UA Part 14: PubSub - 8.4.1 SecurityGroupType definition

The SecurityGroupType is formally defined in Table 186.

The configuration parameter RolePermissions contained in the SecurityGroupDataType controls the access to the security keys for the SecurityGroup through the Method GetSecurityKeys. The GetSecurityKeys Method is defined in 8.3.2. The Permission to access the keys is different to the Permission necessary to modify the configuration of SecurityGroups.

Table 186 – SecurityGroupType definition

Attribute	Value
BrowseName	SecurityGroupType
IsAbstract	False
References	NodeClass	BrowseName	DataType	TypeDefinition	ModellingRule
Subtype of BaseObjectType defined in OPC 10000-5.
HasProperty	Variable	SecurityGroupId	String	PropertyType	Mandatory
HasProperty	Variable	KeyLifetime	Duration	PropertyType	Mandatory
HasProperty	Variable	SecurityPolicyUri	String	PropertyType	Mandatory
HasProperty	Variable	MaxFutureKeyCount	UInt32	PropertyType	Mandatory
HasProperty	Variable	MaxPastKeyCount	UInt32	PropertyType	Mandatory
HasComponent	Method	InvalidateKeys	Defined in 8.4.2.		Optional
HasComponent	Method	ForceKeyRotation	Defined in 8.4.3.		Optional
Conformance Units
PubSub Model SKS

The Property KeyLifetime defines the lifetime of a key in milliseconds.

The Property SecurityPolicyUri is the identifier for a SecurityPolicy. SecurityPolicies define the set of algorithms and key lengths used to secure the messages exchanged in the context of the SecurityGroup. The SecurityPolicies are defined in OPC 10000-7.

The Property MaxFutureKeyCount defines the maximum number of future keys returned by the Method GetSecurityKeys.

The Property MaxPastKeyCount defines the maximum number of historical keys stored by the SKS. The historical keys are necessary to allow Subscribers to request keys for older NetworkMessages.