OPC 10000-12: OPC Unified Architecture

Part 12: Discovery and Global Services

Release 1.04
2018-02-07

Copyright (c) 2019 OPC Foundation
Generated on 11/12/2019 2:17:11 PM.

This document is subject to the license terms described here.

This document is a copy of the original which can be found here.

Table of Contents

1 Scope

2 Normative references

3 Terms, definitions, and conventions
    3.1 Terms and definitions
    3.2 Abbreviations and symbols
    3.3 Conventions for Namespaces

4 The Discovery Process
    4.1 Overview
    4.2 Registration and Announcement of Applications
        4.2.1 Overview
        4.2.2 Hosts with a LocalDiscoveryServer
        4.2.3 Hosts without a LocalDiscoveryServer
    4.3 The Discovery Process for Clients to Find Servers
        4.3.1 Overview
        4.3.2 Security
        4.3.3 Simple Discovery with a DiscoveryUrl
        4.3.4 Local Discovery
        4.3.5 MulticastSubnet Discovery
        4.3.6 Global Discovery
        4.3.7 Combined Discovery Process for Clients

5 Local Discovery Server
    5.1 Overview
    5.2 Security Considerations for Multicast DNS

6 Global Discovery Server
    6.1 Overview
    6.2 Network Architectures
        6.2.1 Overview
        6.2.2 Single MulticastSubnet
        6.2.3 Multiple MulticastSubnet
        6.2.4 No MulticastSubnet
        6.2.5 Domain Names and MulticastSubnets
    6.3 Information Model
        6.3.1 Overview
        6.3.2 Directory
        6.3.3 DirectoryType
        6.3.4 FindApplications
        6.3.5 ApplicationRecordDataType
        6.3.6 RegisterApplication
        6.3.7 UpdateApplication
        6.3.8 UnregisterApplication
        6.3.9 GetApplication
        6.3.10 QueryApplications
        6.3.11 QueryServers (depreciated)
        6.3.12 ApplicationRegistrationChangedAuditEventType

7 Certificate Management Overview
    7.1 Overview
    7.2 Pull Management
    7.3 Push Management
    7.4 Provisioning
    7.5 Common Information Model
        7.5.1 Overview
        7.5.2 TrustListType
        7.5.3 OpenWithMasks
        7.5.4 CloseAndUpdate
        7.5.5 AddCertificate
        7.5.6 RemoveCertificate
        7.5.7 TrustListDataType
        7.5.8 TrustListMasks
        7.5.9 TrustListOutOfDateAlarmType
        7.5.10 CertificateGroupType
        7.5.11 CertificateType
        7.5.12 ApplicationCertificateType
        7.5.13 HttpsCertificateType
        7.5.14 UserCredentialCertificateType
        7.5.15 RsaMinApplicationCertificateType
        7.5.16 RsaSha256ApplicationCertificateType
        7.5.17 CertificateGroupFolderType
        7.5.18 TrustListUpdatedAuditEventType
    7.6 Information Model for Pull Certificate Management
        7.6.1 Overview
        7.6.2 CertificateDirectoryType
        7.6.3 StartSigningRequest
        7.6.4 StartNewKeyPairRequest
        7.6.5 FinishRequest
        7.6.6 GetCertificateGroups
        7.6.7 GetTrustList
        7.6.8 GetCertificateStatus
            7.6.8.1 RevokeCertificate
        7.6.9 CertificateRequestedAuditEventType
        7.6.10 CertificateDeliveredAuditEventType
    7.7 Information Model for Push Certificate Management
        7.7.1 Overview
        7.7.2 ServerConfiguration
        7.7.3 ServerConfigurationType
        7.7.4 UpdateCertificate
        7.7.5 ApplyChanges
        7.7.6 CreateSigningRequest
        7.7.7 GetRejectedList
        7.7.8 CertificateUpdatedAuditEventType

8 KeyCredential Management
    8.1 Overview
    8.2 Pull Management
    8.3 Push Management
    8.4 Information Model for Pull Management
        8.4.1 Overview
        8.4.2 KeyCredentialManagement
        8.4.3 KeyCredentialServiceType
        8.4.4 StartRequest
        8.4.5 FinishRequest
        8.4.6 Revoke
        8.4.7 KeyCredentialAuditEventType
        8.4.8 KeyCredentialRequestedAuditEventType
        8.4.9 KeyCredentialDeliveredAuditEventType
        8.4.10 KeyCredentialRevokedAuditEventType
    8.5 Information Model for Push Management
        8.5.1 KeyCredentialConfiguration
        8.5.2 KeyCredentialConfigurationType
        8.5.3 UpdateCredential
        8.5.4 DeleteCredential
        8.5.5 KeyCredentialUpdatedAuditEventType
        8.5.6 KeyCredentialDeletedAuditEventType

9 Authorization Services
    9.1 Overview
    9.2 Implicit
    9.3 Explicit
    9.4 Chained
    9.5 Information Model for Requesting Access Tokens
        9.5.1 Overview
        9.5.2 AuthorizationServices
        9.5.3 AuthorizationServiceType
        9.5.4 RequestAccessToken
        9.5.5 GetServiceDescription
        9.5.6 AccessTokenIssuedAuditEventType
    9.6 Information Model for Configuring Servers
        9.6.1 Overview
        9.6.2 AuthorizationServices
        9.6.3 AuthorizationServiceConfigurationType

Annex A (informative) Deployment and Configuration
    A.1 Firewalls and Discovery
    A.2 Resolving References to Remote Servers

Annex B (normative) Constants
    B.1 Numeric Node Ids

Annex C (normative) OPC UA Mapping to mDNS
    C.1 DNS Server (SRV) Record Syntax
    C.2 DNS Text (TXT) Record Syntax
    C.3 DiscoveryUrl Mapping

Annex D (normative) Server Capability Identifiers

Annex E (normative) DirectoryServices
    E.1 Global Discovery via Other Directory Services
    E.2 UDDI
    E.3 LDAP

Annex F (normative) Local Discovery Server
    F.1 Certificate Store Directory Layout
    F.2 Installation Directories on Windows

Annex G (normative) Application Installation Process
    G.1 Provisioning with Pull Management
    G.2 Provisioning with the Push Management
    G.3 Setting Permissions

Annex H (informative) Comparison with RFC 7030
    H.1 Overview
    H.2 Obtaining CA Certificates
    H.3 Initial Enrolment
    H.4 Client Certificate Reissuance
    H.5 Server Key Generation
    H.6 Certificate Signing Request (CSR) Attributes Request