## 9.1.3.1 Overview

Figure 38 depicts the PublishSubscribeType and the components used to represent the PublishSubscribe Object.

Figure 38 – PublishSubscribe Object Types Overview

The PublishSubscribe Object is the root node for all PubSub related configuration Objects. It is an instance of the PublishSubscribeType and a component of the Server Object.

The PublishSubscribeType contains the entry point for PublishedDataSet configuration, the entry point for PubSub connections. In addition, it provides Methods for connection management.

## 9.1.3.2 PublishSubscribeType

An instance of this ObjectType represents the root Object for all PubSub related configuration and metadata Objects. The one instance of this ObjectType that represents the root Object is defined in 8.4. The ObjectType is formally defined in Table 103.

Table 103 – PublishSubscribeType Definition

Attribute Value
BrowseName PublishSubscribeType
IsAbstract False
References Node Class BrowseName DataType TypeDefinition Modelling Rule
Subtype of PubSubKeyServiceType defined in 8.2.

HasPubSubConnection Object <ConnectionName>   PubSubConnectionType OptionalPlaceholder
HasComponent Method SetSecurityKeys Defined in 9.1.3.3. Optional
HasComponent Method AddConnection Defined in 9.1.3.4. Optional
HasComponent Method RemoveConnection Defined in 9.1.3.5. Optional
HasComponent Object PublishedDataSets   DataSetFolderType Mandatory
HasComponent Object Status   PubSubStatusType Mandatory
HasComponent Object Diagnostics   PubSubDiagnosticsRootType Optional
HasProperty Variable SupportedTransportProfiles String[] PropertyType Mandatory

The PublishSubscribeType ObjectType is a concrete type and can be used directly.

The configured connection Objects are added as components to the instance of the PublishSubscribeType. Connection Objects may be configured with product specific configuration tools or added and removed through the Methods AddUadpConnection, AddBrokerConnection and RemoveConnection. The PubSubConnectionType is defined in 9.1.5.2. The HasPubSubConnection ReferenceType is defined in 9.1.3.6.

The PublishedDataSets Object contains the configured PublishedDataSets. The DataSetFolderType is defined in 9.1.4.5.1. The DataSetFolderType can be used to build a tree of DataSetFolders.

The Status Object provides the current operational status of the PublishSubscribe functionality. The PubSubStatusType is defined in 9.1.10. The state machine for the status and the relation to other PubSub Objects like PubSubConnection, PubSubGroup, DataSetWriter and DataSetReader are defined in 6.2.1.

The Diagnostics Object provides the current diagnostic information for the PublishSubscribe Object. The PubSubDiagnosticsRootType is defined in 9.1.11.7.

The SupportedTransportProfiles Property provides a list of TransportProfileUris supported by the Server. The TransportProfileUris are defined in OPC 10000-7.

## 9.1.3.3 SetSecurityKeys

This Method is used to push the security keys for a SecurityGroup into a Publisher or Subscriber. It is used if Publisher or Subscriber have no OPC UA Client functionality.

Encryption is required for this Method. The Method shall return Bad_SecurityModeInsufficient if the communication is not encrypted.

Signature

SetSecurityKeys (
[in]	String 		SecurityGroupId
[in]	String 		SecurityPolicyUri
[in]	IntegerId 		CurrentTokenId
[in]	ByteString 		CurrentKey
[in]	ByteString[]	FutureKeys
[in]	Duration 		TimeToNextKey
);


Argument Description
SecurityGroupId The identifier for the SecurityGroup.
SecurityPolicyUri The URI for the set of algorithms and key lengths used to secure the messages. The SecurityPolicies are defined in OPC 10000-7.
CurrentTokenId The SecurityTokenId that appears in the header of messages secured with the CurrentKey. It starts at 1 and is incremented by 1 each time the KeyLifetime elapses even if no keys are requested. If the CurrentTokenId increments past the maximum value of UInt32 it restarts a 1.If the PubSub Object has key material from previous SetSecurityKeys Method calls, the CurrentTokenId is used to match the existing list with the fetched list and to eliminate duplicates.If the CurrentTokenId is unknown, the existing list shall be discarded and replaced.
CurrentKey The current key used to secure the messages. This key is not used directly since the protocol associated with the PubSubGroup(s) specifies an algorithm to generate distinct keys for different types of cryptography operations.
FutureKeys An ordered list of future keys that are used when the KeyLifetime elapses. The SecurityTokenId associated with the first key in the list is 1 more than the CurrentTokenId. All following keys have a SecurityTokenId that is incremented by 1 for every key returned.
TimeToNextKey The time, in milliseconds, before the CurrentKey is expected to expire. If a Publisher uses this Method to get the keys from a SKS, the TimeToNextKey and KeyLifetime are used to calculate the time the Publisher shall use the next key. The TimeToNextKey defines the time when to switch from CurrentKey to FutureKeys and the KeyLifetime defines when to switch from one future key to the next future key.For a Subscriber the TimeToNextKey and KeyLifetime are used to calculate the time the Subscriber must expect that the Publishers use the next key. Due to network latency, out of order delivery and the use of keys for several Publishers, a Subscriber must expect some overlap time where NetworkMessages are received that are using the previous or the next key.TimeToNextKey and KeyLifetime are also used to calculate the time until Publisher and Subscriber must fetch new keys.
KeyLifetime The lifetime of a key in milliseconds.The returned keys may expire earlier if the keys are discarded for some reason. An unplanned key rotation is indicated in the NetworkMessage header before the next key is used to give the Subscriber some time to fetch new keys.If the CurrentTokenId in the message is not recognized the receiver shall call this Method again to get new keys.

Method Result Codes

ResultCode Description
Bad_NotFound The SecurityGroupId is unknown.
Bad_UserAccessDenied The caller is not allowed to set the keys for the SecurityGroup.
Bad_SecurityModeInsufficient The communication channel is not using encryption.

## 9.1.3.4 AddConnection Method

This Method is used to add a new PubSubConnection Object to the PublishSubscribe Object.

The Client shall be authorized to modify the configuration for the PubSub functionality when invoking this Method on the Server.

Signature

AddConnection (
[in]	PubSubConnectionDataType	Configuration
[out]	NodeId				ConnectionId
);


Argument Description
Configuration Configuration parameters for the PubSubConnection. The parameters and the PubSubConnectionDataType are defined in 6.2.6.
ConnectionId The NodeId of the new connection.

Method Result Codes

ResultCode Description
Bad_InvalidArgument The Server is not able to apply the name. The name may be too long or may contain invalid character.
Bad_BrowseNameDuplicated An Object with the name already exists.
Bad_ResourceUnavailable The Server has not enough resources to add the PubSubConnection Object.
Bad_UserAccessDenied The Session user is not allowed to create a PubSubConnection Object.

## 9.1.3.5 RemoveConnection Method

This Method is used to remove a PubSubConnection Object from the PublishSubscribe Object.

A successful removal of the PubSubConnection Object removes all associated group, DataSetWriter and DataSetReader Objects. Before the Objects are removed, their state is set to Disabled_0.

The Client shall be authorized to modify the configuration for the PubSub functionality when invoking this Method on the Server.

Signature

RemoveConnection (
[in]	NodeId	ConnectionId
);


Argument Description
ConnectionId NodeId of the PubSubConnection Object to remove from the Server

Method Result Codes

ResultCode Description
Bad_NodeIdUnknown The ConnectionId is unknown.
Bad_UserAccessDenied The Session user is not allowed to delete the PubSubConnection Object.

## 9.1.3.6 HasPubSubConnection

The HasPubSubConnection ReferenceType is a concrete ReferenceType that can be used directly. It is a subtype of the HasComponent ReferenceType.

The SourceNode of References of this type shall be the PublishSubscribe Object defined in 8.4.

The TargetNode of this ReferenceType shall be an Object of type PubSubConnectionType defined in 9.1.5.2.

The representation of the HasPubSubConnection ReferenceType in the AddressSpace is specified in Table 104.

Table 104 – HasPubSubConnection ReferenceType

Attributes Value
BrowseName HasPubSubConnection
InverseName PubSubConnectionOf
Symmetric False
IsAbstract False
References NodeClass BrowseName Comment
Subtype of HasComponent defined in OPC 10000-5.