OPC UA Part 1 - Overview and Concepts 1.02 Specification

OPC UA Specification Part1 OverView and Concepts

®

F O U N D A T I O N

OPC Unified Architecture

Specification

Part 1: Overview and Concepts

Release 1.02

July 10, 2012

OPC UA Specification Part1 OverView and Concepts

OPC Unified Architecture, Part 1 ii Release 1.02

OPC UA Specification Part1 OverView and Concepts

Release 1.02 iii OPC Unified Architecture, Part 1

OPC UA Specification Part1 OverView and Concepts

OPC Unified Architecture, Part 1 ii Release 1.02

CONTENTS

Page

FOREWORD .......................................................................................................................... v i AGREEMENT OF USE ........................................................................................................... v i Revision 1.02 Highlights . (viii)

1Scope (1)

2Reference documents (1)

3Terms, definitions, and abbreviations (1)

3.1OPC UA terms (2)

3.1.1AddressSpace (2)

3.1.2Alarm (2)

3.1.3Attribute (2)

3.1.4Certificate (2)

3.1.5Client (2)

3.1.6Condition (2)

3.1.7Communication Stack (2)

3.1.8Complex Data (2)

3.1.9Discovery (2)

3.1.10Event (2)

3.1.11EventNotifier (3)

3.1.12Information Model (3)

3.1.13Message (3)

3.1.14Method (3)

3.1.15MonitoredItem (3)

3.1.16Node (3)

3.1.17NodeClass (3)

3.1.18Notification (3)

3.1.19NotificationMessage (3)

3.1.20Object (3)

3.1.21Object Instance (3)

3.1.22ObjectType (4)

3.1.23Profile (4)

3.1.24Program (4)

3.1.25Reference (4)

3.1.26ReferenceType (4)

3.1.27RootNode (4)

3.1.28Server (4)

3.1.29Service (4)

3.1.30Service Set (4)

3.1.31Session (4)

3.1.32Subscription (4)

3.1.33Variable (5)

3.1.34View (5)

3.2Abbreviations and symbols (5)

4Structure of the OPC UA series (6)

4.1Specification Organization (6)

OPC UA Specification Part1 OverView and Concepts

Release 1.02 iii OPC Unified Architecture, Part 1

4.2Core Specification Parts (6)

4.3Access Type Specification Parts (7)

4.4Utility Specification Parts (7)

5Overview (8)

5.1UA Scope (8)

5.2Introduction (8)

5.3Design goals (8)

5.4Integrated models and services (10)

5.4.1Security model (10)

5.4.2Integrated AddressSpace model (11)

5.4.3Integrated object model (11)

5.4.4Integrated services (11)

5.5Sessions (12)

5.6Redundancy (12)

6Systems concepts (12)

6.1Overview (12)

6.2OPC UA Clients (13)

6.3OPC UA Servers (13)

6.3.1Real objects (14)

6.3.2OPC UA Server application (14)

6.3.3OPC UA AddressSpace (14)

6.3.4Publisher/subscriber entities (15)

6.3.5OPC UA Service Interface (15)

6.3.6Server to Server interactions (15)

7Service Sets (17)

7.1General (17)

7.2Discovery Service Set (17)

7.3SecureChannel Service Set (17)

7.4Session Service Set (18)

7.5NodeManagement Service Set (18)

7.6View Service Set (18)

7.7Query Service Set (18)

7.8Attribute Service Set (18)

7.9Method Service Set (19)

7.10MonitoredItem Service Set (19)

7.11Subscription Service Set (19)

OPC UA Specification Part1 OverView and Concepts

OPC Unified Architecture, Part 1 iv Release 1.02

FIGURES

Figure 1 – OPC UA Specification Organization (6)

Figure 2 – OPC UA Target Applications (9)

Figure 3 – OPC UA System Architecture (12)

Figure 4 – OPC UA Client Architecture (13)

Figure 5 – OPC UA Server Architecture (14)

Figure 6 – Peer-to-peer interactions between Servers (16)

Figure 7 – Chained Server Example (16)

Figure 8 –SecureChannel and Session Services (18)

OPC UA Specification Part1 OverView and Concepts

Release 1.02 v OPC Unified Architecture, Part 1

TABLES

No table of figures entries found.

OPC UA Specification Part1 OverView and Concepts

OPC Unified Architecture, Part 1 vi Release 1.02

OPC FOUNDATION

____________

UNIFIED ARCHITECTURE –

FOREWORD

This specification is the specification for developers of OPC UA applications. The specification is a result of an analysis and design process to develop a standard interface to facilitate the development of applications by multiple vendors that shall inter-operate seamlessly together.

Copyright © 2006-2012, OPC Foundation, Inc.

AGREEMENT OF USE

COPYRIGHT RESTRICTIONS

Any unauthorized use of this specification may violate copyright laws, trademark laws, and communications regulations and statutes. This document contains information which is protected by copyright. All R ights Reserved. No part of this work covered by copyright herein may be reproduced or used in any form or by any means--graphic, electronic, or mechanical, including photocopying, recording, taping, or information storage and retrieval systems--without permission of the copyright owner.

OPC Foundation members and non-members are prohibited from copying and redistributing this specification. All copies must be obtained on an individual basis, directly from the OPC Foundation Web site

.

HTU UTH

PATENTS

The attention of adopters is directed to the possibility that compliance with or adoption of OPC specifications may require use of an invention covered by patent rights. OPC shall not be res ponsible for identifying patents for which a license may be required by any OPC specification, or for conducting legal inquiries into the legal validity or scope of those patents tha t are brought to its attention. OPC specifications are prospective and advisory only. Prospective users are responsible for protecting themselves against liability for infringement of patents.

WARRANTY AND LIABILITY DISCLAIMERS

WHILE THIS PUBLICATION IS BELIEVED TO BE ACCURATE, IT IS PROVIDED "AS IS" AND MAY CONTAIN ERRORS OR MISPRINTS. THE OPC FOUDATION MAKES NO WARRANTY OF ANY KIND, EXPRESSED OR IMPLIED, WITH REGARD TO THIS PUBLICATION, INCLUDING BUT NOT LIMITED TO ANY WARRANTY OF TITLE OR OWNERSHIP, IMPLIED WARRANTY OF MERCHANTABILITY OR WARRANTY OF FITNESS FOR A PARTICULAR PU RPOSE OR USE. IN NO EVENT SHALL THE OPC FOUNDATION BE LIABLE FOR ERRORS CONTAINED HEREIN OR FOR DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL, RELIANCE OR COVER DAMAGES, INCLUDING LOSS OF PROFITS, REVENUE, DATA OR USE, INCURRED BY ANY USER OR ANY THIRD PARTY IN CONNECTION WITH THE FURNISHING, PERFORMANCE, OR USE OF THIS MATERIAL, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.

The entire risk as to the quality and performance of software developed using this specification is borne by you.

RESTRICTED RIGHTS LEGEND

This Specification is provided with Restricted Rights. Use, duplication or disclosure by the U.S. government is subject to restrictions as set forth in (a) this Agreement pursuant to DFARs 227.7202-3(a); (b) subparagraph (c)(1)(i) of the Rights in Technical Data and Computer Software clause at DFARs 252.227-7013; or (c) the Commercial Computer Software Restricted Rights clause at FAR 52.227-19 subdivision (c)(1) and (2), as applicable. Contractor / manufacturer are the OPC Foundation,. 16101 N. 82nd Street, Suite 3B, Scottsdale, AZ, 85260-1830

OPC UA Specification Part1 OverView and Concepts

Release 1.02 vii OPC Unified Architecture, Part 1 COMPLIANCE

The OPC Foundation shall at all times be the sole entity that may authorize developers, suppliers and sellers of hardware and software to use certification marks, trademarks or other speci al designations to indicate compliance with these materials. Products developed using this specification may claim compliance or conformance with this specification if and only if the software satisfactorily meets the certification requirements set by the OPC Foundation. Products that do not meet these requirements may claim only that the product was based on this specification and must not claim compliance or conformance with this specification.

TRADEMARKS

Most computer and software brand names have trademarks or registered trademarks. The individual trademarks have not been listed here.

GENERAL PROVISIONS

Should any provision of this Agreement be held to be void, invalid, unenforceable or illegal by a court, the validity and enforceability of the other provisions shall not be affected thereby.

This Agreement shall be governed by and construed under the laws of the State of Minnesota, excluding its choice or law rules.

This Agreement embodies the entire understanding between the parties with respect to, an d supersedes any prior understanding or agreement (oral or written) relating to, this specification.

ISSUE REPORTING

The OPC Foundation strives to maintain the highest quality standards for its published specifications, hence they undergo constant review and refinement. Readers are encouraged to report any issues and view any existing errata here: HTU /errata UTH

OPC UA Specification Part1 OverView and Concepts

OPC Unified Architecture, Part 1 viii Release 1.02

Revision 1.02 Highlights

This revision includes various minor clarifications and additions. The following table includes the Mantis issues resolved with this revision.

OPC UA Specification Part1 OverView and Concepts

Release 1.02 1 OPC Unified Architecture, Part 1

OPC Unified Architecture Specification

Part 1: Overview and Concepts

1 Scope

Part 1 presents the concepts and overview of the OPC Unified Architecture (OPC UA). Reading this document is helpful to understand the remaining Parts of this multi-part document set. Each of the other parts is briefly explained along with a suggested reading order. This Part is non-normative.

2 Reference documents

The OPC UA Specification is organized as a multi-part document. While describing the concepts, this part will refer to these parts of the specification:

Part 2: OPC UA Specification: Part 2 – Security Model

/UA/Part2/

Part 3: OPC UA Specification: Part 3 – Address Space Model

/UA/Part3/

Part 4: OPC UA Specification: Part 4 – Services

/UA/Part4/

Part 5: OPC UA Specification: Part 5 – Information Model

/UA/Part5/

Part 6: OPC UA Specification: Part 6 – Mappings

/UA/Part6/

Part 7: OPC UA Specification: Part 7 – Profiles

/UA/Part7/

Part 8: OPC UA Specification: Part 8 – Data Access

/UA/Part8/

Part 9: OPC UA Specification: Part 9 – Alarms and Conditions

/UA/Part9/

Part 10: OPC UA Specification: Part 10 – Programs

/UA/Part10/

Part 11: OPC UA Specification: Part 11 – Historical Access, Version 1.01 or later /UA/Part11/

Part 12: OPC UA Specification: Part 12 – Discovery

/UA/Part12/

Part 13: OPC UA Specification: Part 13 - Aggregates

/UA/Part13/

3 Terms, definitions, and abbreviations

For the purposes of this specification, the following definitions apply.

OPC UA Specification Part1 OverView and Concepts

OPC Unified Architecture, Part 1 2 Release 1.02 3.1 OPC UA terms

3.1.1 AddressSpace

The collection of information that an OPC UA Server makes visible to its Clients. See Part 3 for a description of the contents and structure of the Server AddressSpace.

3.1.2 Alarm

A type of Event associated with a state condition that typically requires acknowledgement. See Part 9 for a description of Alarms.

3.1.3 Attribute

A primitive characteristic of a Node. All Attributes are defined by OPC UA, and may not be defined by Clients or Servers. Attributes are the only elements in the AddressSpace permitted to have data values.

3.1.4 Certificate

A digitally signed data structure that describes capabilities of a Client or Server.

3.1.5 Client

A software application that sends Messages to OPC UA Servers conforming to the Services specified in this set of specifications.

3.1.6 Condition

A generic term that is an extension to an Event. A Condition represents the conditions of a system or one of its components and always exists in some state.

3.1.7 Communication Stack

A layered set of software modules between the application and the hardware that provides various functions to encode, encrypt and format a Message for sending, and to decode, decrypt and unpack

a Message that was received.

3.1.8 Complex Data

Data that is composed of elements or more than one primitive data type, such as a structure.

3.1.9 Discovery

The process by which OPC UA Clients obtain information about OPC UA Servers, including endpoint and security information.

3.1.10 Event

A generic term used to describe an occurrence of some significance within a system or system component.

OPC UA Specification Part1 OverView and Concepts

Release 1.02 3 OPC Unified Architecture, Part 1

3.1.11 EventNotifier

A special Attribute of a Node that signifies that a Client may subscribe to that particular Node to receive Notifications of Event occurrences.

3.1.12 Information Model

An organizational framework that defines, characterizes and relates information resources of a given system or set of systems. The core address space model supports the representation of Information Models in the AddressSpace. See Part 5 for a description of the base OPC UA Information Model.

3.1.13 Message

The data unit conveyed between Client and Server that represents a specific Service request or response.

3.1.14 Method

A callable software function that is a component of an Object.

3.1.15 MonitoredItem

A Client-defined entity in the Server used to monitor Attributes or EventNotifiers for new values or Event occurrences and generate Notifications for them.

3.1.16 Node

The fundamental component of an AddressSpace.

3.1.17 NodeClass

The class of a Node in an AddressSpace. NodeClasses define the metadata for the components of the OPC UA Object Model. They also define constructs, such as Views, that are used to organize the AddressSpace.

3.1.18 Notification

The generic term for data that announces the detection of an Event or of a changed Attribute value. Notifications are sent in NotificationMessages.

3.1.19 NotificationMessage

A Message published from a Subscription that contains one or more Notifications.

3.1.20 Object

A Node that represents a physical or abstract element of a system. Objects are modelled using the OPC UA Object Model. Systems, subsystems and devices are examples of Objects. An Object may be defined as an instance of an ObjectType.

3.1.21 Object Instance

A synonym for Object. Not all Objects are defined by ObjectTypes.

OPC UA Specification Part1 OverView and Concepts

OPC Unified Architecture, Part 1 4 Release 1.02

3.1.22 ObjectType

A Node that represents the type definition for an Object.

3.1.23 Profile

A specific set of capabilities, defined in Part 7, to which a Server may claim conformance. Each Server may claim conformance to more than one Profile.

3.1.24 Program

An executable Object that, when invoked, immediately returns a response to indicate that execution has started, and then returns intermediate and final results through Subscriptions identified by the Client during invocation.

3.1.25 Reference

An explicit relationship (a named pointer) from one Node to another. The Node that contains the Reference is the source Node, and the referenced Node is the target Node. All References are defined by ReferenceTypes.

3.1.26 ReferenceType

A Node that represents the type definition of a Reference. The ReferenceType specifies the semantics of a Reference. The name of a ReferenceType identifies how source Nodes are related to target Nodes and generally reflects an operation between the two, such as “A Contains B”.

3.1.27 RootNode

The beginning or top Node of a hierarchy. The RootNode of the OPC UA AddressSpace is defined in Part 5.

3.1.28 Server

A software application that implements and exposes the Services specified in this set of specifications.

3.1.29 Service

A Client-callable operation in an OPC UA Server.Services are defined in Part 4. A Service is similar to a method call in a programming language or an operation in a Web services WSDL contract.

3.1.30 Service Set

A group of related Services.

3.1.31 Session

A logical long-running connection between a Client and a Server. A Session maintains state information between Service calls from the Client to the Server.

3.1.32 Subscription

A Client-defined endpoint in the Server, used to return Notifications to the Client. Generic term that describes a set of Nodes selected by the Client(1) that the Server periodically monitors for the

OPC UA Specification Part1 OverView and Concepts

Release 1.02 5 OPC Unified Architecture, Part 1 existence of some condition, and (2) for which the Server sends Notifications to the Client when the condition is detected.

3.1.33 Variable

A Variable is a Node that contains a value.

3.1.34 View

A specific subset of the AddressSpace that is of interest to the Client.

3.2 Abbreviations and symbols

A&E Alarms and Events

API Application Programming Interface

COM Component Object Model

DA Data Access

DCS Distributed Control System

DX Data Exchange

HDA Historical Data Access

HMI Human-Machine Interface

LDAP Lightweight Directory Access Protocol

MES Manufacturing Execution System

OPC OPC Foundation (a non-profit industry association)

PLC Programmable Logic Controller

SCADA Supervisory Control And Data Acquisition

SOAP Simple Object Access Protocol

UA Unified Architecture

UDDI Universal Description, Discovery and Integration

UML Unified Modelling Language

WSDL Web Services Definition Language

XML Extensible Mark-up Language

OPC UA Specification Part1 OverView and Concepts

OPC Unified Architecture, Part 1 6 Release 1.02 4 Structure of the OPC UA series

4.1 Specification Organization

This specification is organized as a multi-part specification, as illustrated in Figure 1.

Figure 1 – OPC UA Specification Organization

The first seven parts specify the core capabilities of OPC UA. These core capabilities define the structure of the OPC AddressSpace and the Services that operate on it. Parts 8 through 11 apply these core capabilities to specific types of access previously addre ssed by separate OPC COM specifications, such as Data Access (DA), Alarms and Events (A&E) and Historical Data Access (HDA). Part 12 describes Discovery mechanisms for OPC UA and Part 13 describes ways of aggregating data.

Readers are encouraged to read Parts 1 through 5 of the core specifications before reading Parts 8 through 13. For example, a reader interested in UA Data Access should read Parts 1 through 5 and 8. References in Part 8 may direct the reader to other parts of this specification.

4.2 Core Specification Parts

Part 1 – Overview and Concepts

Part 1 (this Part) presents the concepts and overview of OPC UA.

Part 2 – Security Model

Part 2 describes the model for securing interactions between OPC UA Clients and OPC UA Servers. Part 3 – Address Space Model

Part 3 describes the contents and structure of the Server’s AddressSpace.

Part 4 – Services

OPC UA Specification Part1 OverView and Concepts

Release 1.02 7 OPC Unified Architecture, Part 1 Part 4 specifies the Services provided by OPC UA Servers.

Part 5 – Information Model

Part 5 specifies the types and their relationships defined for OPC UA Servers.

Part 6 – Mappings

Part 6 specifies the mappings to transport protocols and data encodings supported by OPC UA.

Part 7 – Profiles

Part 7 specifies the Profiles that are available for OPC Clients and Servers. These Profiles provide groups of Services or functionality that can be used for conformance level certification. Servers and Clients will be tested against the Profiles.

4.3 Access Type Specification Parts

Part 8 – Data Access

Part 8 specifies the use of OPC UA for data access.

Part 9 – Alarms and Conditions

Part 9 specifies use of OPC UA support for access to Alarms and Conditions. The base system includes support for simple Events; this specification extends that support to include support for Alarms and Conditions.

Part 10 – Programs

Part 10 specifies OPC UA support for access to Programs.

Part 11 – Historical Access

Part 11 specifies use of OPC UA for historical access. This access includes both historical data and historical Events.

4.4 Utility Specification Parts

Part 12 – Discovery

Part 12 specifies how Discovery Servers operate in different scenarios and describes how UA Clients and Servers should interact with them. It also defines how UA related information should be accessed using common directory service protocols such as UDDI and LDAP.

Part 13 – Aggregates

Part 13 specifies how to compute and return aggregates like minimum, maximum, average etc. Aggregates can be used with current and historical data. .

OPC UA Specification Part1 OverView and Concepts

OPC Unified Architecture, Part 1 8 Release 1.02 5 Overview

5.1 UA Scope

OPC UA is applicable to manufacturing software in application areas such as Field Devices, Control Systems, Manufacturing Execution Systems and Enterprise Resource Planning Systems. These systems are intended to exchange information and to use command and control for industrial processes. OPC UA defines a common infrastructure model to facilitate this information exchange OPC UA specifies the following:

?The information model to represent structure, behaviour and semantics.

?The message model to interact between applications.

?The communication model to transfer the data between end-points.

?The conformance model to guarantee interoperability between systems.

5.2 Introduction

OPC UA is a platform-independent standard through which various kinds of systems and devices can communicate by sending Messages between Clients and Servers over various types of networks. It supports robust, secure communication that assures the identity of Clients and Servers and resists attacks. OPC UA defines sets of Services that Servers may provide, and individual Servers specify to Clients what Service sets they support. Information is conveyed using OPC UA-defined and vendor-defined data types, and Servers define object models that Clients can dynamically discover. Servers can provide access to both current and historical data, as well as Alarms and Events to notify Clients of important changes. OPC UA can be mapped onto a variety of communication protocols and data can be encoded in various ways to trade off portability and efficiency.

5.3 Design goals

OPC UA provides a consistent, integrated AddressSpace and service model. This allows a single OPC UA Server to integrate data, Alarms and Events, and history into its AddressSpace, and to provide access to them using an integrated set of Services. These Services also include an integrated security model.

OPC UA also allows Servers to provide Clients with type definitions for the Objects accessed from the AddressSpace. This allows information models to be used to describe the contents of the AddressSpace. OPC UA allows data to be exposed in many different formats, including binary structures and XML documents. The format of the data may be defined by OPC, other standard organizations or vendors. Through the AddressSpace, Clients can query the Server for the metadata that describes the format for the data. In many cases, Clients with no pre-programmed knowledge of the data formats will be able to determine the formats at runtime and properly utilize the data.

OPC UA adds support for many relationships between Nodes instead of being limited to just a single hierarchy. In this way, an OPC UA Server may present data in a variety of hierarchies tailored to the way a set of Clients would typically like to view the data. This flexibility, combined with support for type definitions, makes OPC UA applicable to a wide array of problem domains. As illustrated below, OPC UA is not targeted at just the SCADA, PLC and DCS interface, but also as a way to provide greater interoperability between higher level functions.

OPC UA Specification Part1 OverView and Concepts

Release 1.02 9 OPC Unified Architecture, Part 1

Figure 2 – OPC UA Target Applications

OPC UA is designed to provide robustness of published data. A major feature of all OPC servers is the ability to publish data and Event Notifications. OPC UA provides mechanisms for Clients to quickly detect and recover from communication failures associated with these transfers without having to wait for long timeouts provided by the underlying protocols.

OPC UA is designed to support a wide range of Servers, from plant floor PLCs to enterprise Servers. These Servers are characterized by a broad scope of size, performance, execution platforms and functional capabilities. Therefore, OPC UA defines a comprehensive set of capabilities, and Servers may implement a subset of these capabilities. To promote interoperability, OPC UA defines subsets, referred to as Profiles, to which Servers may claim conformance. Clients can then discover the Profiles of a Server, and tailor their interactions with that Server based on the Profiles. Profiles are defined in Part 7.

The OPC UA specifications are layered to isolate the core design from the underlying computing technology and network transport. This allows OPC UA to be mapped to future technologies as necessary, without negating the basic design. Mappings and data encodings are described in Part 6. Two data encodings are defined:

?XML/text

?UA Binary

In addition, three transport protocols are defined:

?OPC UA TCP

?SOAP/HTTP

?HTTPS

Clients and Servers that support multiple transports and encodings will allow the end users to make decisions about tradeoffs between performance and XML Web service compatibility at the time of deployment, rather than having these tradeoffs determined by the OPC vendor at the time of pr oduct definition.

OPC UA Specification Part1 OverView and Concepts

OPC Unified Architecture, Part 1 10 Release 1.02 OPC UA is designed as the migration path for OPC clients and servers that are based on Microsoft COM technology. Care has been taken in the design of OPC-UA so that existing data exposed by OPC COM servers (DA, HDA and A&E) can easily be mapped and exposed via OPC UA. Vendors may choose to migrate their products natively to OPC UA or use external wrappers to convert from OPC COM to OPC UA and vice-versa. Each of the previous OPC specifications defined its own address space model and its own set of Services. OPC UA unifies the previous models into a single integrated address space with a single set of Services.

5.4 Integrated models and services

5.4.1 Security model

5.4.1.1 General

OPC UA security is concerned with the authentication of Clients and Servers, the authentication of users, the integrity and confidentiality of their communications, and the verifiability of claims of functionality. It does not specify the circumstances under which various security mechanisms are required. That specification is crucial, but it is made by the designers of the system at a given site and may be specified by other standards.

Rather, OPC UA provides a security model, described in Part 2, in which security measures can be selected and configured to meet the security needs of a given installation. This model includes security mechanisms and parameters. In some cases, the mechanism for exchanging security parameters is defined, but the way that applications use these parameters is not. This framework also defines a minimum set of security Profiles that all UA Servers support, even though they may not be used in all installations. Security Profiles are defined in Part 7.

5.4.1.2 Discovery and Session establishment

Application level security relies on a secure communication channel that is active for the duration of the application Session and ensures the integrity of all Messages that are exchanged. This means users need to be authenticated only once, when the application Session is established. The mechanisms for discovering OPC UA Servers and establishing secure communication channels and application Sessions are described in Part 4 and Part 6. Additional information about the Discovery process is described in Part 12.

When a Session is established, the Client and Server applications negotiate a secure communications channel. Software Certificates are utilized to identify the Client and Server and the capabilities that they provide. Authority-generated software Certificates indicate the OPC UA Profiles that the applications implement and the OPC UA certification level reached for each Profile1. The details of each Profile and the Certificates are specified in Part 7. Certificates issued by other organizations may also be exchanged during Session establishment.

The Server further authenticates the user and authorizes subsequent requests to access Objects in the Server. Authorization mechanisms, such as access control lists, are not specified by the OPC UA specification. They are application or system-specific.

5.4.1.3 Auditing

OPC UA includes support for security audit trails with traceability between Client and Server audit logs. If a security-related problem is detected at the Server, the associated Client audit log entry can be located and examined. OPC UA also provides the capability for Servers to generate Event Notifications that report auditable Events to Clients capable of processing and logging them. OPC UA defines security audit parameters that can be included in audit log entries and in audit Event Notifications. Part 5 defines the data types for these parameters. Not all Servers and Clients provide all of the auditing features. Profiles, found in Part 7, indicate which features are supported.

1 The OPC Foundation is an OPC UA Certificate Authority.

OPC UA Specification Part1 OverView and Concepts

Release 1.02 11 OPC Unified Architecture, Part 1

5.4.1.4 Transport security

OPC UA security complements the security infrastructure provided by most web service capable platforms.

Transport level security can be used to encrypt and sign Messages. Encryption and signatures protect against disclosure of information and protect the integrity of Messages. Encryption capabilities are provided by the underlying communications technology used to exchange Messages between OPC UA applications. Part 7 defines the encryption and signature algorithms to be used for

a given Profile.

5.4.2 Integrated AddressSpace model

The set of Objects and related information that the OPC UA Server makes available to Clients is referred to as its AddressSpace. The OPC UA AddressSpace represents its contents as a set of Node s connected by References.

Primitive characteristics of Node s are described by OPC-defined Attributes. Attributes are the only elements of a Server that have data values. Data types that define attribute values may be simple or complex.

Node s in the AddressSpace are typed according to their use and their meaning. NodeClasses define the metadata for the OPC UA AddressSpace. Part 3 defines the OPC UA NodeClasses.

The Base NodeClass defines Attributes common to all Node s, allowing identification, classification and naming. Each NodeClass inherits these Attributes and may additionally define its own Attributes. To promote interoperability of Clients and Servers, the OPC UA AddressSpace is structured hierarchically with the top levels the same for all Servers. Although Node s in the AddressSpace are typically accessible via the hierarchy, they may have References to each other, allowing the AddressSpace to represent an interrelated network of Node s. The model of the AddressSpace is defined in Part 3.

OPC UA Servers may subset the AddressSpace into Views to simplify Client access. Clause 6.3.3.3 describes AddressSpace Views in more detail.

5.4.3 Integrated object model

The OPC UA Object Model provides a consistent, integrated set of NodeClasses for representing Objects in the AddressSpace. This model represents Objects in terms of their Variables,Events and Methods, and their relationships with other Objects. Part 3 describes this model.

The OPC UA object model allows Servers to provide type definitions for Objects and their components. Type definitions may be subclassed. They also may be common or they may be system-specific. ObjectTypes may be defined by standards organizations, vendors or end-users. This model allows data, Alarms and Events, and their history to be integrated into a single OPC UA Server. For example, OPC UA Servers are able to represent a temperature transmitter as an Object that is composed of a temperature value, a set of alarm parameters, and a corresponding set of alarm limits.

5.4.4 Integrated services

The interface between OPC UA Clients and Servers is defined as a set of Services. These Services are organized into logical groupings called Service Sets. Service Sets are discussed in Clause 7 and specified in Part 4.

本文来源：https://www.bwwdw.com/article/2nt1.html