7 Certificate Management Overview ToC Previous Next

7.5 Common Information Model ToC Previous Next

7.5.2 TrustListType ToC Previous Next index

This type defines a FileType that can be used to access a Trust List.

The CertificateManager uses this type to implement the Pull Model.

Servers use this type when implementing the Push Model.

An instance of a TrustListType shall restrict access to appropriate users or applications. This may be a CertificateManager administrative user that can change the contents of a Trust List, it may be an Administrative user that is reading a Trust List to deploy to an Application host or it may be an Application that can only access the Trust List assigned to it.

The Trust List file is a UA Binary encoded stream containing an instance of TrustListDataType (see 7.5.7).

The Open Method shall not support modes other than Read (0x01) and the Write + EraseExisting (0x06).

When a Client opens the file for writing the Server will not actually update the Trust List until the CloseAndUpdate Method is called. Simply calling Close will discard the updates. The bit masks in TrustListDataType structure allow the Client to only update part of the Trust List.

When the CloseAndUpdate Method is called the Server will validate all new Certificates and CRLs. If this validation fails the Trust List is not updated and the Server returns the appropriate Certificate error code (see OPC 10000-4).

Table 13 – TrustListType Definition

Attribute Value
BrowseName TrustListType
Namespace CORE (see 3.3)
IsAbstract False

Subtype of the FileType defined in OPC 10000-5.

References NodeClass BrowseName DataType TypeDefinition Modelling Rule
HasProperty Variable LastUpdateTime UtcTime PropertyType Mandatory
HasProperty Variable UpdateFrequency Duration PropertyType Optional
HasComponent Method OpenWithMasks Defined in 7.5.3. Mandatory  
HasComponent Method CloseAndUpdate Defined in 7.5.4. Optional  
HasComponent Method AddCertificate Defined in 7.5.5. Optional  
HasComponent Method RemoveCertificate Defined in 7.5.6. Optional  

The LastUpdateTime indicates when the Trust List was last updated via Trust List Object Methods. This can be used to determine if a device has an up to date Trust List or to detect unexpected modifications. Out of band changes are not necessarily reported by this value.

The UpdateFrequency Property specifies how often the Trust List needs to be checked for changes. When the CertificateManager specifies this value, all Clients that read a copy of the Trust List should connect to the CertificateManager and check for updates to the Trust List within 2 times the UpdateFrequency. If the Trust List Object is contained within a ServerConfiguration Object then this value specifies how frequently the Server expects the Trust List to be updated.

If auditing is supported, the CertificateManager shall generate the TrustListUpdatedAuditEventType (see 7.5.18) if the CloseAndUpdate, AddCertificate or RemoveCertificate Methods are called.

Previous Next