 10000-12, OPC Unified Architecture - Part 12: Discovery and Global Services

http://www.opcfoundation.org/UA/Part12/

OPC 10000-13, OPC Unified Architecture - Part 13: Aggregates

http://www.opcfoundation.org/UA/Part13/

 

Test Specifications

Compliance Part 8 UA Server, OPC Test Lab Specification: Part 8 – UA Server

http://www.opcfoundation.org/Test/Part8/

Compliance Part 9 UA Client, OPC Test Lab Specification: Part 9 – UA Client

http://www.opcfoundation.org/Test/Part9/

 

         Terms, definitions, and abbreviations

3.1         Terms and definitions

For the purposes of this document, the terms and definitions given in The following documents, in whole or in part, are normatively referenced in this document and are indispensable for its application. For dated references, only the edition cited applies. For undated references, the latest edition of the referenced document (including any amendments and errata) applies. OPC 10000-1, OPC 10000-2, OPC 10000-3, OPC 10000-4, OPC 10000-6, and OPC 10000-8 as well as the following apply. An overview of the terms defined in this standard and their interaction can be viewed in Figure 1.

3.1.1         

application

a software program that executes or implements some aspect of OPC UA

Note 1 to entry: The application could run on any machine and perform any function. The application could be software or it could be a hardware application, the only requirement is that it implements OPC UA.

3.1.2         

ConformanceUnit

a specific set of OPC UA features that can be tested as a single entity

Note 1 to entry: A ConformanceUnit can cover a group of services, portions of services or information models.

3.1.3         

ConformanceGroup

a group of ConformanceUnits that is given a name

Note 1 to entry: This grouping is only to assist in organizing ConformanceUnits. Typical ConformanceGroups include groups for each of the service sets in OPC UA and each of the Information Model standards.

3.1.4         

Facet

a Profile dedicated to a specific feature that a Server or Client may require

Note 1 to entry: Facets are typically combined to form higher-level Profiles. The use of the term Facet in the title of a Profile indicates that the given Profile is not a standalone Profile.

3.1.5         

FullFeatured Profile

a Profile that defines all features necessary to build a functional OPC UA Application

Note 1 to entry: A FullFeatured Profile in particular adds definitions of the transport and security requirements.

3.1.6         

ProfileCategory

arranges Profiles into application classes, such as Server or Client

Note 1 to entry: These categories help determine the type of Application that a given Profile would be used for. For additional details see 4.4.

3.1.7         

TestCase

a technical description of a set of steps required to test a particular function or information model

Note 1 to entry: TestCases provide sufficient details to allow a developer to implement them in code. TestCases also provide a detailed summary of the expected result(s) from the execution of the implemented code and any precondition(s) that must be established before the TestCase can be executed.

3.1.8         

TestLab

a facility that is designated to provide testing services

Note 1 to entry: These services include but are not limited to personal that directly perform testing, automated testing and a formal repeatable process. The OPC Foundation has provided detailed standard describing OPC UA TestLabs and the testing they are to provided (see Compliance Part 8 UA Server, Compliance Part 9 UA Client).

 

3.2         Abbreviations

DA               Data Access

HA               Historical Access

HMI             Human Machine Interface

NIST            National Institute of Standard and Technology

PKI              Public Key Infrastructure

RSA             Rivest-Shamir-Adleman

UA               Unified Architecture

         Overview

4.1       General

The OPC Unified architecture multipart standard describes a number of Services and a variety of information models. These Services and information models can be referred to as features of a Server or Client. Servers and Clients need to be able to describe which features they support and wish to have certified. This document provides a grouping of these features. The individual features are grouped into ConformanceUnits which are further grouped into Profiles. Figure 1 provides an overview of the interactions between Profiles, ConformanceUnits and TestCases. The large arrows indicate the components that are used to construct the parent. For example a Profile is constructed from Profiles and ConformanceUnits. The figure also illustrates a feature of the OPC UA Compliance Test Tool (CTT), in that it will test if a requested Profile passes all ConformanceUnits. It will also test all other ConformanceUnits and report any other Profiles that pass conformance testing. The individual TestCases are defined in separate documents see Compliance Part 8 UA Server and Compliance Part 9 UA Client. The TestCases are related back to the appropriate ConformanceUnits defined in this standard. This relationship is also displayed by the OPC UA Compliance Test Tool.

Figure4_

Figure 1 – Profile – ConformanceUnit – TestCases

4.2       ConformanceUnit

Each ConformanceUnit represents a specific set of features (e.g. a group of services, portions of services or information models) that can be tested as a single entity. ConformanceUnits are the building blocks of a Profile. Each ConformanceUnit can also be used as a test category. For each ConformanceUnit, there would be a number of TestCases that test the functionality described by the ConformanceUnit. The description of a ConformanceUnit is intended to provide enough information to illustrate the required functionality, but in many cases to obtain a complete understanding of the ConformanceUnit the reader may be required to also examine the appropriate part of OPC UA. Additional Information regarding testing of a ConformanceUnit are provided in the Compliance Part 8 UA Server or Compliance Part 9 UA Client test standards.

The same features do not appear in more than one ConformanceUnit.

4.3       Profiles

A Profile is a named aggregation of ConformanceUnits and other Profiles. To support a Profile, an application has to support the ConformanceUnits and all aggregated Profiles. The definition of Profiles is an ongoing activity, in that it is expected that new Profiles will be added in the future.

An OPC UA Application will typically support multiple Profiles.

Multiple Profiles may include the same ConformanceUnit.

Testing of a Profile consists of testing the individual ConformanceUnits that comprise the Profile.

Profiles are named based on naming conventions (see 6.3 for details).

4.4       Profile Categories

Profiles are grouped into categories to help vendors and end users understand the applicability of a Profile. A Profile can be assigned to more than one category.

Table 1 – Profile Categories contains the list of currently defined ProfileCategories.

Table 1 – Profile Categories

Category

Description

Client

Profiles of this category specify functions of an OPC UA Client.

Global Directory Service

Profiles of this category specify functions for global discovery and certificate management.

Security

Profiles of this category specify security related functions. Security policies are part of this category. The URI of security policies has to be part of an Endpoint Description returned from the GetEndpoints service. Profiles of this category apply to Clients and Servers.

Server

Profiles of this category specify functions of an OPC UA Server. The URI of such Profiles can be exposed in the Server capabilities.

Transport

Profiles of this category specify specific protocol mappings. The URI of such Profiles has to be part of an Endpoint Description. These Profiles apply to Clients and Servers.

 

         Conformance Units

5.1       Overview

A ConformanceUnit represents an individually testable entity. For improved clarity, the large list of ConformanceUnits is arranged into named ConformanceGroups. These groups reflect the Service Sets in OPC 10000-4 and the OPC UA information models. Table 2 lists the ConformanceGroups. These groups and the ConformanceUnits that they describe are detailed in the Subclauses of chapter 5 starting with clause 5.2. ConformanceGroups have no impact on testing; they are used only for organizational reasons, i.e. to simplify the readability of this document.

Table 2 – Conformance Groups

Group

Description

Address Space Model

Defines ConformanceUnits for various features of the OPC UA AddressSpace.

Aggregates

All ConformanceUnits that are related to Aggregates, including individual ConformanceUnits for each supported Aggregate as described in Part 13.

Alarms and Conditions

All ConformanceUnits that are associated with the OPC UA Information Model for Conditions, acknowledgeable Conditions, confirmations and Alarms as specified in Part 9.

Attribute Services

Includes ConformanceUnits to read or write current or historical Attribute values.

Auditing

User level security includes support for security audit trails, with traceability between Client and Server audit logs.

Base Information

All information elements as defined in Part 5.

Data Access

ConformanceUnits specific to Clients and Servers that deal with the representation and use of automation data as specified in Part 8.

Discovery Services

ConformanceUnits which focus on Server Endpoint Discovery.

GDS

Conformance Units for a GDS. Includes units for global discovery and global certificate management.

Historical Access

Access to archived data of Node Attribute values or Events.

Method Services

Methods represent the function calls of Objects. Methods are invoked and return only after completion (successful or unsuccessful).

Miscellaneous

This group contains ConformanceUnits that cover miscellaneous subjects, such as recommended behaviours, documentation etc. These ConformanceUnits typically do not fit into any of the other groups.

Monitored Item Services

Clients define MonitoredItems to subscribe to data and Events. Each MonitoredItem identifies the item to be monitored and the Subscription to use to send Notifications.

Node Management Services

Bundles ConformanceUnits for all Services to add and delete OPC UA AddressSpace Nodes and References.

Protocol and Encoding

Covers all transport and encoding combinations that are specified in Part 6.

Redundancy

The design of OPC UA ensures that vendors can create redundant Clients and redundant Servers in a consistent manner. Redundancy may be used for high availability, fault tolerance and load balancing.

Security

Security related ConformanceUnits that can be profiled this includes all aspects of security.

Session Services

An (OPC UA) Session is an application layer connection.

Subscription Services

Subscriptions are used to report Notifications to the Client.

View Services

Clients use the View Service Set to navigate through the OPC UA AddressSpace or through a View (a subset) of the OPC UA AddressSpace.

 

5.2       Services

The following tables describe ConformanceUnits for the Services specified in OPC 10000-4. The tables correlate with the Service Sets.

A single ConformanceUnit can reference several Services (e.g. CreateSession, ActivateSession and CloseSession) but can also refer to individual aspects of Services (e.g. the use of ActivateSession to impersonate a new user).

Each table includes a listing of the Profile Category to which a ConformanceUnit belongs, the title and description of the ConformanceUnit. In some cases, a ConformanceUnit will be derived from another ConformanceUnit. This parent unit will then be specified in the description of each derived unit. In such cases the derived units inherit all of the tests of its parent plus one or more additional TestCases. These TestCases can only further restrict the existing TestCases. An example would be one in which the number of connections is tested, where the TestCase of the parent required at least one connection and the derived ConformanceUnit would require a TestCase for at least five connections.

The Discovery Service Set is composed of multiple ConformanceUnits (see Table 3). All Servers provide some aspects of this functionality; see Profiles categorized as Server Profiles for details. Clients may support some aspects of this functionality; see Profiles categorized as Client Profiles for details.

Table 3 – Discovery Services

Category

Title

Description

Server

Discovery Get Endpoints

Support the GetEndpoints Service to obtain all Endpoints of the Server.

This includes filtering based on Profiles.

Server

Discovery Get Endpoints SessionLess

Support at least one endpoint for issueing SessionLess Services. Support obtaining such endpoints by accepting the Transport URI as a filter to the GetEndpoints Service with the query string "SL" appended to the Transport URI. E.g. "http://opcfoundation.org/UA-Profile/Transport/https-uajson?SL"

Server

Discovery Find Servers Self

Support the FindServers Service only for itself.

Server

Discovery Register

Call the RegisterServer Service to register itself (OPC UA Server) with an external Discovery Service via a secure channel with a SecurityMode other than NONE.

Server

Discovery Register2

Call the RegisterServer2 Service to register with an external Discovery Service via a Secure Channel with a SecurityMode other than "None". This includes passing a list of short capability identifiers.

The identifiers and their use are specified in Part 12.

Server

Discovery Server Announcement using mDNS

Provide mDNS functionality to announce a Server with its capabilities. The capability identifiers and the use of mDNS records for the purpose of OPC UA Discovery is specified in Part 12.

 

Note that this functionality is only required for Servers that do not register with an LDS.

The capability identifiers and their use in mDNS records are specified in Part 12.

Server

Discovery Configuration

Allow configuration of the Discovery Server URL where the Server will register itself.

Allow complete disabling of registration with a Discovery Server.

Client

Discovery Client Find Servers Basic

Uses the FindServers Service to obtain all Servers installed on a given platform.

Client

Discovery Client Find Servers with URI

Use FindServers Service to obtain URLs for specific Server URIs.

Client

Discovery Client Find Servers Dynamic

Detect new Servers after an initial FindServers Service call.

Client

Discovery Client Find Servers on Network

Support one of the options to locate Servers on the network.

Client

Discovery Client Find Servers on Network using LDS-ME

Use FindServersOnNetwork Service to obtain URLs for specific Server URIs. Note that this Service is available via the Local Discovery Server with multicast extension (LDS-ME).

Client

Discovery Client Find Servers on Network using mDNS

Use mDNS based Service Discovery to locate Servers on the same multicast network. The contents of mDNS records for OPC UA Discovery are described in Part 12.

 

Note that this functionality is only required for Clients when there is no Local Discovery Server with multicast extension (LDS-ME).

The capability identifiers and their use in mDNS records are specified in Part 12.

Client

Discovery Client Find Servers in GDS

Use the QueryServers Method on the GDS Directory Object to locate Servers that meet filter criteria specified in the request. This Method is specified in Part 12.

Client

Discovery Client Find Applications in GDS

Use the QueryApplications Method on the GDS Directory Object to locate Applications that meet filter criteria specified in the request. This Method is specified in Part 12.

Client

Discovery Client Get Endpoints Basic

Uses the GetEndpoints Service to obtain all Endpoints for a given Server URI.

Client

Discovery Client Get Endpoints SessionLess

Uses the GetEndpoints Service with a filter to obtain Endpoints that can be used for SessionLess Service invocation. The filter is the Transport URI extended with the query string "SL". E.g. http://opcfoundation.org/UA-Profile/Transport/https-uajson?SL.

Client

Discovery Client Get Endpoints Dynamic

Detect changes to the Endpoints after an initial GetEndpoints Service call.

Client

Discovery Client Configure Endpoint

Allow specification of an Endpoint without going through the Discovery Service Set.

 

The Session Service Set is composed of multiple ConformanceUnits (see Table 4). The CreateSession, ActivateSession, and CloseSession services are supported as a single unit. All Servers and Clients provide this functionality.

Table 4 – Session Services

Category

Title

Description

Server

Session General Service Behaviour

Implement basic Service behaviour. This includes in particular:

 – checking the authentication token

 – returning the requestHandle in responses

 – returning available diagnostic information as requested with the 'returnDiagnostics' parameter

 – respecting a timeoutHint

Server

Session Base

Support the Session Service Set (CreateSession, ActivateSession, CloseSession) except the use of ActivateSession to change the Session user. This includes correct handling of all parameters that are provided.

Note that for the CreateSession and ActivateSession services, if the SecurityMode = None then:

1) The Application Certificate and Nonce are optional.

2) The signatures are null/empty.

The details of this are described in Part 4.

Server

Session Change User

Support the use of ActivateSession to change the Session user.

Server

Session Cancel

Support the Cancel Service to cancel outstanding requests.

Server

Session Minimum 1

Support minimum 1 Session (total).

Server

Session Minimum 2 Parallel

Support minimum 2 parallel Sessions (total for all Clients).

Server

Session Minimum 50 Parallel

Support minimum 50 parallel Sessions (total for all Clients).

Server

Session Sessionless Invocation

Defines the support of the SessionlessInvoke Service defined in UA Part 4 to process any of the Services (like Read/Write, Browse, or Call) that are designated for Session-less invocation.

Client

Session Client General Service Behaviour

Implement basic Service behaviour. This includes in particular:

 – including the proper authentication token of the Session

 – creating a requestHandle if needed

 – requesting diagnostic information with the 'returnDiagnostics' parameter

 – evaluate the serviceResult and operational results

Client

Session Client Base

Use the Session Service Set (CreateSession, ActivateSession, and CloseSession) except the use of ActivateSession to change the Session user. This includes correct handling of all parameters that are provided

Note that for the CreateSession and ActivateSession services, if the SecurityMode = None then:

1) The Application Certificate and Nonce are optional.

2) The signatures are null/empty.

Client

Session Client Multiple Connections

Support unlimited connections (client side) with multiple Servers. Any limit on numbers of connections is from server side. May have a memory based limit, but not a software constraint limit.

Client

Session Client Renew NodeIds

This ConformanceUnit applies to Clients that allow persisting NodeIds.

Verify that the Namespace Table has not changed for NodeIds that the Client has persisted and is going to re-use beyond a Session lifetime. If changes occurred the Client has to recalculate the Namespace Indices of the respective NodeIds.

Client

Session Client Impersonate

Uses ActivateSession to change the Session user (impersonation).

Client

Session Client KeepAlive

Make periodic requests to keep the Session alive.

Client

Session Client Detect Shutdown

Read or monitor the ServerStatus/State Variable to recognize a potential shutdown of the Server and clean up resources.

Client

Session Client Cancel

Use the Cancel Service to cancel outstanding requests.

Client

Session Client Auto Reconnect

Automatic Client reconnect including:

– ActivateSession with new SecureChannel if SecureChannel is no longer valid but Session is still valid

– Creation of a new Session only if Session is no longer valid

Client

Session Client Single Session

The Client shall interoperate with Servers that only support one Session.

Client

Session Client SessionLess Service Calls

Defines the use of the SessionlessInvoke Service defined in UA Part 4 to request one of the Services (like Read or Browse) that are allowed for sessionless invocation. UA Part 6 specifies which transports may be used and how.

 

The Node Management Service Set is composed of multiple ConformanceUnits (see Table 5). Servers may provide some aspects of this functionality; see Profiles categorized as Server Profiles for details. Clients may support some aspects of this functionality; see Profiles categorized as Client Profiles for details.

Table 5 – Node Management Services

Category

Title

Description

Server

Node Management Add Node

Support the AddNodes Service to add one or more Nodes into the OPC UA AddressSpace.

Server

Node Management Delete Node

Support the DeleteNodes Service to delete one or more Nodes from the OPC UA AddressSpace.

Server

Node Management Add Ref

Support the AddReferences Service to add one or more References to one or more Nodes in the OPC UA AddressSpace.

Server

Node Management Delete Ref

Support the DeleteReferences Service to delete one or more References of a Node in the OPC UA AddressSpace.

Client

Node Management Client

Uses Node Management Services to add or delete Nodes and to add or delete References in Server's OPC UA AddressSpace.

 

The View Service Set is composed of a multiple ConformanceUnits (see Table 6). All Servers support some aspects of this conformance group. Clients may support some aspects of this functionality; see Profiles categorized as Client Profiles for details.

Table 6 – View Services

Category

Title

Description

Server

View Basic

Support the View Service Set (Browse, BrowseNext).

Server

View TranslateBrowsePath

Support TranslateBrowsePathsToNodeIds Service.

Server

View RegisterNodes

Support the RegisterNodes and UnregisterNodes Services as a way to optimize access to repeatedly used Nodes in the Server's OPC UA AddressSpace.

Server

View Minimum Continuation Point 01

Support minimum 1 continuation point per Session.

Server

View Minimum Continuation Point 05

Support minimum 5 continuation points per Session.

This number has to be supported for at least half of the minimum required sessions.

Client

View Client Basic Browse

Uses Browse and BrowseNext Services to navigate through the Server's OPC UA AddressSpace. Make use of the referenceTypeId and the nodeClassMask to specify the needed References.

Client

View Client Remote Nodes Browse

The Client can browse to nodes that have an extended NodeID that reference a Server different than the originating Server. This includes automatic connection to the remote Server. It is acceptable that the Server configuration information be pre-configured on the Client and / or that the user is prompted to connect.

Client

View Client Basic ResultSet Filtering

Makes use of the resultMask parameter to optimize the result set to be returned by the Server.

Client

View Client TranslateBrowsePath

Uses the TranslateBrowsePathsToNodeIds Service to identify the NodeIds for Nodes where a starting Node and a BrowsePath is known. Makes use of bulk operations rather than multiple calls whenever possible.

Client

View Client Remote Nodes Translate Browse

The Client can translate browse paths that include nodes with extended NodeID that reference a Server different than the originating Server and return them as part of the TranslateBrowsePathsToNodeIds Service. It is acceptable that the Server configuration information be pre-configured on the Client.

Client

View Client RegisterNodes

Uses the RegisterNodes Service to optimize access for Nodes that are used repeatedly. Use UnregisterNodes when Nodes are not used anymore.

 

The Attribute Service Set is composed of multiple ConformanceUnits (see Table 7). The majority of the Attribute service set is a core functionality of OPC UA and as such is supported by most Servers. Most Clients will also support some aspects of the Attribute Service Set.

Table 7 – Attribute Services

Category

Title

Description

Server

Attribute Read

Supports the Read Service to read one or more Attributes of one or more Nodes. This includes support of the IndexRange parameter to read a single element or a range of elements when the Attribute value is an array.

Server

Attribute Read Complex

Supports reading and encoding Values with structured DataTypes.

Server

Attribute Write Values

Supports writing to values to one or more Attributes of one or more Nodes.

Server

Attribute Write Complex

Supports writing and decoding Values with structured DataTypes.

Server

Attribute Write StatusCode & Timestamp

Supports writing of StatusCode and Timestamps along with the Value.

Server

Attribute Write Index

Supports the IndexRange to write a single element or a range of elements when the Attribute value is an array and partial updates is allowed for this array.

Server

Attribute Alternate Encoding

Supports alternate Data Encoding when reading value Attributes.

By default, every Server has to support the Data Encoding of the currently used Stack Profile (i.e. binary with UA Binary Encoding and XML with XML Encoding). This ConformanceUnit - when supported - specifies that the other Data Encoding is supported in addition.

Server

Attribute Historical Read

Supports the HistoryRead Service. The details of what aspects of this service are used are listed in additional ConformanceUnits, but at least one of ReadRaw, ReadProcessed, ReadModified, ReadAtTime or ReadEvents must be supported.

Server

Attribute Historical Update

Supports the HistoryUpdate service. The details of the supported features of this service are described by additional ConformanceUnits, but at least one of the following must be supported: InsertData, InsertEvents, ReplaceData, ReplaceEvents, UpdateData, UpdateEvents, DeleteData, DeleteEvents or DeleteAtTime.

Client

Attribute Client Read Base

Use the Read Service to read one or more Attributes of one or more Nodes. This includes use of an IndexRange to select a single element or a range of elements when the Attribute value is an array.

Clients shall use bulk operations whenever possible to reduce the number of Service invocations.

Client

Attribute Client Remote Nodes Attribute Access

The Client can retrieve attributes of nodes that have an extended NodeID that reference a Server different than the originating Server.  This requires a connection to the remote Server for access (not necessarily displayed as a connection). It is acceptable that the Server configuration information be pre-configured on the Client.

Client

Attribute Client Read with proper Encoding

This ConformanceUnit refers to the ability of a Client to discover the available encodings and choose a specific one when calling the Read Service.

Client

Attribute Client Read Complex

Read and decode Values with structured DataTypes.

Client

Attribute Client Write Base

Use the Write Service to write values to one or more Attributes of one or more Nodes. This includes use of an IndexRange to select a single element or a range of elements when the Attribute value is an array.

Clients shall use bulk operations whenever possible to reduce the number of Service invocations.

Client

Attribute Client Write Complex

Write and Encode Values with structured DataTypes.

Client

Attribute Client Write Quality & Timestamp

Use the Write Service to also write StatusCode and/or Timestamps along with a Value.

Client

Attribute Client Historical Read

The Client makes use of the HistoryRead service. The details of which aspect of this service are used are provided by additional ConformanceUnits, but at least one or more of the following is used ReadRaw, ReadAtTime, ReadProcessed, ReadModified or ReadEvents.

Client

Attribute Client Historical Updates

The Client makes use of the HistoryUpdate service. The details of this usage are provided by additional ConformanceUnits, but at least one or more of the following must be provided InsertData, InsertEvents, ReplaceData, ReplaceEvents, UpdateData, UpdateEvents, DeleteData or DeleteEvents or DeleteAtTime.

 

The Method Service Set is composed of ConformanceUnits (see Table 8). The primary ConformanceUnits provide support for the call functionality. Servers may provide some aspects of this functionality; see Profiles categorized as Server Profiles for details. Clients may support some aspects of this functionality; see Profiles categorized as Client Profiles for details.

Table 8 – Method Services

Category

Title

Description

Server

Method Call

Support the Call Service to call (invoke) a Method which includes support for Method Parameters.

Client

Method Client Call

Use the Call Service to call one or several Methods.

 

The MonitoredItem Service Set is composed of multiple ConformanceUnits (see Table 9). Servers may provide some aspects of this functionality; see Profiles categorized as Server Profiles for details. Clients may support some aspects of this functionality; see Profiles categorized as Client Profiles for details.

Table 9 – Monitored Item Services

Category

Title

Description

Server

Monitor Basic

Support the following MonitoredItem Services: CreateMonitoredItems, ModifyMonitoredItems, DeleteMonitoredItems and SetMonitoringMode.

Server

Monitor Value Change

Support creation of MonitoredItems for Attribute value changes. This includes support of the IndexRange to select a single element or a range of elements when the Attribute value is an array.

Server

Monitor Complex Value

Supports monitoring and encoding Values with structured DataTypes.

Server

Monitored Items Deadband Filter

Supports an absolute Deadband filter as a DataChangeFilter for numeric data types.

Server

Monitor Aggregate Filter

Support for Aggregate filters for MonitoredItems. The result of this ConformanceUnit includes a list of Aggregates that are supported as part of the Profile Certificate.

Server

Monitor Alternate Encoding

Support alternate encoding when monitoring value Attributes.

By default, every Server has to support the encoding of the currently used Stack Profile (i.e. binary with UA Binary Encoding and XML with XML Encoding). This ConformanceUnit - when supported - specifies that the other encoding is supported in addition.

Server

Monitor Items 2

Support at least 2 MonitoredItems per Subscription where the size of each MonitoredItem is at least equal to size of Double.

Server

Monitor Items 10

Support at least 10 MonitoredItems per Subscription where the size of each MonitoredItem is at least equal to size of Double.

Server

Monitor Items 100

Support at least 100 MonitoredItems per Subscription.

This number has to be supported for at least half of the required Subscriptions for half of the required Sessions.

Server

Monitor Items 500

Support at least 500 MonitoredItems per Subscription.

This number has to be supported for at least half of the required Subscriptions for half of the required Sessions.

Server

Monitor QueueSize_1

This ConformanceUnit does not require queuing when multiple value changes occur during a "publish period".

I.e. the latest change will be sent in the Notification.

Server

Monitor MinQueueSize_02

Support at least 2 queue entries for MonitoredItems.

Servers often will adapt the queue size to the number of currently MonitoredItems. However, it is expected that Servers support this minimum queue size for at least one third of the supported MonitoredItems.

Server

Monitor MinQueueSize_05

Support at least 5 queue entries for MonitoredItems.

Servers often will adapt the queue size to the number of currently MonitoredItems. However, it is expected that Servers support this minimum queue size for at least one third of the supported MonitoredItems.

Server

Monitor QueueSize_ServerMax

This ConformanceUnit is for events. When the Client requests queuesize=MAXUInt32 the Server is to return the maximum queue size that it can support for event notifications as the revisedQueueSize.

Server

Monitor Triggering

Support the SetTriggering Service to create and/or delete triggering links for a triggering item.

Server

Monitor Events

Support creation of MonitoredItems for an "EventNotifier Attribute" for the purpose of Event Notification. The subscription includes supporting a filter that includes SimpleAttribute Operands and a select list of Operators.  The list of Operators includes: Equals, IsNull, GreaterThan, LessThan, GreaterThanorEqual, LessThatorEqual, Like, Not, Between, InList, And, Or, Cast, BitwiseAnd, BitwiseOr.

Server

Monitor Complex Event Filter

Support for the 'TypeOf' complex Event filter operator.

Client

Monitor Client Value Change

Use the MonitoredItem Service Set to register items for changes in Attribute value.

Use CreateMonitoredItems to register the Node/Attribute tuple. Set proper sampling interval, Deadband filter and queuing mode.

Use disabling / enabling instead of deleting and re-creating a MonitoredItem.

Use bulk operations rather than individual service requests to reduce communication overhead.

Client

Monitor Client Complex Value

Monitor and decode Values with structured DataTypes.

Client

Monitor Client Deadband Filter

Uses Absolute Deadband filters for subscriptions.

Client

Monitor Client by Index

Use the IndexRange to select a single element or a range of elements when the Attribute value is an array.

Client

Monitor Client Aggregate Filter

Uses Aggregate filters for Subscriptions.

Client

Monitor Client Events

Use the MonitoredItem Service Set to create MonitoredItems for Event notifications.

Client

Monitor Client Event Filter

Use the Event filter when calling CreateMonitoredItems to filter the desired Events and to select the columns to be provided for each Event Notification.

Client

Monitor Client Complex Event Filter

Use of the 'TypeOf' complex Event filter operator.

Client

Monitor Client Modify

Use ModifyMonitoredItems Service to change the configuration setting.

Use SetMonitoringMode Service to disable / enable sampling and / or publishing.

Client

Monitor Client Trigger

Use the Triggering Model if certain items are to be reported only if some other item triggers.

Use proper monitoring mode for these items.

Use SetTriggering Service to link these items to the trigger item.

 

The Subscription Service Set is composed of multiple ConformanceUnits (see Table 10). Servers may provide some aspects of this functionality; see Profiles categorized as Server Profiles for details. Clients may support some aspects of this functionality; see Profiles categorized as Client Profiles for details.

Table 10 – Subscription Services

Category

Title

Description

Server

Subscription Basic

Support the following Subscription Services: CreateSubscription, ModifySubscription, DeleteSubscriptions, Publish, Republish and SetPublishingMode.

Server

Subscription Minimum 1

Support at least 1 Subscription per Session.

This number has to be supported for all of the minimum required sessions.

Server

Subscription Minimum 02

Support at least 2 Subscriptions per Session.

This number has to be supported for at least half of the minimum required sessions.

Server

Subscription Minimum 05

Support at least 5 Subscriptions per Session.

This number has to be supported for at least half of the minimum required sessions.

Server

Subscription Publish Min 02

Support at least 2 Publish Service requests per Session.

This number has to be supported for all of the minimum required sessions. Support of a NotificationMessage retransmission queue is not required; if not available the Republish Service returns Bad_MessageNotAvailable.

Server

Subscription Publish Min 05

Support at least 5 Publish Service requests per Session.

This number has to be supported for at least half of the minimum required sessions. Support, as a minimum, the number of Publish requests per session as the size of the NotificationMessage retransmission queue for Republish.

Server

Subscription Publish Min 10

Support at least 10 Publish Service requests per Session.

This number has to be supported for at least half of the minimum required sessions. Support, as a minimum, the number of Publish requests per session as the size of the NotificationMessage retransmission queue for Republish.

Server

Subscription Publish Discard Policy

Respect the specified policy for discarding Publish Service requests. If the maximum number of Publish Service requests has been queued and a new Publish Service request arrives, the "oldest" Publish request has to be discarded by returning the proper error.

Server

Subscription Transfer

Support TransferSubscriptions Service to transfer a Subscription from one Session to another.

Server

Subscription Durable

Support setting Subscriptions in durable mode. This mode requires that collected data and events are stored and delivered even if a Client was disconnected for a longer time or the Server was restarted.

Support one of the “Subscription Durable StorageLevel nnn” ConformanceUnits.

Server

Subscription Durable StorageLevel Small

Support at least 20 monitored items with a queue size of 10000 for each item and where the size of each MonitoredItem is at least equal to size of Double. This requires storage capacity for 200 thousand values of DataType Double.

Server

Subscription Durable StorageLevel Medium

Support at least 100 monitored items with a queue size of 50000 for each item and where the size of each MonitoredItem is at least equal to size of Double. This requires storage capacity for 5 million values of DataType Double.

Server

Subscription Durable StorageLevel High

Support at least 2000 monitored items with a queue size of 200000 for each item and where the size of each MonitoredItem is at least equal to size of Double. This requires storage capacity for 400 million values of DataType Double.

Client

Subscription Client Basic

Use the Subscription and MonitoredItem Service Set as an efficient means to detect changes of Attribute values and / or to receive Event occurrences.

Set appropriate intervals for publishing, keep alive notifications and total Subscription lifetime.

Supply a sufficient number of Publish requests to the Server so that Notifications can be sent whenever a publish timer expires.

Acknowledge received Notifications with subsequent Publish requests.

Client

Subscription Client Fallback

The Client shall interoperate with Servers that do not support Subscriptions, or have exhausted Subscription limits, for Monitoring by using Read Service.

Client

Subscription Client Republish

Evaluate the sequence number in Notifications to detect lost Notifications.

Use Republish to request missing Notifications.

Client

Subscription Client Modify

Allow modification of the Subscription configuration using the ModifySubscription Service.

Client

Subscription Client TransferSubscriptions

The Client supports transferring Subscription from other Clients. This ConformanceUnit is used as part of redundant Clients.

Client

Subscription Client Multiple

Use multiple Subscriptions to reduce the payload of individual Notifications.

Client

Subscription Client Publish Configurable

Send multiple Publish Service requests to assure that the Server is always able to send Notifications.

The number of parallel Publish Service requests per Session shall be configurable.

Client

Subscription Client Durable

Use durable Subscriptions.

 

 

5.3       Transport and communication related features

Table 11 describes security related ConformanceUnits. All of these ConformanceUnits apply equally to both Clients and Servers, where a Client uses the related security unit and a Server supports the use of it. These items are defined in detail in OPC 10000-6. It is recommended that a Server and Client support as many of these options as possible in order to achieve increased levels of interoperability. It is the task of an administrator to determine which of these ConformanceUnits are exposed in a given deployed Server or Client application.

Table 11 – Security

Category

Title

Description

Security

Security User Name Password

The Server supports User Name/Password combination(s). The token will be encrypted if required by the security policy of the User Token Policy or by the security policy of the endpoint. An unencrypted token either requires message encryption or means outside the scope of OPC UA to secure the identity token so that it cannot be retrieved by sniffing the communication. One option would be a secure transport like a VPN.

Security

Security User X509

The Server supports a public/private key pair for user identity. The use of this feature must be able to be enabled or disabled by an administrator.

Security

Security User IssuedToken Kerberos

The Server supports a Kerberos Server token for User Identity. The use of this feature must be able to be enabled or disabled by an Administrator. The use of this token is defined in Kerberos Token Documentation.

The token will be encrypted if required by the security policy of the User Token Policy or by the security policy of the endpoint. An unencrypted token either requires message encryption or means outside the scope of OPC UA to secure the identity token so that it cannot be retrieved by sniffing the communication. One option would be a secure transport like a VPN.

Security

Security User IssuedToken Kerberos Windows

The Server supports the Windows implementation of Kerberos Tokens. This ConformanceUnit only applies if the "Security User IssuedToken Kerberos" is supported.

The token will be encrypted if required by the security policy of the User Token Policy or by the security policy of the endpoint. An unencrypted token either requires message encryption or means outside the scope of OPC UA to secure the identity token so that it cannot be retrieved by sniffing the communication. One option would be a secure transport like a VPN.

Security

Security User JWT IssuedToken

The Server supports a JSON Web Token (JWT) for user identity. Part 6 describes OAuth2 and JWTs in more detail. The use of this feature must be able to be enabled or disabled by an Administrator.

The token will be encrypted if required by the security policy of the User Token Policy or by the security policy of the endpoint. An unencrypted token either requires message encryption or means outside the scope of OPC UA to secure the identity token so that it cannot be retrieved by sniffing the communication. One option would be a secure transport like a VPN.

Security

Security User Anonymous

The Server provides support for Anonymous access. The use of this feature must be able to be enabled or disabled by an Administrator. By default Anonymous access shall be disabled.

Security

Security User Name Password Client

A Client uses a User Name/Password combination.

The token will be encrypted if required by the security policy of the User Token Policy or by the security policy of the endpoint. An unencrypted token either requires message encryption or means outside the scope of OPC UA to secure the identity token so that it cannot be retrieved by sniffing the communication. One option would be a secure transport like a VPN.

Security

Security User X509 Client

A Client uses a public/private key pair for user identity. This includes all validation and trust issues associated with a certificate.

Security

Security User IssuedToken Kerberos Client

A Client uses a Kerberos Server token. The use of this token is defined by the Kerberos documentation.

The token will be encrypted if required by the security policy of the User Token Policy or by the security policy of the endpoint. An unencrypted token either requires message encryption or means outside the scope of OPC UA to secure the identity token so that it cannot be retrieved by sniffing the communication. One option would be a secure transport like a VPN.

Security

Security User IssuedToken Kerberos Windows Client

A Client uses the Windows implementation of Kerberos tokens. This ConformanceUnit only applies if the "Security User IssuedToken Kerberos Client" is supported.

The token will be encrypted if required by the security policy of the User Token Policy or by the security policy of the endpoint. An unencrypted token either requires message encryption or means outside the scope of OPC UA to secure the identity token so that it cannot be retrieved by sniffing the communication. One option would be a secure transport like a VPN.

 

Security

Security User JWT IssuedToken Client

A Client uses a JSON Web Token (JWT) for user identity. Part 6 describes OAuth2 and JWTs in more detail.

The token will be encrypted if required by the security policy of the User Token Policy or by the security policy of the endpoint. An unencrypted token either requires message encryption or means outside the scope of OPC UA to secure the identity token so that it cannot be retrieved by sniffing the communication. One option would be a secure transport like a VPN.

Security

Security Invalid user token

Servers shall take proper measures to protect against attacks on user identity tokens. Such an attack is assumed if repeated connection attempts with invalid user identity tokens happen. See ActivateSession Service in UA Part 4.

Security

Security User JWT Token Policy

The Server supports one or more Endpoints with a UserTokenPolicy that includes a JWT IssuerEndpointUrl as defined in UA Part 6.

For JWT the issuerEndpointUrl is a JSON object that includes all parameters that define the AuthorizationService.

As part of the JWT Token Policy, the Server shall support at least one of the following Authority Profile Conformance Units. The URIs defined in the ConformanceUnit shall be exposed in the authorityProfileURI field of the JWT Token Policy.

Security

Security User JWT Token Policy Client

The Client understands and uses the Authorization Service definition inside the JWT UserTokenPolicy returned with GetEndpoints.

It shall support at least one of the following Authority Profile Conformance Units. The URIs defined in the ConformanceUnit are in the authorityProfileURI field of the JWT Token Policy exposed in Server Endpoints.

Security

OAuth2 Authority Profile

This unit indicates support of OAuth2 over HTTPS to request access tokens.

The URI for the interactions with this authority is "http://opcfoundation.org/UA/Authorization#OAuth2"

Security

OPC UA Authority Profile

This unit indicates support of the OPC UA Methods defined in UA Part 12 to request access tokens.

The URI for the interactions with this authority is "http://opcfoundation.org/UA/Authorization#OPCUA"

Security

Azure Identity Provider Authority Profile

This unit indicates support of the Azure identity provider to request access tokens.

The URI for the interactions with this authority is "http://opcfoundation.org/UA/Authorization#Azure"

Security

Security Certificate Validation

A certificate will be validated as specified in Part 4. This includes among others structure and signature examination. Allowing for some validation errors to be suppressed by administration directive.

Security

Security Default ApplicationInstance Certificate

An application, when installed, has a default ApplicationInstanceCertificate that is valid. The default ApplicationInstanceCertificate shall either be created as part of the installation or installation instructions explicitly describe the process to create and apply a default ApplicationInstanceCertificate to the application.

Security

Security – No Application Authentication

The Server supports being able to be configured for no application authentication, just User authentication and normal encryption/signing:

– Configure Server to accept all certificates

– Certificates are just used for message security (signing and encryption)

– Users level is used for authentication

Security

Security Policy Required

Support at least Security Policy [A] and Security Policy [B].
Support of multiple Security Policies - even obsolete ones - is recommended. This will provide best interoperability and allows the end user to choose the required level of security.

Obsolete Security Policies shall not be enabled / usable without administrative intervention.

Security

Security None CreateSession ActivateSession

When SecurityPolicy=None, the CreateSession and ActivateSession service allow for a NULL/empty signature and do not require Application Certificates or a Nonce.

Security

Security None CreateSession ActivateSession 1.0

The Client can connect to Servers that require a certificate being passed on Session establishment. The Client in this case will first try without a certificate and if this fails present a certificate.

Security

Security TLS General

This ConformanceUnit indicates that at least one of the transport security Profiles for TLS is supported by this application. It is used in TLS transport Profiles, but the choice of transport security profile is optional. The actual used security profile will default to the most secure one.

Security

Security TLS_RSA with AES_256_CBC_SHA256

The connection is established using TLS_RSA_WITH_AES_256_CBC_SHA256. That has a MinAsymmetricKeyLength – 2048, MaxAsymmetricKeyLength – 4096, AsymmetricSignatureAlgorithm – RSA_SHA256. (TLS 1.2)

Security

Security TLS_DHE_RSA with AES_nnn_CBC_SHA256

The connection is established using TLS_DHE_RSA with AES_128_CBC_SHA256 or TLS_DHE_RSA with AES_256_CBC_SHA256. That has a MinAsymmetricKeyLength – 2048, MaxAsymmetricKeyLength – 4096, CertificateSignatureAlgorithm – RSA_SHA256. (TLS 1.2).

Clients and Servers have to support both algorithms.

Security

Security Encryption Required

Encryption is required using the algorithms provided in the security algorithm suite.

Security

Security Signing Required

Signing is required using the algorithms provided in the security algorithm suite.

Security

Security Time Synch – Configuration

Application supports configuring acceptable clock skew.

Security

Security Time Synch – NTP / OS Based support

Application supports time synchronization, either via an implementation of Network Time Protocol (NTP), or via features of a standard operating system.

Security

Security Time Synch – UA based support

An application makes use of the responses header timestamp provided by a configured well know source, such as a Discovery Server to synchronize the time on the application and that this time synchronization occurs periodically. Use of this TimeSyncing can be configured.

Security

Security Administration

Allow configuration of the following Security related items (when they apply).

    * select the allowed User identification policy or policies (e.g. User Name/Password or X509).

    * enable/disable the security policy "None" or other security policies.

    * enable/disable endpoints with MessageSecurityMode SIGN or SIGNANDENCRYPT.

    * set the permitted certification authorities.

    * define how to react to unknown Certificates.

    * allow accepting any valid Certificate

Security

Security Administration – XML Schema

Support the OPC UA defined XML schema for importing and exporting security configuration information. This schema is defined in Part 6.

Security

Security Certificate Administration

Allow a site administrator to be able to assign a site specific ApplicationInstanceCertificate and if desired to configure a site specific Certificate Authority (CA).

Security

Security Role Server Base

Support the User Authorization Information Model defined in UA Parts 3 and 5  - like Roles - and the RolePermissions and UserRolePermissions Attributes.

Security

Security Role Well Known

Support the well-known Roles "ConfigureAdmin" and "SecurityAdmin" with suggested permissions defined in UA Part 3.

Security

Security Role Server IdentityManagement

Allow authorized users to add and/or remove Identities from Roles with the appropriate Methods.

Security

Security Role Server Management

Allow authorized users to create new Roles and/or remove Roles with the appropriate Methods.

Security

Security Role Server Restrict Applications

Support adding applications to a Role with the appropriate Methods so that only these applications can use this Role.

Security

Security Role Server Restrict Endpoints

Support adding Endpoints to a Role with the appropriate Methods. With this restriction a Role is only applied when a Client connects via one of these Endpoints.

Security

Security Role Server DefaultRolePermissions

Allow authorized users to set the DefaultRolePermissions Property for certain NameSpaces. DefaultRolePermissions are applied if no RolePermissions are associated with a Node.

Security

Security Role Server RolePermissions

Allow authorized users to set the RolePermissions Attribute on Nodes.

Security

Security Role Server Authorization

Restrict access based on the configured Roles and permissions.

Security

Security Role Client Base

Understand and use the User Authorization Information Model defined in UA Part 5 and the RolePermissions Attribute.

Security

Security Role Client Management

Support creating new Roles and adding Identities as well as remove Roles or Identities using the appropriate Methods.

Security

Security Role Client Restrict Applications

Use the appropriate Methods to add applications to a Role so that only these applications can use this Role.

Security

Security Role Client Restrict Endpoints

Use the appropriate Methods to add Endpoints to a Role. With this restriction a Role is only applied when a Client connects via one of these Endpoints.

Security

Security Role Client DefaultRolePermissions

Ability to set the DefaultRolePermissions Property for certain NameSpaces. DefaultRolePermissions are applied if no RolePermissions are associated with a Node.

Security

Security Role Client RolePermissions

Support setting the RolePermissions Attribute on Nodes.

Security

Pull Model for Global Certificate and TrustList Management

Use the Certificate Management Services of UA Part 12 for the Pull model to manage Application Instance Certificates and Trust Lists including Revocation Lists.

Security

Push Model for Global Certificate and TrustList Management

Support the Certificate Management Services of UA Part 12 for the Push model to manage Application Instance Certificates and Trust Lists including Revocation Lists.

Security

Pull Model for KeyCredential Service

Use the Methods on an instance of the KeyCredentialServiceType (Pull model) to obtain KeyCredentials as specified in UA Part 12.

Security

Push Model for KeyCredential Service

Support the KeyCredential Services Push model of UA Part 12 to obtain KeyCredentials. This includes support of one or more instances of the KeyCredentialConfigurationType and the Methods to update or delete credentials.

Security

Authorization Service Configuration Server

Support the Object Types defined in Part 12 to allow configuration of information needed to accept Access Tokens when presented by the Client during session establishment. Access Tokens are issued by Authorization Services.

Security

Authorization Service Client

Use the RequestAccessToken Method defined in UA Part 12.

Security

SymmetricSignatureAlgorithm_None

This algorithm does not apply.

Security

SymmetricSignatureAlgorithm_HMAC-SHA1

A keyed hash which is defined in https://tools.ietf.org/html/rfc2104.

The hash algorithm is SHA1 and is described in https://tools.ietf.org/html/rfc3174.

The URI is http://www.w3.org/2000/09/xmldsig#hmac-sha1.

No known exploits exist when using SHA1 with a keyed hash, however, SHA1 was broken in 2017 so use of this algorithm is not recommended.

Security

SymmetricSignatureAlgorithm_HMAC-SHA2-256

A keyed hash used for message authentication which is defined in https://tools.ietf.org/html/rfc2104.

The hash algorithm is SHA2 with 256 bits and described in https://tools.ietf.org/html/rfc4634

 

Security

SymmetricEncryptionAlgorithm_None

This algorithm does not apply.

Security

SymmetricEncryptionAlgorithm_AES128-CBC

The AES encryption algorithm which is defined in http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.197.pdf.

Multiple blocks encrypted using the CBC mode described in http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf.

The key size is 128 bits. The block size is 16 bytes.

The URI is http://www.w3.org/2001/04/xmlenc#aes128-cbc.

Security

SymmetricEncryptionAlgorithm_AES256-CBC

The AES encryption algorithm which is defined in http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.197.pdf.

Multiple blocks encrypted using the CBC mode described in http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf.

The key size is 256 bits. The block size is 16 bytes.

The URI is http://www.w3.org/2001/04/xmlenc#aes256-cbc.

Security

SymmetricEncryptionAlgorithm_AES128-CTR

The AES encryption algorithm which is defined in http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.197.pdf.

Multiple blocks encrypted using the CTR mode described in http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf.

The counter block format is defined in https://tools.ietf.org/html/rfc3686.

The key size is 128 bits. The block size is 16 bytes. The input nonce length is 4 bytes.

The URI is http://opcfoundation.org/UA/security/aes128-ctr.

Security

SymmetricEncryptionAlgorithm_AES256-CTR

The AES encryption algorithm which is defined in http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.197.pdf.

The key size is 256 bits. The block size is 16 bytes.

Multiple blocks encrypted using the CTR mode described in http://nvlpubs.nist.gov/nistpubs/Legacy/SP/nistspecialpublication800-38a.pdf.

The counter block format is defined in https://tools.ietf.org/html/rfc3686.

The key size is 128 bits. The block size is 16 bytes. The input nonce length is 4 bytes.

The URI is http://opcfoundation.org/UA/security/aes256-ctr.

Security

AsymmetricSignatureAlgorithm_None

This algorithm does not apply.

Security

AsymmetricSignatureAlgorithm_RSA- PKCS15-SHA1

The RSA signature algorithm which is defined in https://tools.ietf.org/html/rfc3447.

The RSASSA-PKCS1-v1_5 scheme is used.

The hash algorithm is SHA1 and is described in https://tools.ietf.org/html/rfc3174.

The URI is http://www.w3.org/2000/09/xmldsig#rsa-sha1.

SHA1 was broken in 2017 so this algorithm should not be used.

Security

AsymmetricSignatureAlgorithm_RSA-PKCS15-SHA2-256

The RSA signature algorithm which is defined in https://tools.ietf.org/html/rfc3447.

The RSASSA-PKCS1-v1_5 scheme is used.

The hash algorithm is SHA2 with 256bits and is described in https://tools.ietf.org/html/rfc6234.

The URI is http://www.w3.org/2001/04/xmldsig-more#rsa-sha256.

Security

AsymmetricSignatureAlgorithm_RSA-PSS -SHA2-256

The RSA signature algorithm which is defined in https://tools.ietf.org/html/rfc3447.

The RSASSA-PSS scheme is used.

The hash algorithm is SHA2 with 256bits and is described in https://tools.ietf.org/html/rfc6234.

The mask generation algorithm also uses SHA2 with 256 bits.

The salt length is 32 bytes.

The URI is http://opcfoundation.org/UA/security/rsa-pss -sha2-256.

Security

AsymmetricEncryptionAlgorithm_None

This algorithm does not apply.

Security

AsymmetricEncryptionAlgorithm_RSA-PKCS15

The RSA encryption algorithm which is defined in https://tools.ietf.org/html/rfc3447.

The RSAES-PKCS1-v1_5 scheme is used.

The URI is http://www.w3.org/2001/04/xmlenc#rsa-1_5.

The RSAES-PKCS1-v1_5 scheme has known weaknesses and is not recommended.

Security

AsymmetricEncryptionAlgorithm_RSA-OAEP-SHA1

The RSA encryption algorithm which is defined in https://tools.ietf.org/html/rfc3447.

The RSAES-OAEP scheme is used.

The hash algorithm is SHA1 and is described in https://tools.ietf.org/html/rfc6234.

The mask generation algorithm also uses SHA1.

The URI is http://www.w3.org/2001/04/xmlenc#rsa-oaep.

No known exploits exist when using SHA1 with RSAES-OAEP, however, SHA1 was broken in 2017 so use of this algorithm is not recommended.

Security

AsymmetricEncryptionAlgorithm_RSA-OAEP-SHA2-256

The RSA encryption algorithm which is defined in https://tools.ietf.org/html/rfc3447.

The RSAES-OAEP scheme is used.

The hash algorithm is SHA2 with 256 bits and is described in https://tools.ietf.org/html/rfc6234.

The mask generation algorithm also uses SHA2 with 256 bits.

The URI is http://opcfoundation.org/UA/security/rsa-oaep-sha2-256.

Security

KeyDerivationAlgorithm_None

This algorithm does not apply.

Security

KeyDerivationAlgorithm_P-SHA1

The P_SHA-1 pseudo-random function defined in https://tools.ietf.org/html/rfc4346.

The URI is http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk/p_sha1.

No known exploits exist when using SHA1 with P-SHA-1, however, SHA1 was broken in 2017 so use of this algorithm is not recommended.

Security

KeyDerivationAlgorithm_P-SHA2-256

The P_SHA256 pseudo-random function defined in https://tools.ietf.org/html/rfc5246.

The URI is http://docs.oasis-open.org/ws-sx/ws-secureconversation/200512/dk/p_sha256.

Security

CertificateSignatureAlgorithm_None

This algorithm does not apply.

Security

CertificateSignatureAlgorithm_RSA-PKCS15-SHA2-256

The RSA signature algorithm which is defined in https://tools.ietf.org/html/rfc3447.

The RSASSA-PKCS1-v1_5 scheme is used.

The hash algorithm is SHA2 with 256bits and is described in https://tools.ietf.org/html/rfc6234.

The SHA2 algorithm with 384 or 512 bits may be used instead of SHA2 with 256 bits.

The URI is http://www.w3.org/2001/04/xmldsig-more#rsa-sha256.

Security

CertificateSignatureAlgorithm_RSA-PKCS15-SHA1

The RSA signature algorithm which is defined in https://tools.ietf.org/html/rfc3447.

The RSASSA-PKCS1-v1_5 scheme is used.

The hash algorithm is SHA1 and is described in https://tools.ietf.org/html/rfc3174.

The URI is http://www.w3.org/2000/09/xmldsig#rsa-sha1.

SHA1 was broken in 2017 so this algorithm should not be used.

The SHA2 algorithm with 244, 256, 384 or 512 bits may be used instead of SHA1.

The SHA2 algorithm is described in https://tools.ietf.org/html/rfc6234.

Security

SecurtyPolicy_None_Limits

DerivedSignatureKeyLength: 0

Security

Aes128-Sha256-RsaOaep_Limits

-> DerivedSignatureKeyLength: 256 bits

-> MinAsymmetricKeyLength: 2048 bits

-> MaxAsymmetricKeyLength: 4096 bits

-> SecureChannelNonceLength: 32 bytes

Security

Basic256Sha256_Limits

-> DerivedSignatureKeyLength: 256 bits

-> MinAsymmetricKeyLength: 2048 bits

-> MaxAsymmetricKeyLength: 4096 bits

-> SecureChannelNonceLength: 32 bytes

Security

Aes256-Sha256-RsaPss_Limits

-> DerivedSignatureKeyLength: 256 bits

-> MinAsymmetricKeyLength: 2048 bits

-> MaxAsymmetricKeyLength: 4096 bits

-> SecureChannelNonceLength: 32 bytes

Security

Basic128Rsa15_Limits

-> DerivedSignatureKeyLength: 128 bits

-> MinAsymmetricKeyLength: 1024 bits

-> MaxAsymmetricKeyLength: 2048 bits

-> SecureChannelNonceLength: 16 bytes

Security

Basic256_Limits

-> DerivedSignatureKeyLength: 192 bits

-> MinAsymmetricKeyLength: 1024 bits

-> MaxAsymmetricKeyLength: 2048 bits

-> SecureChannelNonceLength: 32 bytes

 

Table 12 describes protocol and encoding related features that can be profiled. These features are defined in detail in OPC 10000-6. It is recommended that Servers and Clients support as many of these options as possible for greatest interoperability.

Table 12 – Protocol and Encoding

Category

Title

Description

Server

Protocol Reverse Connect Server

Support reverse connectivity by sending a ReverseHello message to a Client. The reverse connect procedure can be applied to several transports as specified in UA Part 6 and shall be supported for all of these that are available in a Server.

Server

Protocol Configuration

Allow administration of the Endpoints and the port number used by the Endpoints.

Client

Protocol Reverse Connect Client

Support reverse connectivity by accepting Reverse Hello messages from Servers and establish a Secure Channel if the URI of the Server is accepted by Client or Client user. The reverse connect procedure can be applied to several transports as specified in UA Part 6 and shall be supported for all of these transports that are supported by the Client.

Transport

Protocol UA TCP

Support the UA TCP transport protocol as defined in UA Part 6.

Transport

Protocol HTTPS

Support the HTTPS protocol as defined in UA Part 6.

Transport

Protocol Web Sockets

Support the WebSocket protocol (WSS) with at least one of the sub-protocols defined in UA Part 6.

Transport

UA Secure Conversation

Support UA Secure Conversation specified in UA Part 6.

Transport

UA Binary Encoding

Support UA Binary Encoding. Values of these data types are encoded in compact binary formats, contiguously and without tagging. I.e. the receiver is assumed to understand the structure it is decoding.

Transport

UA SOAP-XML Encoding

Support Soap V1.2 based Xml Encoding as defined in UA Part 6. The XML elements include all information necessary to convert it back into OPC UA structures of any language.

Transport

JSON Reversible Encoding

Support reversible JSON Encoding as defined in UA Part 6. The JSON object includes all information necessary to convert it back into OPC UA structures of any language.

 

 

5.4       Information Model and AddressSpace related features

Table 13 describes base features related items that can be profiled. For additional information about these items, please refer to OPC 10000-3, OPC 10000-5 and OPC 10000-6. Servers with a larger resource capacity would support most of this functionality, but smaller resource constraint Server may omit some of this functionality. Many Clients would utilize some of this functionality and more robust Clients would utilize most of this functionality.

Table 13 – Base Information

Category

Title

Description

Server

Base Info Core Structure

The Server supports the Server Object, ServerCapabilities and supports the OPC UA AddressSpace structure.

Server

Base Info Server Capabilities

The Server supports publishing of the Server limitation in the ServerCapabilities, including MaxArrayLength, MaxStringLength, MaxNodePerRead, MaxNodesPerWrite, MaxNodesPerSubscription and MaxNodesPerBrowse.

Server

Base Info Progress Events

The Server exposes if generation of Progress events for long running service calls such as HistoryRead or Query is supported. If it is listed as supported in ServerCapabilities, than the actual events are verified.

Server

Base Info Diagnostics

The Server supports the collection of diagnostic information. The EnabledFlag in the ServerDiagnostics Object can be set TRUE and in that case all static and dynamic Objects and Variables for diagnostic data as defined in UA Part 5 are supported.

Server

Base Info System Status

The Server supports generating SystemStatusChangeEventType indicating shutdown of the Server (SourceNode=Server).

Server

Base Info Estimated Return Time

Server supports the EstimatedReturnTime Property. It indicates the time at which the Server is expected to have a ServerStatus.State of RUNNING_0. Clients can use this information to govern the reconnect logic.

Server

Base Info System Status Underlying System

The Server supports generating SystemStatusChangeEventType indicating changes to an Underlying System (SourceNode = Server). This event can also be used to indicate that the OPC UA Server has underlying systems.

Server

Base Info Device Failure

The Server supports generating DeviceFailureEventType indicating changes to individual devices in an underlying system.

Server

Base Info GetMonitoredItems Method

The Server supports obtaining subscription information via GetMonitoredItems Method on the Server object.

Server

Base Info ResendData Method

Support the standard Method ResendData (defined in UA Part 5) to get the latest value of the monitored items of a Subscription.

Server

Base Info Type System

The Server exposes a Type System with DataTypes, ReferenceTypes, ObjectTypes and VariableTypes including all of the OPC UA (namespace 0) types that are used by the Server, as defined in Part 5.  Items that are defined in Namespace 0 but are defined in other specification parts are tested as part of the other information models.

Server

Base Info Custom Type System

The Server supports custom types (i.e. types that are derived from well-known ObjectTypes, VariableTypes, ReferenceTypes or DataTypes). Supporting this conformance unit requires that the custom types with their full inheritance tree are exposed in the AddressSpace.

Server

Base Info Model Change

The Server supports ModelChange Event and NodeVersion Property for all Nodes that the server allows Model changes for.

Server

Base Info Placeholder Modelling Rules

The Server supports defining custom Object or Variables that include the use of OptionalPlaceholder or MandatoryPlaceholder modelling rules.

Server

Base Info SemanticChange

The Server supports SemanticChangeEvent for some Properties. This includes setting the SemanticChange Bit in the status when a semantic change occurs, such as a change in the engineering unit associated with a value.

Server

Base Info EventQueueOverflow EventType

The Server supports the EventQueueOverflowEventType as defined in Part 4.

Server

Base Info OptionSet

The Server supports the VariableType OptionSet.

Server

Base Info ValueAsText

The Server supports the Property ValueAsText for enumerated DataTypes.

Server

Base Info Engineering Units

The Server supports defining Variables that include the Engineering Units Property. This property makes use of the EUInformation data structure. This structure by default represents the UN/CEFACT "Codes for Units of Measurement". If a different EU representation is required then the EUInformation.namespaceUri will indicate the alternate namespace.

Server

Base Info Selection List

The Server supports Variables of the SelectionListType VariableType.

Server

Base Info FileType Base

The Server supports the FileType Object (see Part 5). File writing may be restricted.

Server

Base Info FileType Write

The Server supports the FileType Object, including writing of files. Also included is the support of user access control on FileType Object.

Server

Base Info RequestServerStateChange Method

The Server supports the RequestServerStateChange Method.

Server

Base Info State Machine Instance

Support instances of the StateMachineType or a sub-type in the AddressSpace. Generate Events when significant state changes occur.

At least one GeneratesEvent Reference exists to define the Event(s) triggered on state changes.

Server

Base Info Finite State Machine Instance

Support instances of the FiniteStateMachineType or a sub-type in the AddressSpace.

Server

Base Info Available States and Transitions

Support the Properties AvailableStates and AvailableTransitions defined for the FiniteStateMachineType.

Client

Base Info Client Basic

The Client uses the defined OPC UA AddressSpace.

Access or provide access to Server information like the Server's state, BuildInfo, capabilities, Namespace Table and Type Model.

Client

Base Info Client Honour Operation Limits

The Client shall honour Server limits described in ServerCapabilites Object of Server.

Client

Base Info Event Processing

The Client is able to subscribe for and process base OPC UA Events.

Client

Base Info Client System Status

The Client makes use of SystemStatusChangeEventType to detect server shutdowns.

Client

Base Info Client Estimated Return Time

Client uses the EstimatedReturnTime Property to govern the reconnect logic.

Client

Base Info Client System Status Underlying System

The Client makes use of SystemStatusChangeEventType to detect changes to an Underlying System (SourceNode = Server).

Client

Base Info Client Device Failure

The Client makes use of DeviceFailureEventType to detect failed devices in underlying systems

Client

Base Info Client Progress Events

The Client makes use of ProgressEvents, including checking for their support.

Client

Base Info Client Diagnostics

The Client provides interactive or programmatic access to the Server's diagnostic information.

Client

Base Info Client Type Programming

The Client programmatically process instances of Objects or Variables by using their type definitions. This includes custom DataTypes, ObjectTypes and VariableTypes.

Client

Base Info Client Type Pre-Knowledge

The Client shall interoperate with Servers that do not expose OPC UA Types in AddressSpace.

Client

Base Info Client Remote Nodes

The Client can access Nodes that have an extended NodeID that reference a Server different then the orginating Server. It is acceptable that the Server configuration information be pre-configured on the Client.

Client

Base Info Client Change Events

The Client processes ModelChangeEvents to detect changes in the Server's OPC UA AddressSpace and take appropriate action for a given change.

Client

Base Info Client GetMonitoredItems Method

The Client makes use of GetMonitoredItems Method to recover for communication interruptions and/or to recover subscription information.

Client

Base Data Client ResendData Method

The Client makes use of ResendData Method to fetch the last value of the data monitored items.

Client

Base Info Client Selection List

The Client uses and understands Variables of the SelectionListType VariableType.

Client

Base Info Client FileType Base

The Client can access a FileType Object to transfer a file from the Server to the Client. This includes large files.

Client

Base Info Client FileType Write

The Client can access a FileType Object to transfer a file from the Client to the Server. This includes large files.

Client

Base Info Client RequestServerStateChange

The Client can invoke the RequestServerStateChange Method.

Client

Base Info Client State Machine Instance

Use instances of the StateMachineType or a sub-type. Monitor either the CurrentState component Variable of the instance or the Events triggered as effect of state changes. Use Methods when defined for the StateMachineType to affect the state.

Client

Base Info Client Finite State Machine Instance

Use instances of the FinitStateMachineType or a sub-type. Monitor either the CurrentState component Variable of the instance or the Events triggered as effect of state changes.

Client

Base Info Client Available States and Transitions

Use the Properties AvailableStates and AvailableTransitions when exposed by a Server.

 

Table 14 describes Address Space Model information related items that can be profiled. The details of these model items are defined in OPC 10000-3 and OPC 10000-5. This includes Server Facets that describe what a Server exposes and Client Facets that describe what a Client consumes.

Table 14 – Address Space Model

Category

Title

Description

Server

Address Space Base

Support the NodeClasses with their Attributes and References as defined in Part 3. This includes for instance: Object, ObjectType, Variable, VariableType, References and DataType.

Server

Address Space Atomicity

Support setting the NonatomicRead and NonatomicWrite flags in the AccessLevelEx Attribute for Variable Nodes to indicate whether Read or Write operations can be performed in atomic manner. If the flags are set to '1', atomicity cannot be assured.

Server

Address Space Full Array Only

Support setting the WriteFullArrayOnly flag in the AccessLevelEx Attribute for Variable Nodes of non-scalar data types to indicate whether write operations for an array can be performed with an IndexRange.

Server

Address Space Events

Support OPC UA AddressSpace elements for generating Event notifications. This includes at least one Node with an EventNotifier Attribute set to True (Server Node).

Server

Address Space Complex Data Dictionary

Support structured DataTypes with a Data Dictionary. Note that V1.04 of OPC UA Part 3 specifies a simplified approach using the new DataTypeDefinition Attribute. The "Address Space DataTypeDefinition Attribute" Conformance Unit requires support of the DataTypeDefinition Attribute. Support of a DataDictionary will be deprecated in one of the next OPC UA versions.

Server

Address Space DataTypeDefinition Attribute

Support structured DataTypes and expose the meta data and encoding information with a StructureDefinitionType via the DataTypeDefinition Attribute.

Server

Address Space Method

Support Method Nodes.

Server

Address Space Notifier Hierarchy

Supports using the HasNotifier reference to build a hierarchy of Object Nodes that are notifiers with other notifier Object Nodes.

Server

Address Space Source Hierarchy

Supports hierarchies of event sources where each hierarchy roots in an Object Node that is a notifier. The HasEventSource Reference is used to relate the Nodes within a hierarchy. If Conditions are supported, the hierarchy shall include HasCondition References.

Server

Address Space WriteMask

Supports WriteMask indicating the write access availability for all attributes, including not supported attributes.

Server

Address Space UserWriteMask

Supports UserWriteMask indicating the write access availability for all attributes for the given user, including not supported attributes. Support includes at least two levels of users.

Server

Address Space UserWriteMask Multilevel

Supports UserWriteMask indicating the write access availability for all attributes for the given user, including not supported attributes. This includes supporting multiple levels of access control for all nodes in the system.

Server

Address Space User Access Level Full

Implements User Access Level security, this includes supporting multiple levels of access control for Variable nodes in the system. This includes an indication of read, write, Historical read and Historical write access to the Value Attribute.

Server

Address Space User Access Level Base

Implements User Access Level Security for Variable nodes, this includes at least two users in the system. This includes an indication of read, write, historical read and Historical write access to the value attribute

Client

Address Space Client Base

Uses and understands the NodeClasses with their Attributes and behaviour as defined in Part 3. This includes for instance: Object, ObjectType, Variable, VariableType, References and DataType. This includes treating BrowseNames and String NodeIds as case sensitive.

Client

Address Space Client Atomicity

Access the NonatomicRead or NonatomicWrite flags in the AccessLevelEx Attribute of Variable Nodes to determine whether Read or Write operations can be performed in atomic manner. This information will typically be shown to a user for further action.

Client

Address Space Client Full Array Only

Access the WriteFullArrayOnly flag in the AccessLevelEx Attribute of Variable Nodes with non-scalar data types to determine whether writing to an array with an IndexRange is allowed.

Client

Address Space Client Complex Data Dictionary

Uses and understands arbitrary structured DataTypes via Data Dictionary. Note that V1.04 of OPC UA Part 3 specifies a simplified approach using the new DataTypeDefinition Attribute. The "Address Space Client DataTypeDefinition Attribute" Conformance Unit requires support of the DataTypeDefinition Attribute.

Client

Address Space Client DataTypeDefinition Attribute

Uses and understands arbitrary structured DataTypes where the meta data and encoding information are exposed with the StructureDefinitionType via the DataTypeDefinition Attribute.

Client

Address Space Client Notifier Hierarchy

Uses hierarchy of Object Nodes that are notifiers to detect specific areas where the Client can subscribe for Events.

Client

Address Space Client Source Hierarchy

Detect and use the hierarchy of event sources exposed for specific Object Nodes that are event notifiers.

 

Table 15 describes Data Access information model related items that can be profiled. The details of this model are defined in OPC 10000-8. Servers could expose this information model and Clients could utilize this information model.

Table 15 – Data Access

Category

Title

Description

Server

Data Access DataItems

Provide Variables of DataItemType or one of its subtypes. Support the StatusCodes specified in Part 8. Support of optional Properties (e.g. "InstrumentRange") shall be verified during certification testing and will be shown in the Certificate.

Server

Data Access AnalogItems

Support AnalogItemType Variables with corresponding Properties. The support of optional properties will be listed.

Server

Data Access PercentDeadband

Support PercentDeadband filter when monitoring AnalogItemType Variables.

Server

Data Access Semantic Changes

Support semantic changes of AnalogItemType items (EURange Property and/or EngineeringUnits Property). Support semantic change StatusCode bits where appropriate.

Server

Data Access TwoState

Support TwoStateDiscreteType Variables with corresponding Properties.

Server

Data Access MultiState

Support MultiStateDiscreteType Variables with corresponding Properties.

Server

Data Access MultiStateValueDiscrete

Support MultiStateValueDiscreteType Variables with corresponding Properties.

Server

Data Access ArrayItemType

Provide Variables of ArrayItemType or one of its subtypes (YArrayItemType, XYArrayItemType, ImageArrayType, CubeArrayType and NDimensionArrayType). The supported subtypes will be listed. Support for this type includes supporting all of the mandatory properties including AxisInformation.

Server

Data Access Complex Number

Supports the Complex Number data type. This data type is available for any variable types that do not have other explicit restrictions.

Server

Data Access DoubleComplex Number

Supports the DoubleComplex Number data type. This data type is available for any variable types that do not have other explicit restrictions.

Client

Data Access Client Basic

Understand the DataAccess Variable Types.

Make use of the standard Properties if applicable.

Client

Data Access Client AnalogItems

Understand AnalogItemType Variables with corresponding Properties.

Client

Data Access Client TwoState

Understand TwoStateDiscreteType Variables with corresponding Properties.

Client

Data Access Client MultiState

Understand MultiStateDiscreteType Variables with corresponding Properties.

Client

Data Access Client MultiStateValueDiscrete

Understand MultiStateValueDiscreteType Variables with corresponding Properties.

Client

Data Access Client Deadband

Use PercentDeadband to filter value changes of AnalogItemType Variables.

Client

Data Access Client SemanticChange

Recognize the semantic change bit in the StatusCode while monitoring items and take proper action. Typically, the Client has to re-read Properties that define type-specific semantic like the EURange and EngineeringUnits Properties.

 

Table 16 describes Alarm and Conditions information model related items that can be profiled. The details of this model are defined in OPC 10000-9. Servers that deal with Alarm and Conditions would expose this information model and Clients that process Alarms and Conditions would utilize this information model.

Table 16 – Alarms and Conditions

Category

Title

Description

Server

A & C Basic

Supports Alarm & Condition model ConditionType.

Server

A & C Enable

Supports Enable and Disable Methods.

Server

A & C Refresh

Supports ConditionRefresh Method and the concept of a refresh.

Server

A & C Refresh2

Supports ConditionRefresh2 Method and the concept of a monitored item based refresh.

Server

A & C Instances

Support exposing of A&C Condition instances in the AddressSpace.

Server

A & C ConditionClasses

Supports multiple Condition classes for grouping and filtering of Alarms.

Server

A & C Condition Sub-Classes

Support assigning multiple Condition sub-classes for grouping and filtering of Alarms.

Server

A & C Acknowledge

Supports the Acknowledge concept, Acknowledge Method, and AcknowledgeableCondition Type.

Server

A & C Confirm

Supports the concept of Confirm and the Confirm Method.

Server

A & C Comment

Supports the concept of Comments and the AddComment Method.

Server

A & C Alarm

Supports the mandatory features of the AlarmCondition Type.

Server

A & C Alarm Metrics

Support the collection of alarm metrics data as defined in UA Part 9.

This implies one of more instances of the AlarmMetricsType.

 

Server

A & C Branch

Support for branching of Condition Types and any subtypes, such as AcknowledgeableConditionType and AlarmConditionType etc.

Server

A & C Shelving

Support the concept of shelving and the TimedShelve, OneShotShelve and Unshelve Methods.

Server

A & C Suppression

Support the SuppressedState.

Server

A & C Suppression by Operator

Support the Suppress and UnSuppress Methods to allow an operator control over the SuppressedState.

Server

A & C Silencing

Support the concept of silencing and the Silence Method.

Server

A & C Out Of Service

Support the OutOfService state and the OutOfService Method.

Server

A & C On-Off Delay

Support the OnDelay and OffDelay Properties to eliminate nuisance Alarms.

Server

A & C Re-Alarming

Support the ReAlarmTime and ReAlarmRepeatCount Properties that define automatic re-annunciation of Alarms in certain conditions.

Server

A & C First in Group Alarm

Support the "FirstInGroup" elements for an Alarm, indicating which Alarm of a group was the trigger.

Server

A & C Audible Sound

Support the AudibleSound Property. This Property contains the sound file that is to be played if an audible Alarm is to be generated.

Server

A & C Exclusive Level

Supports Exclusive Level Alarm type.

Server

A & C Exclusive Limit

Supports Exclusive Limit Alarms. A Server that supports this must support at least one of the sub-types: Level, Deviation or RateofChange.

Server

A & C Exclusive Deviation

Supports Exclusive Deviation Alarm type.

Server

A & C Exclusive RateOfChange

Supports Exclusive RateOfChange Alarm type.

Server

A & C Non-Exclusive Limit

Supports Non-Exclusive Limit Alarms. A Server that supports this must support at least one of the sub-types: Level, Deviation or RateofChange.

Server

A & C Non-Exclusive Level

Supports Non-Exclusive Level Alarm type.

Server

A & C Non-Exclusive Deviation

Supports Non-Exclusive Deviation Alarm type.

Server

A & C Non-Exclusive RateOfChange

Supports Non-Exclusive RateOfChange Alarm type.

Server

A & C Discrete

Supports Discrete Alarm types.

Server

A & C OffNormal

Supports OffNormalAlarmType.

Server

A & C SystemOffNormal

Supports SystemOffNormalAlarmType.

Server

A & C Trip

Supports Trip Alarm type.

Server

A & C Discrepancy

Supports Discrepancy Alarm type.

Server

A & C Dialog

Supports DialogConditionType including Respond Method.

Server

A & C CertificateExpiration

Supports CertificateExpirationAlarmType.

Server

A & E Wrapper Mapping

The Server uses the COM A&E mapping specified in the annex of Part 9 to map OPC-COM Events to A&C Events. This includes Condition Class mapping.

Client

A & C Basic Client

Uses the Alarm & Condition model ConditionType.

Client

A & C Enable Client

Uses Enable and Disable Methods.

Client

A & C Refresh Client

Uses ConditionRefresh Method and the concept of a refresh.

Client

A & C Refresh2 Client

Uses ConditionRefresh2 Method and the concept of a monitored item based refresh.

Client

A & C Instances Client

Uses A&C Condition instances when they are exposed in the AddressSpace.

Client

A & C ConditionClasses Client

Uses Condition classes to group Alarms.

Client

A & C Condition Sub-Classes Client

Uses Condition sub-classes to group or filter Alarms.

Client

A & C Acknowledge Client

Understands the Acknowledge concept and the AcknowledgeableCondition Type, and uses the Acknowledge Method if requested.

Client

A & C Confirm Client

Understands the concept of confirming Conditions and uses the Confirm Method.

Client

A & C Comment Client

Understands the concept of Comments and uses the AddComment Method.

Client

A & C Alarm Client

Understands the concept of Alarms and uses the mandatory features of the AlarmCondition Type,

Client

A & C Alarm Metrics Client

Understand and use Alarm metrics data as defined in UA Part 9.

This implies discovery of instances of the AlarmMetricsType that can exist anywhere in the HasNotifier hierarchy.

Client

A & C Branch Client

Can make use of and process Condition Branches, including all actions associated with previous Condition instances.

Client

A & C Shelving Client

Understand the shelving model and use the TimedShelve, OneShotShelve and Unshelve Methods.

Client

A & C Suppression Client

Understand the SuppressedState model.

Client

A & C Suppression by Operator Client

Use the Suppress and UnSuppress Methods to allow an operator control over the SuppressedState.

Client

A & C Silencing Client

Understand the SilencedState model and use the Silence Method.

Client

A & C Out Of Service Client

Understand the OutOfServiceState model and use the OutOfService Method.

Client

A & C On-Off Delay Client

Uses the OnDelay and OffDelay Properties to eliminate nuisance Alarms.

Client

A & C Re-Alarming Client

Understand and use the ReAlarmTime and ReAlarmRepeatCount Properties. Configure the ReAlarmTime Property for automatic re-annunciation of an Alarm. Note that configuration is only possible for Servers that expose Alarm instances.

Client

A & C First in Group Alarm Client

Use the "FirstInGroup" elements for an Alarm to determine which Alarm of a group was the trigger.

Client

A & C Audible Sound Client

Use the AudibleSound Property and - if reported - play the sound file.

Client

A & C Exclusive Level Client

Uses Exclusive Level Alarms.

Client

A & C Exclusive Limit Client

Uses Exclusive Limit Alarms. Requires that at least one of the sub-types be used.

Client

A & C Exclusive Deviation Client

Uses Exclusive Deviation Alarms.

Client

A & C Exclusive RateOfChange Client

Uses Exclusive RateOfChange Alarms.

Client

A & C Non-Exclusive Level Client

Uses Non-Exclusive Level Alarms.

Client

A & C Non-Exclusive Limit Client

Uses Non-Exclusive Limit Alarms. Requires that at least one of the sub-types be used.

Client

A & C Non-Exclusive Deviation Client

Uses Non-Exclusive Deviation Alarms.

Client

A & C Non-Exclusive RateOfChange Client

Uses Non-Exclusive RateOfChange Alarms.

Client

A & C Discrete Client

Uses Discrete Alarm types.

Client

A & C OffNormal Client

Uses OffNormalAlarmType.

Client

A & C SystemOffNormal Client

Uses SystemOffNormalAlarmType.

Client

A & C Trip Client

Uses TripAlarmType.

Client

A & C Discrepancy Client

Uses Discrepancy Alarm type.

Client

A & C Dialog Client

Uses DialogConditionType including Respond Method.

Client

A & C CertificateExpiration Client

Uses CertificateExpirationAlarmType.

 

Table 17 describes Historical Data Access information model related items that can be profiled. The details of this model are defined in OPC 10000-11. Servers that support some level of historical data would expose this information model and Clients that utilize historical data would utilize this information model.

Table 17 – Historical Access

Category

Title

Description

Server

Historical Access Read Raw

General support for basic historical access, reading raw data using the ReadRawModifiedDetails structure. Where the time range is specified using a start time, stop time and number of values (a minimum of two of the three parameters must be provided) and the ReadModified flag is set to False.

Server

Historical Access Data Max Nodes Read Continuation Point

Supports enough continuation points to cover the number of supported points indicated in the MaxNodesPerHistoryReadData Server OperationLimits Property for historical data access.

Server

Historical Access Time Instance

Supports reading historical data at a specified instance in time using the ReadAtTimeDetails structure.

Server

Historical Access Aggregates

Supports reading one or more Aggregates of historical values of Variables using the ReadProcessedDetails structure. At least one of the Aggregates described in Part 13 must be supported.

Server

Historical Access Insert Value

Supports inserting historical values of Variables.

Server

Historical Access Delete Value

Supports deleting historical values of Variables.

Server

Historical Access Update Value

Supports updating historical values of Variables.

Server

Historical Access Replace Value

Supports replacing historical values of Variables.

Server

Historical Access Modified Values

Supports maintaining old values for historical data that have been updated and the retrieval of these values using the ReadRawModifiedDetails structure (ReadModified flag set to true).

Server

Historical Access Annotations

Supports the entry and retrieval of Annotations for historical data. The retrieval is accomplished using the standard historical read raw functionality (ReadRawModifiedDetails). The entry uses the standard historical update (UpdateStructureDataDetails) functionality.

Server

Historical Access ServerTimestamp

Supports providing a ServerTimestamp (as well as the default SourceTimestamp).

Server

Historical Access Structured Data Read Raw

Supports ReadRawModified historical access for structured data. Supporting the structure for an annotation is not considered supporting generic structured data.

Server

Historical Access Structured Data Time Instance

Supports historical access for structured data. Supporting ReadAtTimeDetails for structured data. Supporting the structure for an annotation is not considered supporting generic structured data.

Server

Historical Access Structured Data Insert

Supports historical access for structured data. Inserting Structured data. Supporting the structure for an annotation is not considered supporting generic structured data.

Server

Historical Access Structured Data Delete

Supports historical access for structured data. Delete of existing data. Supporting the structure for an annotation is not considered supporting generic structured data.

Server

Historical Access Structured Data Update

Supports historical access for structured data. Updates of existing data. Supporting the structure for an annotation is not considered supporting generic structured data.

Server

Historical Access Structured Data Replace

Supports replacing structured historical data. Supporting the structure for an annotation is not considered supporting generic structured data.

Server

Historical Access Structured Data Read Modified

Supports maintaining old values for historical structured data that have been updated and the retrieval of these values. Using the ReadRawModifiedDetails structure (ReadModified flag set to true) for structured data. Supporting the structure for an annotation is not considered supporting generic structured data.

Server

Historical Access Events

Supports the retrieval of historical Events using the ReadEventDetails structure. This includes support for simple filtering of Events. The Event fields that are stored are server specific, but at least the mandatory fields of BaseEventType are required.

Server

Historical Access Event Max Events Read Continuation Point

Supports enough continuation points to cover the number of supported Event reads indicated in the MaxNodesPerHistoryReadEvents Server OperationLimits Property for Historical Event access.

Server

Historical Access Insert Event

Supports inserting historical Events.

Server

Historical Access Update Event

Supports updating historical Events.

Server

Historical Access Replace Event

Supports replacing historical Events.

Server

Historical Access Delete Event

Supports deleting of historical Events.

Client

Historical Access Client Browse

Uses the View Service Set to discover Nodes with historical data.

Client

Historical Access Client Read Raw

Uses the HistoryRead Service to read raw historical data using the ReadRawModifiedDetails Structure (ReadModified Flag set to False).

Client

Historical Access Client Read Modified

Uses the HistoryRead Service to read modified historical data using the ReadRawModifiedDetails Structure (ReadModified Flag set to True).

Client

Historical Access Client Read Aggregates

Uses the HistoryRead Service to read Aggregated historical data. This includes using at least one of the Aggregates defined in Part 13.

Client

Historical Access Client Structure Data Raw

Uses the HistoryRead Service to read raw historical data using the ReadRawModifiedDetails Structure (ReadModified Flag set to False) for structured data.

Client

Historical Access Client Structure Data Read Modified

Uses the HistoryRead Service to read modified structured historical data using the ReadRawModifiedDetails Structure (ReadModified Flag set to True).

Client

Historical Access Client Structure Data Insert

Uses the HistoryUpdate Service to insert historical data values for structured data.

Client

Historical Access Client Structure Data Delete

Uses the HistoryUpdate Service to delete historical data values for structured data.

Client

Historical Access Client Structure Data Update

Uses the HistoryUpdate Service to update historical data values for structured data.

Client

Historical Access Client Structure Data Replace

Uses the HistoryUpdate Service to replace historical data values for structured data.

Client

Historical Access Client Structure Data Time Instance

Reads historical data at a specified instance in time for structured data. Using the ReadAtTimeDetails structure.

Client

Historical Access Client Read Events

Uses the HistoryRead Service to read historical Event data using the ReadEventDetails Structure.

Client

Historical Access Client Event Inserts

Uses the HistoryUpdate Service to insert historical Events.

Client

Historical Access Client Event Updates

Uses the HistoryUpdate Service to update historical Events.

Client

Historical Access Client Event Replaces

Uses the HistoryUpdate Service to replace historical Events.

Client

Historical Access Client Event Deletes

Uses the HistoryUpdate Service to delete historical Events.

Client

Historical Access Client Data Insert

Uses the HistoryUpdate Service to insert historical data values.

Client

Historical Access Client Data Delete

Uses the HistoryUpdate Service to delete historical data values.

Client

Historical Access Client Data Update

Uses the HistoryUpdate Service to update historical data values.

Client

Historical Access Client Data Replace

Uses the HistoryUpdate Service to replace historical data values.

Client

Historical Access Client Annotations

Enters and retrieves Annotations of historical data. The retrieval is accomplished using the standard historical read raw functionality (ReadRawModifiedDetails). The entry uses the standard Historical Update (UpdateStructureDataDetails) functionality.

Client

Historical Access Client Time Instance

Reads historical data at a specified instance in time using the ReadAtTimeDetails structure.

Client

Historical Access Client Server Timestamp

Uses the ServerTimestamp (as well as the default SourceTimestamp), if it is provided by the Server.

 

Table 18 describes Aggregate related items that can be profiled. Servers that support the Aggregates would expose this functionality and Clients that utilize Aggregates would implement some of this functionality.

Table 18 – Aggregates

Category

Title

Description

Server

Aggregate Master Configuration

Supports an AggregateConfigurationType Object as part of the HistoricalServerCapabilities (defined in UA Part 11).

Server

Aggregate Historical Configuration

Supports at least one AggregateConfigurationType Object. AggregateConfigurationType Objects occur as part of an HistoricalConfiguration Object, allowing Variable specific configurations.

Server

Aggregate – Interpolative

Supports the Interpolative Aggregate for Historical access.

Server

Aggregate – Average

Supports the Average Aggregate for Historical access.

Server

Aggregate – TimeAverage

Supports the TimeAverage Aggregate for Historical access.

Server

Aggregate – TimeAverage2

Supports the TimeAverage2 Aggregate for Historical access.

Server

Aggregate – Total

Supports the Total Aggregate for Historical access.

Server

Aggregate – Total2

Supports the Total2 Aggregate for Historical access.

Server

Aggregate – Minimum

Supports the Minimum Aggregate for Historical access.

Server

Aggregate – MinimumActualTime

Supports the MinimumActualTime Aggregate for Historical access.

Server

Aggregate – Minimum2

Supports the Minimum2 Aggregate for Historical access.

Server

Aggregate – MinimumActualTime2

Supports the MinimumActualTime2 Aggregate for Historical access.

Server

Aggregate – Maximum

Supports the Maximum Aggregate for Historical access.

Server

Aggregate – MaximumActualTime

Supports the MaximumActualTime Aggregate for Historical access.

Server

Aggregate – Maximum2

Supports the Maximum2 Aggregate for Historical access.

Server

Aggregate – MaximumActualTime2

Supports the MaximumActualTime2 Aggregate for Historical access.

Server

Aggregate – Range

Supports the Range Aggregate for Historical access.

Server

Aggregate – Range2

Supports the Range2 Aggregate for Historical access.

Server

Aggregate – Count

Supports the Count Aggregate for Historical access.

Server

Aggregate – DurationInStateZero

Supports the DurationInStateZero Aggregate for Historical access.

Server

Aggregate – DurationInStateNonZero

Supports the DurationInStateNonZero Aggregate for Historical access.

Server

Aggregate – NumberOfTransitions

Supports the NumberOfTransitions Aggregate for Historical access.

Server

Aggregate – Start

Supports the Start Aggregate for Historical access.

Server

Aggregate – StartBound

Supports the StartBound Aggregate for Historical access.

Server

Aggregate – End

Supports the End Aggregate for Historical access.

Server

Aggregate – EndBound

Supports the EndBound Aggregate for Historical access.

Server

Aggregate – Delta

Supports the Delta Aggregate for Historical access.

Server

Aggregate – DeltaBounds

Supports the DeltaBounds Aggregate for Historical access.

Server

Aggregate – DurationGood

Supports the DurationGood Aggregate for Historical access.

Server

Aggregate – DurationBad

Supports the DurationBad Aggregate for Historical access.

Server

Aggregate – PercentGood

Supports the PercentGood Aggregate for Historical access.

Server

Aggregate – PercentBad

Supports the PercentBad Aggregate for Historical access.

Server

Aggregate – WorstQuality

Supports the WorstQuality Aggregate for Historical access.

Server

Aggregate – WorstQuality2

Supports the WorstQuality2 Aggregate for Historical access.

Server

Aggregate – AnnotationCount

Supports the AnnotationCount Aggregate for Historical access.

Server

Aggregate – StandardDeviationSample

Supports the StandardDeviationSample Aggregate for Historical access.

Server

Aggregate – VarianceSample

Supports the VarianceSample Aggregate for Historical access.

Server

Aggregate – StandardDeviationPopulation

Supports the StandardDeviationPopulation for Historical access.

Server

Aggregate – VariancePopulation

Supports the VariancePopulation for Historical access.

Server

Aggregate – Custom

The Server supports custom Aggregates for Historical access that do not have standard tests defined. These Aggregates are list as untested by this ConformanceUnit.

Server

Aggregate Subscription – Filter

Supports Aggregate subscription filters which requires at least one of the defined Aggregates is supported as defined in Part 13.

Server

Aggregate Subscription – Interpolative

Supports subscription filter for the Interpolative Aggregate.

Server

Aggregate Subscription – Average

Supports subscription filter for the Average Aggregate.

Server

Aggregate Subscription – TimeAverage

Supports subscription filter for the TimeAverage Aggregate.

Server

Aggregate Subscription – TimeAverage2

Supports subscription filter for the TimeAverage2 Aggregate.

Server

Aggregate Subscription – Total

Supports subscription filter for the Total Aggregate.

Server

Aggregate Subscription – Total2

Supports subscription filter for the Total2 Aggregate.

Server

Aggregate Subscription – Minimum

Supports subscription filter for the Minimum Aggregate.

Server

Aggregate Subscription – MinimumActualTime

Supports subscription filter for the MinimumActualTime Aggregate.

Server

Aggregate Subscription – Minimum2

Supports subscription filter for the Minimum2 Aggregate.

Server

Aggregate Subscription – MinimumActualTime2

Supports subscription filter for the MinimumActualTime2 Aggregate.

Server

Aggregate Subscription – Maximum

Supports subscription filter for the Maximum Aggregate.

Server

Aggregate Subscription – MaximumActualTime

Supports subscription filter for the MaximumActualTime Aggregate.

Server

Aggregate Subscription – Maximum2

Supports subscription filter for the Maximum2 Aggregate.

Server

Aggregate Subscription – MaximumActualTime2

Supports subscription filter for the MaximumActualTime2 Aggregate.

Server

Aggregate Subscription – Range

Supports subscription filter for the Range Aggregate.

Server

Aggregate Subscription – Range2

Supports subscription filter for the Range2 Aggregate.

Server

Aggregate Subscription – Count

Supports subscription filter for the Count Aggregate.

Server

Aggregate Subscription – DurationInStateZero

Supports subscription filter for the DurationInStateZero Aggregate.

Server

Aggregate Subscription – DurationInStateNonZero

Supports subscription filter for the DurationInStateNonZero Aggregate.

Server

Aggregate Subscription – NumberOfTransitions

Supports subscription filter for the NumberOfTransitions Aggregate.

Server

Aggregate Subscription – Start

Supports subscription filter for the Start Aggregate.

Server

Aggregate Subscription – StartBound

Supports subscription filter for the StartBound Aggregate.

Server

Aggregate Subscription – End

Supports subscription filter for the End Aggregate.

Server

Aggregate Subscription – EndBound

Supports subscription filter for the EndBound Aggregate.

Server

Aggregate Subscription – Delta

Supports subscription filter for the Delta Aggregate.

Server

Aggregate Subscription – DeltaBounds

Supports subscription filter for the DeltaBounds Aggregate.

Server

Aggregate Subscription – DurationGood

Supports subscription filter for the DurationGood Aggregate.

Server

Aggregate Subscription – DurationBad

Supports subscription filter for the DurationBad Aggregate.

Server

Aggregate Subscription – PercentGood

Supports subscription filter for the PercentGood Aggregate.

Server

Aggregate Subscription – PercentBad

Supports subscription filter for the PercentBad Aggregate.

Server

Aggregate Subscription – WorstQuality

Supports subscription filter for the WorstQuality Aggregate.

Server

Aggregate Subscription – WorstQuality2

Supports subscription filter for the WorstQuality2 Aggregate.

Server

Aggregate Subscription – AnnotationCount

Supports subscription filter for the AnnotationCount Aggregate.

Server

Aggregate Subscription – StandardDeviationSample

Supports subscription filter for the StandardDeviationSample Aggregate.

Server

Aggregate Subscription – VarianceSample

Supports subscription filter for the VarianceSample Aggregate.

Server

Aggregate Subscription – StandardDeviationPopulation

Supports subscription filter for the StandardDeviationPopulation Aggregate.

Server

Aggregate Subscription – VariancePopulation

Supports subscription filter for the VariancePopulation Aggregate.

Server

Aggregate Subscription – Custom

The Server supports subscribing to custom Aggregates that do not have standard tests defined. These Aggregates are listed as untested by this ConformanceUnit.

Client

Aggregate – Client Usage

Uses Historical access to Aggregate which requires at least one of the defined Aggregates is supported as defined in Part 13.

Client

Aggregate – Client Interpolative

Uses Historical access to the Interpolative Aggregate.

Client

Aggregate – Client Average

Uses Historical access to the Average Aggregate.

Client

Aggregate – Client TimeAverage

Uses Historical access to the TimeAverage Aggregate.

Client

Aggregate – Client TimeAverage2

Uses Historical access to the TimeAverage2 Aggregate.

Client

Aggregate – Client Total

Uses Historical access to the Total Aggregate.

Client

Aggregate – Client Total2

Uses Historical access to the Total2 Aggregate.

Client

Aggregate – Client Minimum

Uses Historical access to the Minimum Aggregate.

Client

Aggregate – Client MinimumActualTime

Uses Historical access to the MinimumActualTime Aggregate.

Client

Aggregate – Client Minimum2

Uses Historical access to the Minimum2 Aggregate.

Client

Aggregate – Client MinimumActualTime2

Uses Historical access to the MinimumActualTime2 Aggregate.

Client

Aggregate – Client Maximum

Uses Historical access to the Maximum Aggregate.

Client

Aggregate – Client MaximumActualTime