For the purposes of this document the following terms and definitions as well as the terms and definitions given in OPC 10000-1, OPC 10000-2, OPC 10000-3, OPC 10000-4, OPC 10000-6 and OPC 10000-9 apply.

a software application that manages the Certificates used by Applications in an administrative domain.

a context used to manage the TrustList and Certificate(s) associated with Applications or Users.

a PKCS #10 encoded structure used to request a new Certificate from a Certificate Authority.

Note 1 to entry: Devices have hardware based mechanisms, such as a TPM, to protect Private Keys.

a physical address available on a network that allows Servers to initiate a reverse connection.

a software application, or a set of applications, that stores and organizes information about resources such as computers or services.

an Application that maintains a list of OPC UA Applications that are available on the network and provides mechanisms for other OPC UA Applications to obtain this list.

a URL for a network Endpoint that provides the information required to connect to a Client or Server.

a Server that provides numerous services related to discovery and security management.

Note 1 to entry: a GDS may also be a CertificateManager.

Note 2 to entry: a GDS may also be a KeyCredentialService.

Note 3 to entry: a GDS may also be a AuthorizationService.

a Server that provides centrally managed capabilities needed for a system.

Note 4 to entry: a GlobalDiscoveryServer, a CertificateManager, a KeyCredentialService and an AuthorizationService are all examples of GlobalServices.

a unique number assigned to a network interface that allows Internet Protocol (IP) requests to be routed to that interface.

Note 1 to entry: An IPAddress for a host may change over time.

a unique identifier and a secret used to access an AuthorizationService or a Broker.

Note 1 to entry: a user name and password is an example of a KeyCredential.

a software application that provides KeyCredentials needed to access an AuthorizationService or a Broker.

a DiscoveryServer that maintains a list of all Servers that have registered with it.

Note 1 to entry: Servers normally register with the LDS on the same host.

a LocalDiscoveryServer that includes the MulticastExtension.

an extension to a LocalDiscoveryServer that adds support for the mDNS protocol.

a network that allows multicast packets to be sent to all nodes connected to the network.

Note 1 to entry: a MulticastSubnet is not necessarily the same as a TCP/IP subnet.

a named set of rights which cannot be expressed as Permissions granted on Nodes.

Note 1 to entry: For example, a Privilege can be defined when the right to call a Method depends on the parameters passed to the Method.

Note 5 to entry: a Privilege is a document convention that does not appear in the Server AddressSpace.

a workflow where a Client manages its configuration by using a GlobalService.

a workflow where a GlobalService manages a Server’s configuration.

a short identifier which uniquely identifies a set of discoverable capabilities supported by an OPC UA Application.

Note 1 to entry: the list of the currently defined CapabilityIdentifiers is in Annex D.