6 Information Models ToC Previous Next

This chapter describes the identifiers, types and structure of the objects and methods that are used to implement the OPC UA mappers defined in this part. This implementation serves three purposes:

  • support of the safe exchange of SPDUs at runtime
  • online browsing, to identify SafetyConsumers and SafetyProviders, and to check their parameters for diagnostic purposes
  • offline engineering: the information model of one controller can be exported in a standardized file on its engineering system, be imported in another engineering system, and finally deployed on another controller. This allows for a vendor-independent exchange of the communication interfaces of safety applications, e.g., for establishing connections between devices. IMPORTANT NOTE:

Neither online browsing nor offline engineering currently supports any features to detect errors. Hence, no guarantees with respect to functional safety are made. This means that online browsing can only be used for diagnostic purposes, and not for exchanging safety-relevant data. In the context of offline engineering, the programmer of the safety application is responsible for the verification and validation of the safety application. It must be assumed that errors may occur during the transfer of the information model from one engineering system to another.

As a consequence, all type values described in this clause are defined as read-only, i.e., they can not be written by general OPC UA write commands.

6.1 Object and ObjectType Definitions ToC Previous Next

6.1.5 Object SafetyPDUs ToC Previous Next index

This object is mandatory for the profile SafetyProviderPubSubMapper (see and the profile SafetyConsumerPubSubMapper (see It is used by the SafetyProvider to subscribe to the RequestSPDU and to publish the ResponseSPDU. The data type of RequestSPDU is structured in the same way as the input arguments of ReadSafetyData. The data type of ResponseSPDU is structured in the same way as the output arguments of ReadSafetyData.

Both variables have a counterpart within the information model of the SafetyConsumer. The SafetyConsumer publishes the RequestSPDU and subscribes to the ResponseSPDU.

Table 12 – SafetyPDUsType Definition

Attribute Value        
BrowseName SafetyPDUsType        
IsAbstract False        
References Node Class BrowseName DataType TypeDefinition Modelling Rule
Subtype of BaseObjectType          
HasComponent Variable <RequestSPDU> RequestSPDUDataType BaseDataVariableType Mandatory Placeholder
HasComponent Variable <ResponseSPDU> ResponseSPDUDataType BaseDataVariableType Mandatory Placeholder
Conformance Units          

The object SafetyPDUS shall contain exactly one reference to a variable of a type RequestSPDUDataType and exactly one reference to a variable of a subtype of type ResponseSPDUDataType.

For example, Figure 8 shows a distributed safety application with four automation components. It is assumed that Automation Component 1 sends a value to the other three components using three SafetyProviders, each comprising a pair of SafetyPDUs.


Figure 8 – Safety Multicast with three recipients using OPC UA PubSub. For each recipient, there is an individual pair of SafetyPDUs.

Previous Next