Provisioning is the initial installation of an OPC UA Server or Client into a system in which a GDS is available and managing all certificates. For applications using Client interface provisioning can be accomplished using a pull model. Applications using the Server interface can be provisioned using the push model.
OPC UA Servers will typically auto-generate a self-signed Certificate when they first start. They may also have a pre-configured Trust List with Applications that are allowed to provision the Server. For example, a device vendor may use a CA that is used to issue Certificates to Applications used by their field technicians.
For embedded devices, the Server should allow any Client that provides the proper Administrator credentials to create the secure connection needed for provisioning using push management. Once the device has been given its initial Trust List the Server should then restrict access to those Clients with Certificates in the Trust List. A vendor specific process for provisioning is required if a device does not allow any Client to connect securely for provisioning.
See G.1 for more specific examples of how to provision an application.