The parameters are shared between WriterGroupand ReaderGroup.

The parameters are related to PubSub NetworkMessagesecurity. See 5.4.4for an introduction of PubSub security and Clause 8for the definition of the PubSub Security Key Service.

The SecurityModeindicates the level of security applied to the NetworkMessagespublished by a WriterGroupor received by a ReaderGroup. The MessageSecurityMode DataTypeis defined in OPC 10000-4.

The SecurityGroupIdwith DataType Stringis the identifier for a SecurityGroupin the Security Key Server. It is unique within a SKS.

The parameter is null if the SecurityModeis NONE.

If the SecurityModeis not NONEthe SecurityGroupIdidentifies the SecurityGroup. The SecurityGroup defines the SecurityPolicy and the security keys used for the NetworkMessagesecurity. The PubSubGroupdefines the SecurityModefor the NetworkMessagessent by the group.

SecurityKeyServicesis an array of the DataType EndpointDescriptionand definesone or more Security Key Servers(SKS) that manage the security keys for the SecurityGroupassigned to the PubSubGroup. The EndpointDescription DataTypeis defined in OPC 10000-4.

The parameter is null if the SecurityMode is NONE.

Each element in the array is an Endpointfor an SKS that can supply the security keys for theSecurityGroupId. Multiple Endpointsexist because an SKS may have multiple redundant instances. If the SKS supports non-transparent redundancy, each Serverin the redundant set shall have one entry in the array.

The use of the EndpointDescriptionparameters for the SKS selection are defined in Table 31. The main key for the identification of the SKS is the ApplicationUri.

The ApplicationUriis used in the different Serverdiscovery mechanisms to get the OPC UA endpoint information necessary to connect to the SKS.

The combination of SecurityGroupIdand SKS ApplicationUriis the unique key for a SecurityGroupin a PubSubapplication.

Table 31– SecurityKeyService parameter content

Field

Type

Definition for the values

EndpointUrl

String

Shall be null or empty.

Server

ApplicationDescription

The ApplicationDescription DataTypeis defined in OPC 10000-4.

ApplicationUri

String

The ServerUriof the SKS.

ProductUri

String

Can be null or empty.

ApplicationName

LocalizedText

Can be null or empty.

ApplicationType

Enum

ApplicationType

SERVER

The security keys are pulled from the SKS using the Method GetSecurityKeys.

CLIENT

The security keys are pushed from the SKS to the PubSub application using the Method SetSecurityKeys.

CLIENTANDSERVER

Invalid value.

DISCOVERYSERVER

Invalid value.

If the SKS information is sent as part of a discovery announcement message for a WriterGroup, the ApplicationTypeshall be set to SERVER even if the Publisheris configured for push.

GatewayServerUri

String

Shall be null or empty.

DiscoveryProfileUri

String

Shall be null or empty.

DiscoveryUrls []

String

A list of URLs for the DiscoveryEndpointsprovided by the SKS.

ServerCertificate

ApplicationInstance

Certificate

Shall be null or empty.

SecurityMode

MessageSecurityMode

The value shall be SIGNANDENCRYPT.

SecurityPolicyUri

String

ApplicationType SERVER

The URI for SecurityPolicyto use to connect to the SKS.

If the URI is null or empty, the pull access shall use the best available security policy that is also supported by the pull Client.

ApplicationType CLIENT

Shall be null or empty.

UserIdentityTokens []

UserTokenPolicy

ApplicationType SERVER

The user identity tokens that should be used to connect to the SKS.

The default is ANONYMOUS if the array is empty. For ANONYMOUS the authorization for accessing the keys is based on the application authentication.

If the type is USERNAME, a KeyCredentialConfigurationTypeinstance is used to configure user name and password. The ResourceUriof theKeyCredentialConfigurationTypeinstance shall match the ApplicationUriof the SKS. The KeyCredentialConfigurationTypeis defined in OPC 10000-12.

The UserTokenPoliciesare defined in OPC 10000-4.

ApplicationType CLIENT

The array shall be null or empty.

TransportProfileUri

String

Can be null or empty.

SecurityLevel

Byte

Shall be 0.

The MaxNetworkMessageSizewith DataType UInt32indicates the maximum size in bytes for NetworkMessagescreated by the WriterGroup. It refers to the size of the complete NetworkMessageincluding padding and signature without any additional headers added by the transport protocol mapping. If the size of a NetworkMessageexceeds the MaxNetworkMessageSize,the behaviour depends on the message mapping.

The transport protocol mappings defined in 7.3may define restrictions for the maximum value of this parameter.

NOTE The value for the MaxNetworkMessageSizeshould be configured in a way that ensures that NetworkMessagestogether with additional headers added by the transport protocol are still smaller than or equal than the transport protocol MTU.

The GroupPropertiesparameter is an array of DataType KeyValuePairthat specifies additional properties for the configured group. The KeyValuePair DataTypeis defined in OPC 10000-5and consists of a QualifiedNameand a value of BaseDataType.

The mapping of the name and value to concrete functionality may be defined by transport protocol mappings, future versions of this document or vendor-specific extensions.

This Structure DataTypeis an abstract base type for PubSubGroups. The PubSubGroupDataTypeis formally defined in Table 32.

Table 32– PubSubGroupDataType structure

Name

Type

Description

PubSubGroupDataType

Structure

Name

String

The name of the PubSubGroup. The name shall be unique across all writer groups and reader groups of a PubSubConnection.

It is recommended to use a human readable name.

Enabled

Boolean

The enabled state of the PubSubGroup.

SecurityMode

MessageSecurityMode

Defined in 6.2.5.2.

SecurityGroupId

String

Defined in 6.2.5.3.

SecurityKeyServices

EndpointDescription[]

Defined in 6.2.5.4.

MaxNetworkMessageSize

UInt32

Defined in 6.2.5.5.

GroupProperties

KeyValuePair[]

Defined in 6.2.5.6.

The PubSubGroupDataType Structurerepresentation in the AddressSpaceis defined in Table 33.

Table 33– PubSubGroupDataType definition

Attributes

Value

BrowseName

PubSubGroupDataType

IsAbstract

True

Subtype of Structure defined in OPC 10000-5.

Conformance Units

PubSub Parameters Discovery