SIST EN 62541-6:2012

SLOVENSKI STANDARD
SIST EN 62541-6:2012
01-februar-2012
Poenotena arhitektura OPC - 6. del: Preslikave (IEC 62541-6:2011)
OPC unified architecture - Part 6: Mappings (IEC 62541-6:2011)
OPC Unified Architecture - Teil 6: Protokollabbildungen (IEC 62541-6:2011)
Architecture unifiée OPC - Partie 6: Correspondances (CEI 62541-6:2011)
Ta slovenski standard je istoveten z: EN 62541-6:2011
ICS:
25.040.40 Merjenje in krmiljenje Industrial process
industrijskih postopkov measurement and control
35.240.50 Uporabniške rešitve IT v IT applications in industry
industriji
SIST EN 62541-6:2012 en
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------

SIST EN 62541-6:2012

---------------------- Page: 2 ----------------------

SIST EN 62541-6:2012

EUROPEAN STANDARD
EN 62541-6

NORME EUROPÉENNE
December 2011
EUROPÄISCHE NORM

ICS 25.040.40; 25.100.01


English version


OPC unified architecture -
Part 6: Mappings
(IEC 62541-6:2011)


Architecture unifiée OPC -  OPC Unified Architecture -
Partie 6: Correspondances Teil 6: Protokollabbildungen
(CEI 62541-6:2011) (IEC 62541-6:2011)





This European Standard was approved by CENELEC on 2011-11-22. CENELEC members are bound to comply
with the CEN/CENELEC Internal Regulations which stipulate the conditions for giving this European Standard
the status of a national standard without any alteration.

Up-to-date lists and bibliographical references concerning such national standards may be obtained on
application to the CEN-CENELEC Management Centre or to any CENELEC member.

This European Standard exists in three official versions (English, French, German). A version in any other
language made by translation under the responsibility of a CENELEC member into its own language and notified
to the CEN-CENELEC Management Centre has the same status as the official versions.

CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus,
the Czech Republic, Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy,
Latvia, Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Slovakia, Slovenia,
Spain, Sweden, Switzerland and the United Kingdom.

CENELEC
European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung

Management Centre: Avenue Marnix 17, B - 1000 Brussels


© 2011 CENELEC - All rights of exploitation in any form and by any means reserved worldwide for CENELEC members.
Ref. No. EN 62541-6:2011 E

---------------------- Page: 3 ----------------------

SIST EN 62541-6:2012
EN 62541-6:2011 - 2 -
Foreword
The text of document 65E/193/FDIS, future edition 1 of IEC 62541-6, prepared by SC 65E, "Devices and
integration in enterprise systems", of IEC/TC 65, "Industrial-process measurement, control and
automation" was submitted to the IEC-CENELEC parallel vote and approved by CENELEC as
EN 62541-6:2011.
The following dates are fixed:
(dop) 2012-08-22
• latest date by which the document has
to be implemented at national level by
publication of an identical national
standard or by endorsement
(dow) 2014-11-22
• latest date by which the national
standards conflicting with the
document have to be withdrawn

Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CENELEC [and/or CEN] shall not be held responsible for identifying any or all such patent
rights.

Endorsement notice
The text of the International Standard IEC 62541-6:2011 was approved by CENELEC as a European
Standard without any modification.

---------------------- Page: 4 ----------------------

SIST EN 62541-6:2012
- 3 - EN 62541-6:2011
Annex ZA
(normative)

Normative references to international publications
with their corresponding European publications

The following referenced documents are indispensable for the application of this document. For dated
references, only the edition cited applies. For undated references, the latest edition of the referenced
document (including any amendments) applies.

NOTE  When an international publication has been modified by common modifications, indicated by (mod), the relevant EN/HD
applies.

Publication Year Title EN/HD Year

IEC/TR 62541-1 - OPC unified architecture - CLC/TR 62541-1 -
Part 1: Overview and concepts


IEC/TR 62541-2 - OPC unified architecture - CLC/TR 62541-2 -
Part 2: Security model


IEC 62541-3 - OPC unified architecture - EN 62541-3 -
Part 3: Address space model


IEC 62541-4 - OPC unified architecture - EN 62541-4 -
Part 4: Services


IEC 62541-5 - OPC unified architecture - EN 62541-5 -
Part 5: Information Model


IEC 62541-7 - OPC Unified Architecture - EN 62541-7 -
Part 7: Profiles


ITU-T X.509 - Information technology – Open systems - -
interconnection – The Directory: Public-key
and attribute certificate frameworks


ITU-T X.690 - Information technology - ASN.1 encoding - -
rules: Specification of Basic Encoding Rules
(BER), Canonical Encoding Rules (CER) and
Distinguished Encoding Rules (DER)


ITU-T X.200 - Information technology - Open Systems - -
Interconnection - Basic Reference Model:
The basic model


RFC 3548 - The Base16, Base32, and Base64 Data - -
Encodings


RFC 2104 - HMAC: Keyed-Hashing for Message - -
Authentication


RFC 2437 - PKCS #1: RSA Cryptography Specifications - -
Version 2.0


RFC 3280 - Internet X.509 Public Key Infrastructure - -
Certificate and Certificate Revocation List
(CRL) Profile


RFC 2818 - HTTP Over TLS - -


RFC 2616 - Hypertext Transfer Protocol - HTTP/1.1 - -


RFC 2246 - The TLS Protocol - -


RFC 4514 - Lightweight Directory Access Protocol - -
(LDAP): String Representation of
Distinguished Names


RFC 3629 - UTF-8, User Datagram Protocol - -

---------------------- Page: 5 ----------------------

SIST EN 62541-6:2012
EN 62541-6:2011 - 4 -
IEEE 754 - Binary floating-point arithmetic - -


XML Schema Part 1 - XML Schema Part 1: Structures - -


XML Schema Part 2 - XML Schema Part 2 - -


SOAP Part 1 - SOAP Version 1.2 Part 1: Messaging - -
Framework


SOAP Part 2 - SOAP Version 1.2 Part 2: Adjuncts - -


XML Encryption - XML Encryption Syntax and Processing - -


XML Signature - XML-Signature Syntax and Processing - -


WS Security - SOAP Message Security 1.1 - -


WS Addressing - Web Services Addressing (WS-Addressing) - -


WS Trust - WS Trust 1.3 - -


WS Secure - WS Secure Conversation 1.3 - -
Conversation


WS Security Policy - WS Security Policy 1.2 - -


WS-I - Basic Profile Version 1.1 - -


WS-I - Basic Security Profile Version 1.1 - -


PKCS #12 - PKCS 12 v1.0: Personal Information - -
Exchange Syntax


FIPS 180-2 - Secure Hash Standard (SHA) - -


FIPS 197 - Advanced Encyption Standard (AES) - -

---------------------- Page: 6 ----------------------

SIST EN 62541-6:2012

IEC 62541-6
®

Edition 1.0 2011-10
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
colour
inside


OPC unified architecture –
Part 6: Mappings

Architecture unifiée OPC –
Partie 6: Correspondances


INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
COMMISSION
ELECTROTECHNIQUE
PRICE CODE
INTERNATIONALE
CODE PRIX XB
ICS 25.040.40; 25.100.01 ISBN 978-2-88912-728-3

® Registered trademark of the International Electrotechnical Commission
Marque déposée de la Commission Electrotechnique Internationale

---------------------- Page: 7 ----------------------

SIST EN 62541-6:2012
– 2 – 62541-6 © IEC:2011
CONTENTS
FOREWORD . 6
INTRODUCTION . 8
1 Scope . 9
2 Normative references . 9
3 Terms, definitions and abbreviations . 11
3.1 Terms and definitions . 11
3.2 Abbreviations . 12
4 Overview . 12
5 Data Encoding . 13
5.1 General . 13
5.1.1 Overview . 13
5.1.2 Built-in Types . 14
5.1.3 Guid . 14
5.1.4 ExtensionObject . 15
5.1.5 Variant . 15
5.2 OPC UA Binary . 15
5.2.1 General . 15
5.2.2 Built-in Types . 16
5.2.3 Enumerations . 24
5.2.4 Arrays . 24
5.2.5 Structures . 24
5.2.6 Messages . 25
5.3 XML . 26
5.3.1 Built-in Types . 26
5.3.2 Enumerations . 31
5.3.3 Arrays . 32
5.3.4 Structures . 32
5.3.5 Messages . 33
6 Security Protocols . 33
6.1 Security Handshake . 33
6.2 Certificates . 34
6.2.1 General . 34
6.2.2 Application Instance Certificate . 34
6.2.3 Signed Software Certificate . 35
6.3 WS Secure Conversation. 36
6.3.1 Overview . 36
6.3.2 Notation . 38
6.3.3 Request Security Token (RST/SCT) . 38
6.3.4 Request Security Token Response (RSTR/SCT) . 39
6.3.5 Using the SCT . 40
6.3.6 Cancelling Security Contexts . 40
6.4 OPC UA Secure Conversation . 41
6.4.1 Overview . 41
6.4.2 MessageChunk Structure. 41
6.4.3 MessageChunks and Error Handling . 44
6.4.4 Establishing a SecureChannel . 45

---------------------- Page: 8 ----------------------

SIST EN 62541-6:2012
62541-6 © IEC:2011 – 3 –
6.4.5 Deriving Keys . 46
6.4.6 Verifying Message Security . 47
7 Transport Protocols . 48
7.1 OPC UA TCP . 48
7.1.1 Overview . 48
7.1.2 Message Structure . 48
7.1.3 Establishing a Connection . 50
7.1.4 Closing a Connection . 51
7.1.5 Error Handling . 52
7.1.6 Error Recovery . 52
7.2 SOAP/HTTP . 54
7.2.1 Overview . 54
7.2.2 XML Encoding . 55
7.2.3 OPC UA Binary Encoding . 55
7.3 Well Known Addresses . 56
8 Normative Contracts . 56
8.1 OPC Binary Schema . 56
8.2 XML Schema and WSDL . 56
Annex A (normative) Constants. 57
Annex B (normative) Type Declarations for the OPC UA Native Mapping . 59
Annex C (normative) WSDL for the XML Mapping . 60
Annex D (normative) Security Settings Management . 61

Figure 1 – The OPC UA Stack Overview . 13
Figure 2 – Encoding Integers in a Binary Stream . 16
Figure 3 – Encoding Floating Points in a Binary Stream . 17
Figure 4 – Encoding Strings in a Binary Stream . 17
Figure 5 – Encoding Guids in a Binary Stream . 18
Figure 6 – Encoding XmlElements in a Binary Stream . 18
Figure 7 – A String NodeId. 19
Figure 8 – A Two Byte NodeId . 20
Figure 9 – A Four Byte NodeId . 20
Figure 10 – Security Handshake . 33
Figure 11 – Relevant XML Web Services Specifications . 37
Figure 12 – The WS Secure Conversation Handshake . 37
Figure 13 – OPC UA Secure Conversation MessageChunk . 41
Figure 14 – OPC UA TCP Message Structure . 50
Figure 15 – Establishing a OPC UA TCP Connection . 51
Figure 16 – Closing a OPC UA TCP Connection . 51
Figure 17 – Recovering an OPC UA TCP Connection . 53

Table 1 – Built-in Data Types . 14
Table 2 – Guid Structure . 14
Table 3 – Supported Floating Point Types. 16
Table 4 – NodeId Components . 19

---------------------- Page: 9 ----------------------

SIST EN 62541-6:2012
– 4 – 62541-6 © IEC:2011
Table 5 – NodeId Encoding Values . 19
Table 6 – Standard NodeId Binary Encoding . 19
Table 7 – Two Byte NodeId Binary Encoding . 20
Table 8 – Four Byte NodeId Binary Encoding . 20
Table 9 – ExpandedNodeId Binary Encoding . 21
Table 10 – DiagnosticInfo Binary Encoding . 21
Table 11 – QualifiedName Binary Encoding . 22
Table 12 – LocalizedText Binary Encoding . 22
Table 13 – Extension Object Binary Encoding . 23
Table 14 – Variant Binary Encoding . 23
Table 15 – Data Value Binary Encoding . 24
Table 16 – Sample OPC UA Binary Encoded Structure . 25
Table 17 – XML Data Type Mappings for Integers . 26
Table 18 – XML Data Type Mappings for Floating Points . 26
Table 19 – Components of NodeId . 28
Table 20 – Components of ExpandedNodeId . 28
Table 21 – Components of Enumeration . 31
Table 22 – SecurityPolicy . 34
Table 23 – ApplicationInstanceCertificate . 35
Table 24 – SignedSoftwareCertificate . 36
Table 25 – WS-* Namespace Prefixes . 38
Table 26 – RST/SCT Mapping to an OpenSecureChannel Request . 39
Table 27 – RSTR/SCT Mapping to an OpenSecureChannel Response . 40
Table 28 – OPC UA Secure Conversation Message Header . 42
Table 29 – Asymmetric Algorithm Security Header . 42
Table 30 – Symmetric Algorithm Security Header . 43
Table 31 – Sequence Header . 43
Table 32 – OPC UA Secure Conversation Message Footer . 44
Table 33 – OPC UA Secure Conversation Message Abort Body . 45
Table 34 – OPC UA Secure Conversation OpenSecureChannel Service . 45
Table 35 – Cryptography Key Generation Parameters . 46
Table 36 – OPC UA TCP Message Header . 48
Table 37 – OPC UA TCP Hello Message . 49
Table 38 – OPC UA TCP Acknowledge Message . 49
Table 39 – OPC UA TCP Error Message . 50
Table 40 – OPC UA TCP Error Codes . 52
Table 41 – WS-Addressing Headers . 54
Table 42 – Well Known Addresses for Local Discovery Servers . 56
Table A.1 – Identifiers Assigned to Attributes . 57
Table D.1 – SecuredApplication . 62
Table D.2 – CertificateIdentfier . 64
Table D.3 – CertificateStoreIdentfier . 65
Table D.4 – CertificateTrustList. 66

---------------------- Page: 10 ----------------------

SIST EN 62541-6:2012
62541-6 © IEC:2011 – 5 –
Table D.5 – CertificateValidationOptions . 66
Table D.6 – ApplicationAccessRule. 67
Table D.7 – ApplicationSecurityPolicy . 67

---------------------- Page: 11 ----------------------

SIST EN 62541-6:2012
– 6 – 62541-6 © IEC:2011
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________

OPC UNIFIED ARCHITECTURE –

Part 6: Mappings

FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote
international co-operation on all questions concerning standardization in the electrical and electronic fields. To
this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,
Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC
Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested
in the subject dealt with may participate in this preparatory work. International, governmental and non-
governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely
with the International Organization for Standardization (ISO) in accordance with conditions determined by
agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence
between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in
the latter.
5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any
services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of
patent rights. IEC shall not be held responsible for identifying any or all such patent rights.
International Standard IEC 62541-6 has been prepared by subcommittee 65E: Devices and
integration in enterprise systems, of IEC technical committee 65: Industrial-process
measurement, control and automation.
The text of this standard is based on the following documents:
FDIS Report on voting
65E/193/FDIS 65E/215/RVD

Full information on the voting for the approval of this standard can be found in the report on
voting indicated in the above table.
This publication has been drafted in accordance with the ISO/IEC Directives, Part 2.

---------------------- Page: 12 ----------------------

SIST EN 62541-6:2012
62541-6 © IEC:2011 – 7 –
A list of all parts of the IEC 62541 series, published under the general title OPC Unified
Architecture, can be found on the IEC website.
The committee has decided that the contents of this publication will remain unchanged until
the stability date indicated on the IEC web site under "http://webstore.iec.ch" in the data
related to the specific publication. At this date, the publication will be
• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.

IMPORTANT – The 'colour inside' logo on the cover page of this publication indicates
that it contains colours which are considered to be useful for the correct
understanding of its contents. Users should therefore print this document using a
colour printer.

---------------------- Page: 13 ----------------------

SIST EN 62541-6:2012
– 8 – 62541-6 © IEC:2011
INTRODUCTION
This International Stadard is the specification for developers of OPC UA applications. The
specification is a result of an analysis and design process to develop a standard interface to
facilitate the development of applications by multiple vendors that will inter-operate
seamlessly together.

---------------------- Page: 14 ----------------------

SIST EN 62541-6:2012
62541-6 © IEC:2011 – 9 –
OPC UNIFIED ARCHITECTURE –

Part 6: Mappings



1 Scope
This part of IEC 62541 specifies the OPC Unified Architecture (OPC UA) mapping between
the security model described in IEC 62541-2, the abstract service definitions, described in
IEC 62541-4, the data structures defined in IEC
...