OPC Unified Architecture Specification - Part 12: Discovery (IEC 62541-12:2020)

This part of IEC 62541 specifies how OPC Unified Architecture (OPC UA) Clients and Servers
interact with DiscoveryServers when used in different scenarios. It specifies the requirements
for the LocalDiscoveryServer, LocalDiscoveryServer-ME and GlobalDiscoveryServer. It also
defines information models for Certificate management, KeyCredential management and
Authorization Services.

OPC Unified Architecture - Teil 12: Erkundung und globale Dienste (IEC 62541-12:2020)

Architecture unifiée OPC - Partie 12: Services globaux et de découverte (IEC 62541-12:2020)

IEC 62541-12:2020 spécifie la manière dont les Clients et les Serveurs de l'Architecture Unifiée OPC (OPC UA) interagissent avec les DiscoveryServers lorsqu'ils sont utilisés dans différents scénarios. Elle définit les exigences pour le LocalDiscoveryServer, le LocalDiscoveryServer-ME et le GlobalDiscoveryServer. Elle définit également les modèles d'information pour la gestion des Certificats, la gestion des KeyCredentials et les Services d'Autorisation.

Enotna arhitektura OPC - 12. del: Razkritje in globalne storitve (IEC 62541-12:2020)

General Information

Status
Published
Public Enquiry End Date
08-Nov-2018
Publication Date
05-Nov-2020
Current Stage
6060 - National Implementation/Publication (Adopted Project)
Start Date
24-Aug-2020
Due Date
29-Oct-2020
Completion Date
06-Nov-2020

Buy Standard

Standard
SIST EN IEC 62541-12:2020
English language
107 pages
sale 10% off
Preview
sale 10% off
Preview

e-Library read for
1 day

Standards Content (sample)

SLOVENSKI STANDARD
SIST EN IEC 62541-12:2020
01-december-2020

Enotna arhitektura OPC - 12. del: Razkritje in globalne storitve (IEC 62541-12:2020)

OPC Unified Architecture Specification - Part 12: Discovery (IEC 62541-12:2020)

OPC Unified Architecture - Teil 12: Erkundung und globale Dienste (IEC 62541-12:2020)

Architecture unifiée OPC - Partie 12: Services globaux et de découverte (IEC 62541-

12:2020)
Ta slovenski standard je istoveten z: EN IEC 62541-12:2020
ICS:
25.040.40 Merjenje in krmiljenje Industrial process
industrijskih postopkov measurement and control
35.240.50 Uporabniške rešitve IT v IT applications in industry
industriji
SIST EN IEC 62541-12:2020 en,fr,de

2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
SIST EN IEC 62541-12:2020
---------------------- Page: 2 ----------------------
SIST EN IEC 62541-12:2020
EUROPEAN STANDARD EN IEC 62541-12
NORME EUROPÉENNE
EUROPÄISCHE NORM
August 2020
ICS 25.040.40
English Version
OPC unified architecture - Part 12: Discovery and global
services
(IEC 62541-12:2020)

Architecture unifiée OPC - Partie 12: Services globaux et de OPC Unified Architecture - Teil 12: Erkundung und globale

découverte Dienste
(IEC 62541-12:2020) (IEC 62541-12:2020)

This European Standard was approved by CENELEC on 2020-07-21. CENELEC members are bound to comply with the CEN/CENELEC

Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration.

Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC

Management Centre or to any CENELEC member.

This European Standard exists in three official versions (English, French, German). A version in any other language made by translation

under the responsibility of a CENELEC member into its own language and notified to the CEN-CENELEC Management Centre has the

same status as the official versions.

CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic,

Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the

Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland,

Turkey and the United Kingdom.
European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung
CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels

© 2020 CENELEC All rights of exploitation in any form and by any means reserved worldwide for CENELEC Members.

Ref. No. EN IEC 62541-12:2020 E
---------------------- Page: 3 ----------------------
SIST EN IEC 62541-12:2020
EN IEC 62541-12:2020 (E)
European foreword

The text of document 65E/711/FDIS, future edition 1 of IEC 62541-12, prepared by SC 65E "Devices

and integration in enterprise systems" of IEC/TC 65 "Industrial-process measurement, control and

automation" was submitted to the IEC-CENELEC parallel vote and approved by CENELEC as

EN IEC 62541-12:2020.
The following dates are fixed:

• latest date by which the document has to be implemented at national (dop) 2021-04-21

level by publication of an identical national standard or by endorsement

• latest date by which the national standards conflicting with the (dow) 2023-07-21

document have to be withdrawn

Attention is drawn to the possibility that some of the elements of this document may be the subject of

patent rights. CENELEC shall not be held responsible for identifying any or all such patent rights.

Endorsement notice

The text of the International Standard IEC 62541-12:2020 was approved by CENELEC as a European

Standard without any modification.
---------------------- Page: 4 ----------------------
SIST EN IEC 62541-12:2020
EN IEC 62541-12:2020 (E)
Annex ZA
(normative)
Normative references to international publications
with their corresponding European publications

The following documents are referred to in the text in such a way that some or all of their content

constitutes requirements of this document. For dated references, only the edition cited applies. For

undated references, the latest edition of the referenced document (including any amendments)

applies.

NOTE 1 Where an International Publication has been modified by common modifications, indicated by (mod), the relevant

EN/HD applies.

NOTE 2 Up-to-date information on the latest versions of the European Standards listed in this annex is available here:

www.cenelec.eu.
Publication Year Title EN/HD Year
IEC/TR 62541-1 - OPC unified architecture - Part 1: Overview CLC/TR 62541-1 -
and concepts
IEC/TR 62541-2 - OPC unified architecture - Part 2: Security CLC/TR 62541-2 -
model
IEC 62541-3 - OPC Unified Architecture - Part 3: Address - -
Space Model
IEC 62541-4 - OPC Unified Architecture - Part 4: Services - -
IEC 62541-5 - OPC Unified Architecture - Part 5: - -
Information Model
IEC 62541-6 - OPC Unified Architecture - Part 6: Mappings - -
IEC 62541-7 - OPC unified architecture - Part 7: Profiles - -
IEC 62541-9 - OPC Unified Architecture - Part 9: Alarms - -
and Conditions
IEC 62541-14 - OPC Unified Architecture - Part 14: PubSub - -
X.500: ISO/IEC 2017 Information technology - Open Systems
9594-1 Interconnection - The Directory - Part 1:
Overview of concepts, models and services
IETF RFC 1035 - Domain Names - Implementation and - -
Specification
IETF RFC 2986 - PKCS #10: Certification Request Syntax - -
Specification Version 1.7
IETF RFC 3927 - Dynamic Configuration of IPv4 Link-Local - -
Addresses
---------------------- Page: 5 ----------------------
SIST EN IEC 62541-12:2020
EN IEC 62541-12:2020 (E)
IETF RFC 5958 - Asymmetric Key Packages - -
IETF RFC 6762 - mDNS: Multicast DNS - -
IETF RFC 6763 - DNS-SD: DNS Based Service Discovery - -
IETF RFC 7030 - Enrollment over Secure Transport - -
PKCS #12 - Personal Information Exchange Syntax - -
DI - OPC Unified Architecture for Devices (DI) - -
ADI - OPC Unified Architecture for Analyzer - -
Devices (ADI)
PLCopen - OPC Unified Architecture / PLCopen - -
Information Model
FDI - OPC Unified Architecture for FDI - -
ISA-95 - ISA-95 Common Object Model - -
---------------------- Page: 6 ----------------------
SIST EN IEC 62541-12:2020
IEC 62541-12
Edition 1.0 2020-06
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
OPC unified architecture –
Part 12: Discovery and global services
Architecture unifiée OPC –
Partie 12: Services globaux et de découverte
INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
COMMISSION
ELECTROTECHNIQUE
INTERNATIONALE
ICS 25.040.40 ISBN 978-2-8322-8455-1

Warning! Make sure that you obtained this publication from an authorized distributor.

Attention! Veuillez vous assurer que vous avez obtenu cette publication via un distributeur agréé.

® Registered trademark of the International Electrotechnical Commission
Marque déposée de la Commission Electrotechnique Internationale
---------------------- Page: 7 ----------------------
SIST EN IEC 62541-12:2020
– 2 – IEC 62541-12:2020 © IEC 2020
CONTENTS

FOREWORD ........................................................................................................................... 8

1 Scope ............................................................................................................................ 10

2 Normative references .................................................................................................... 10

3 Terms, definitions, abbreviated terms and conventions .................................................. 11

3.1 Terms and definitions ............................................................................................ 11

3.2 Abbreviated terms and symbols ............................................................................ 13

3.3 Conventions for namespaces ................................................................................ 13

4 The discovery process ................................................................................................... 14

4.1 Overview............................................................................................................... 14

4.2 Registration and announcement of Applications .................................................... 15

4.2.1 Overview ....................................................................................................... 15

4.2.2 Hosts with a LocalDiscoveryServer ................................................................ 15

4.2.3 Hosts without a LocalDiscoveryServer ........................................................... 16

4.3 The discovery process for Clients to find Servers .................................................. 16

4.3.1 Overview ....................................................................................................... 16

4.3.2 Security ......................................................................................................... 17

4.3.3 Simple Discovery with a DiscoveryUrl ............................................................ 17

4.3.4 Local Discovery ............................................................................................. 17

4.3.5 MulticastSubnet Discovery ............................................................................. 18

4.3.6 Global Discovery ........................................................................................... 19

4.3.7 Combined Discovery Process for Clients ....................................................... 19

5 Local Discovery Server .................................................................................................. 20

5.1 Overview............................................................................................................... 20

5.2 Security considerations for Multicast DNS ............................................................. 21

6 Global Discovery Server ................................................................................................ 21

6.1 Overview............................................................................................................... 21

6.2 Network architectures ........................................................................................... 22

6.2.1 Overview ....................................................................................................... 22

6.2.2 Single MulticastSubnet .................................................................................. 22

6.2.3 Multiple MulticastSubnet ................................................................................ 23

6.2.4 No MulticastSubnet........................................................................................ 23

6.2.5 Domain Names and MulticastSubnets ............................................................ 24

6.3 Information Model ................................................................................................. 25

6.3.1 Overview ....................................................................................................... 25

6.3.2 Directory ........................................................................................................ 25

6.3.3 DirectoryType ................................................................................................ 25

6.3.4 FindApplications ............................................................................................ 26

6.3.5 ApplicationRecordDataType........................................................................... 27

6.3.6 RegisterApplication ........................................................................................ 28

6.3.7 UpdateApplication ......................................................................................... 29

6.3.8 UnregisterApplication .................................................................................... 30

6.3.9 GetApplication ............................................................................................... 30

6.3.10 QueryApplications ......................................................................................... 31

6.3.11 QueryServers (deprecated) ............................................................................ 33

6.3.12 ApplicationRegistrationChangedAuditEventType ............................................ 34

7 Certificate management overview .................................................................................. 35

---------------------- Page: 8 ----------------------
SIST EN IEC 62541-12:2020
IEC 62541-12:2020 © IEC 2020 – 3 –

7.1 Overview............................................................................................................... 35

7.2 Pull Management .................................................................................................. 36

7.3 Push management ................................................................................................ 36

7.4 Provisioning .......................................................................................................... 37

7.5 Common Information Model .................................................................................. 38

7.5.1 Overview ....................................................................................................... 38

7.5.2 TrustListType ................................................................................................. 38

7.5.3 OpenWithMasks ............................................................................................ 39

7.5.4 CloseAndUpdate ............................................................................................ 40

7.5.5 AddCertificate ................................................................................................ 41

7.5.6 RemoveCertificate ......................................................................................... 42

7.5.7 TrustListDataType ......................................................................................... 42

7.5.8 TrustListMasks .............................................................................................. 43

7.5.9 TrustListOutOfDateAlarmType ....................................................................... 43

7.5.10 CertificateGroupType ..................................................................................... 43

7.5.11 CertificateType .............................................................................................. 44

7.5.12 ApplicationCertificateType ............................................................................. 45

7.5.13 HttpsCertificateType ...................................................................................... 45

7.5.14 UserCredentialCertificateType ....................................................................... 45

7.5.15 RsaMinApplicationCertificateType ................................................................. 46

7.5.16 RsaSha256ApplicationCertificateType ........................................................... 46

7.5.17 CertificateGroupFolderType ........................................................................... 46

7.5.18 TrustListUpdatedAuditEventType ................................................................... 47

7.6 Information Model for Pull Certificate Management ............................................... 48

7.6.1 Overview ....................................................................................................... 48

7.6.2 CertificateDirectoryType ................................................................................ 48

7.6.3 StartSigningRequest ...................................................................................... 49

7.6.4 StartNewKeyPairRequest .............................................................................. 51

7.6.5 FinishRequest ............................................................................................... 53

7.6.6 GetCertificateGroups ..................................................................................... 54

7.6.7 GetTrustList ................................................................................................... 55

7.6.8 GetCertificateStatus ...................................................................................... 56

7.6.9 CertificateRequestedAuditEventType ............................................................. 57

7.6.10 CertificateDeliveredAuditEventType ............................................................... 58

7.7 Information Model for Push Certificate Management ............................................. 58

7.7.1 Overview ....................................................................................................... 58

7.7.2 ServerConfiguration ....................................................................................... 59

7.7.3 ServerConfigurationType ............................................................................... 59

7.7.4 UpdateCertificate ........................................................................................... 61

7.7.5 ApplyChanges ............................................................................................... 62

7.7.6 CreateSigningRequest ................................................................................... 63

7.7.7 GetRejectedList ............................................................................................. 64

7.7.8 CertificateUpdatedAuditEventType ................................................................ 64

8 KeyCredential management ........................................................................................... 65

8.1 Overview............................................................................................................... 65

8.2 Pull management .................................................................................................. 66

8.3 Push management ................................................................................................ 66

8.4 Information Model for pull management ................................................................ 67

8.4.1 Overview ....................................................................................................... 67

---------------------- Page: 9 ----------------------
SIST EN IEC 62541-12:2020
– 4 – IEC 62541-12:2020 © IEC 2020

8.4.2 KeyCredentialManagement ............................................................................ 68

8.4.3 KeyCredentialServiceType ............................................................................. 68

8.4.4 StartRequest ................................................................................................. 69

8.4.5 FinishRequest ............................................................................................... 70

8.4.6 Revoke .......................................................................................................... 71

8.4.7 KeyCredentialAuditEventType ....................................................................... 72

8.4.8 KeyCredentialRequestedAuditEventType ....................................................... 73

8.4.9 KeyCredentialDeliveredAuditEventType ......................................................... 73

8.4.10 KeyCredentialRevokedAuditEventType .......................................................... 73

8.5 Information Model for push management .............................................................. 74

8.5.1 General ......................................................................................................... 74

8.5.2 KeyCredentialConfiguration ........................................................................... 74

8.5.3 KeyCredentialConfigurationType ................................................................... 75

8.5.4 UpdateCredential ........................................................................................... 75

8.5.5 DeleteCredential ............................................................................................ 76

8.5.6 KeyCredentialUpdatedAuditEventType .......................................................... 77

8.5.7 KeyCredentialDeletedAuditEventType ........................................................... 77

9 Authorization Services ................................................................................................... 78

9.1 Overview............................................................................................................... 78

9.2 Implicit .................................................................................................................. 78

9.3 Explicit .................................................................................................................. 79

9.4 Chained ................................................................................................................ 80

9.5 Information Model for Requesting Access Tokens ................................................. 81

9.5.1 Overview ....................................................................................................... 81

9.5.2 AuthorizationServices .................................................................................... 82

9.5.3 AuthorizationServiceType .............................................................................. 82

9.5.4 RequestAccessToken .................................................................................... 83

9.5.5 GetServiceDescription ................................................................................... 84

9.5.6 AccessTokenIssuedAuditEventType .............................................................. 85

9.6 Information Model for configuring Servers ............................................................. 85

9.6.1 Overview ....................................................................................................... 85

9.6.2 AuthorizationServices .................................................................................... 86

9.6.3 AuthorizationServiceConfigurationType ......................................................... 86

Annex A (informative) Deployment and configuration ........................................................... 87

A.1 Firewalls and discovery ......................................................................................... 87

A.2 Resolving references to remote Servers ................................................................ 89

Annex B (normative) Constants ............................................................................................ 91

Annex C (normative) OPC UA Mapping to mDNS ................................................................. 92

C.1 DNS Server (SRV) record syntax .......................................................................... 92

C.2 DNS Text (TXT) record syntax .............................................................................. 92

C.3 DiscoveryUrl mapping ........................................................................................... 93

Annex D (normative) Server Capability Identifiers ................................................................ 94

Annex E (normative) DirectoryServices ................................................................................ 95

E.1 Global Discovery via other directory services ........................................................ 95

E.2 UDDI ..................................................................................................................... 95

E.3 LDAP .................................................................................................................... 96

Annex F (normative) Local Discovery Server........................................................................ 98

F.1 Certificate store directory layout ........................................................................... 98

---------------------- Page: 10 ----------------------
SIST EN IEC 62541-12:2020
IEC 62541-12:2020 © IEC 2020 – 5 –

F.2 Installation directories on Windows ....................................................................... 99

Annex G (normative) Application installation process ......................................................... 100

G.1 Provisioning with Pull Management ..................................................................... 100

G.2 Provisioning with Push Management ................................................................... 100

G.3 Setting permissions ............................................................................................ 101

Annex H (informative) Comparison with RFC 7030 ............................................................ 102

H.1 Overview............................................................................................................. 102

H.2 Obtaining CA Certificates .................................................................................... 102

H.3 Initial enrolment .................................................................................................. 102

H.4 Client Certificate reissuance ............................................................................... 103

H.5 Server key generation ......................................................................................... 103

H.6 Certificate Signing Request (CSR) attributes request .......................................... 103

Figure 1 – The Registration process with an LDS .................................................................. 16

Figure 2 – The simple Discovery process .............................................................................. 17

Figure 3 – The Local Discovery process ............................................................................... 18

Figure 4 – The MulticastSubnet Discovery process ............................................................... 18

Figure 5 – The Global Discovery process .............................................................................. 19

Figure 6 – The Discovery Process for Clients ........................................................................ 20

Figure 7 – The relationship between GDS and other components ......................................... 21

Figure 8 – The Single MulticastSubnet architecture .............................................................. 22

Figure 9 – The Multiple MulticastSubnet architecture ............................................................ 23

Figure 10 – The No MulticastSubnet architecture .................................................................. 24

Figure 11 – The Address Space for the GDS......................................................................... 25

Figure 12 – The Pull Certificate management model ............................................................. 36

Figure 13 – The Push Certificate management model ........................................................... 37

Figure 14 – The Certificate Management AddressSpace for the GlobalDiscoveryServer........ 48

Figure 15 – The AddressSpace for the Server that supports Push Management .................... 59

Figure 16 – The Pull Model for KeyCredential management .................................................. 66

Figure 17 – The Push Model for KeyCredential management ................................................ 67

Figure 18 – The Address Space used for Pull KeyCredential management ............................ 68

Figure 19 – The AddressSpace used for Push KeyCredential management ........................... 74

Figure 20 – Roles and Authorization Services ....................................................................... 78

Figure 21 – Implicit authorization .......................................................................................... 79

Figure 22 – Explicit authorization .......................................................................................... 80

Figure 23 – Chained authorization ........................................................................................ 81

Figure 24 – The Model for Requesting Access Tokens from Authorization Services .............. 82

Figure 25 – The Model for configuring Servers to use Authorization Services ....................... 85

Figure A.1 – Discovering Servers outside a firewall .............................................................. 87

Figure A.2 – Discovering Servers behind a firewall ............................................................... 88

Figure A.3 – Using a Discovery Server with a firewall ........................................................... 89

Figure A.4 – Following References to Remote Servers.......................................................... 90

Figure E.1 – The UDDI or LDAP Discovery process .............................................................. 95

Figure E.2 – UDDI registry structure ..................................................................................... 96

---------------------- Page: 11 ----------------------
SIST EN IEC 62541-12:2020
– 6 – IEC 62541-12:2020 © IEC 2020

Figure E.3 – Sample LDAP hierarchy .................................................

...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.