oSIST prEN IEC 62541-18:2024

SLOVENSKI STANDARD
01-marec-2024
Enotna arhitektura OPC - 18. del: Varnost na podlagi vlog
OPC unified architecture - Part 18: Role-based security
Ta slovenski standard je istoveten z: prEN IEC 62541-18:2024
ICS:
25.040.40 Merjenje in krmiljenje Industrial process
industrijskih postopkov measurement and control
35.240.50 Uporabniške rešitve IT v IT applications in industry
industriji
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

65E/1043/CDV
COMMITTEE DRAFT FOR VOTE (CDV)
PROJECT NUMBER:
IEC 62541-18 ED1
DATE OF CIRCULATION: CLOSING DATE FOR VOTING:
2024-01-26 2024-04-19
SUPERSEDES DOCUMENTS:
65E/953/NP, 65E/1013/RVN
IEC SC 65E : DEVICES AND INTEGRATION IN ENTERPRISE SYSTEMS
SECRETARIAT: SECRETARY:
United States of America Mr Donald (Bob) Lattimer
OF INTEREST TO THE FOLLOWING COMMITTEES: PROPOSED HORIZONTAL STANDARD:

Other TC/SCs are requested to indicate their interest, if any,
in this CDV to the secretary.
FUNCTIONS CONCERNED:
EMC ENVIRONMENT QUALITY ASSURANCE SAFETY
SUBMITTED FOR CENELEC PARALLEL VOTING NOT SUBMITTED FOR CENELEC PARALLEL VOTING
Attention IEC-CENELEC parallel voting
The attention of IEC National Committees, members of
CENELEC, is drawn to the fact that this Committee Draft for
Vote (CDV) is submitted for parallel voting.
The CENELEC members are invited to vote through the
CENELEC online voting system.
This document is still under study and subject to change. It should not be used for reference purposes.
Recipients of this document are invited to submit, with their comments, notification of any relevant patent rights of which
they are aware and to provide supporting documentation.
Recipients of this document are invited to submit, with their comments, notification of any relevant “In Some Countries”
clauses to be included should this proposal proceed. Recipients are reminded that the CDV stage is the final stage for
submitting ISC clauses. (SEE AC/22/2007 OR NEW GUIDANCE DOC).

TITLE:
OPC Unified Architecture – Part 18: Role-Based Security

PROPOSED STABILITY DATE: 2026
NOTE FROM TC/SC OFFICERS:
electronic file, to make a copy and to print out the content for the sole purpose of preparing National Committee positions.
You may not copy or "mirror" the file or printed version of the document, or any part of it, for any other purpose without
permission in writing from IEC.

IEC CDV 62541-18 © IEC 2023
1 CONTENTS
3 1 Scope . 1
4 2 Normative references . 1
5 3 Terms, definitions, abbreviated terms and conventions . 1
6 3.1 Terms and definitions . 1
7 4 Role Model . 2
8 4.1 General . 2
9 4.2 RoleSetType. 3
10 4.2.1 RoleSetType definition . 3
11 4.2.2 AddRole Method. 3
12 4.2.3 RemoveRole Method . 4
13 4.3 RoleSet . 4
14 4.4 RoleType . 8
15 4.4.1 RoleType definition . 8
16 4.4.2 EndpointType . 10
17 4.4.3 IdentityMappingRuleType . 10
18 4.4.4 IdentityCriteriaType . 12
19 4.4.5 AddIdentity Method . 12
20 4.4.6 RemoveIdentity Method . 12
21 4.4.7 AddApplication Method. 13
22 4.4.8 RemoveApplication Method . 13
23 4.4.9 AddEndpoint Method . 14
24 4.4.10 RemoveEndpoint Method . 14
25 4.5 RoleMappingRuleChangedAuditEventType . 14
26 5 User Management Model . 16
27 5.1 General . 16
28 5.2 UserManagementType. 16
29 5.2.1 UserManagementType definition . 16
30 5.2.2 PasswordOptionsMask . 17
31 5.2.3 UserConfigurationMask . 18
32 5.2.4 UserManagementDataType . 18
33 5.2.5 AddUser Method . 18
34 5.2.6 ModifyUser Method . 19
35 5.2.7 RemoveUser Method . 20
36 5.2.8 ChangePassword Method . 20
37 5.3 UserManagement . 21
39 FIGURES
41 Figure 1 – Role management overview . 2
42 Figure 2 – User management overview . 16
44 TABLES
46 Table 1 – RoleSetType definition . 3

IEC CDV 62541-18 © IEC 2023 ii

47 Table 2 – RoleSet definition . 4
48 Table 3 – RoleSet Additional Conformance Units. 5
49 Table 4 – RoleType definition . 8
50 Table 5 – EndpointType Structure . 10
51 Table 6 – EndpointType definition . 10
52 Table 7 – IdentityMappingRuleType. 10
53 Table 8 – Order for subject name criteria . 11
54 Table 9 – IdentityMappingRuleType definition . 11
55 Table 10 – IdentityCriteriaType Values . 12
56 Table 11 – IdentityCriteriaType Definition . 12
57 Table 12 – RoleMappingRuleChangedAuditEventType definition . 15
58 Table 13 – UserManagementType definition . 16
59 Table 14 – PasswordOptionsMask values . 17
60 Table 15 – PasswordOptionsMask definition . 17
61 Table 16 – UserConfigurationMask values . 18
62 Table 17 – UserConfigurationMask definition . 18
63 Table 18 – UserManagementDataType structure . 18
64 Table 19 – DataSetMetaDataType definition . 18
65 Table 20 – UserManagement definition. 21
iii IEC CDV 62541-18 © IEC 2023

68 INTERNATIONAL ELECTROTECHNICAL COMMISSION
69 ____________
71 OPC UNIFIED ARCHITECTURE –
73 Part 18: Role-Based Security
75 FOREWORD
76 1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising all national
77 electrotechnical committees (IEC National Committees). The object of IEC is to promote international co-operation on all
78 questions concerning standardization in the electrical and electronic fields. To this end and in addition to other activities,
79 IEC publishes International Standards, Technical Specifications, Technical Reports, Publicly Available Specifications (PAS)
80 and Guides (hereafter referred to as “IEC Publication(s)”). Their preparation is entrusted to technical committees; any IEC
81 National Committee interested in the subject dealt with may participate in this preparatory work. International, governmental
82 and non-governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely with
83 the International Organization for Standardization (ISO) in accordance with conditions determined by agreement between
84 the two organizations.
85 2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international consensus
86 of opinion on the relevant subjects since each technical committee has representation from all interested IEC National
87 Committees.
88 3) IEC Publications have the form of recommendations for international use and are accepted by IEC National Committees in
89 that sense. While all reasonable efforts are made to ensure that the technical content of IEC Publications is accurate, IEC
90 cannot be held responsible for the way in which they are used or for any misinterpretation by any end user.
91 4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications transparently to
92 the maximum extent possible in their national and regional publications. Any divergence between any IEC Publication and
93 the corresponding national or regional publication shall be clearly indicated in the latter.
94 5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity assessment
95 services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any services carried out by
96 independent certification bodies.
97 6) All users should ensure that they have the latest edition of this publication.
98 7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and members of
99 its technical committees and IEC National Committees for any personal injury, property damage or other damage of any
100 nature whatsoever, whether direct or indirect, or for costs (including legal fees) and expenses arising out of the publication,
101 use of, or reliance upon, this IEC Publication or any other IEC Publications.
102 8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is indispensable
103 for the correct application of this publication.
104 9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of patent rights.
105 IEC shall not be held responsible for identifying any or all such patent rights.
106 The main task of IEC technical committees is to prepare International Standards. However, a technical
107 committee may propose the publication of a technical report when it has collected data of a different
108 kind from that which is normally published as an International Standard, for example "state of the art".
109 International Standard IEC 62541-18 has been prepared by subcommittee 65E: Devices and integration
110 in enterprise systems, of IEC technical committee 65: Industrial-process measurement, control and
111 automation.
112 The text of this international standard is based on the following documents:
CDV Report on voting
65E/XX/CDV 65E/XX/RVC
114 Full information on the voting for the approval of this international standard can be found in the report
115 on voting indicated in the above table.
116 This publication has been drafted in accordance with the ISO/IEC Directives, Part 2.
117 Throughout this document and the other Parts of the series, certain document conventions are used:

IEC CDV 62541-18 © IEC 2023 iv

118 Italics are used to denote a defined term or definition that appears in the “Terms and definition” clause
119 in one of the parts of the s
...