{"id":244966,"date":"2024-10-19T16:06:19","date_gmt":"2024-10-19T16:06:19","guid":{"rendered":"https:\/\/pdfstandards.shop\/product\/uncategorized\/bs-en-iec-62541-122020\/"},"modified":"2024-10-25T11:05:53","modified_gmt":"2024-10-25T11:05:53","slug":"bs-en-iec-62541-122020","status":"publish","type":"product","link":"https:\/\/pdfstandards.shop\/product\/publishers\/bsi\/bs-en-iec-62541-122020\/","title":{"rendered":"BS EN IEC 62541-12:2020"},"content":{"rendered":"

This part of IEC 62541 specifies how OPC Unified Architecture (OPC UA) Clients<\/i> and Servers<\/i> interact with DiscoveryServers<\/i> when used in different scenarios. It specifies the requirements for the LocalDiscoveryServer, LocalDiscoveryServer-ME and GlobalDiscoveryServer<\/i>. It also defines information models for Certificate<\/i> management, KeyCredential m<\/i>anagement and Authorization Services.<\/i><\/p>\n

PDF Catalog<\/h4>\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n\n
PDF Pages<\/th>\nPDF Title<\/th>\n<\/tr>\n
2<\/td>\nundefined <\/td>\n<\/tr>\n
5<\/td>\nAnnex ZA(normative)Normative references to international publicationswith their corresponding European publications <\/td>\n<\/tr>\n
7<\/td>\nEnglish
CONTENTS <\/td>\n<\/tr>\n
13<\/td>\nFOREWORD <\/td>\n<\/tr>\n
15<\/td>\n1 Scope
2 Normative references <\/td>\n<\/tr>\n
16<\/td>\n3 Terms, definitions, abbreviated terms and conventions
3.1 Terms and definitions <\/td>\n<\/tr>\n
18<\/td>\n3.2 Abbreviated terms and symbols
3.3 Conventions for namespaces <\/td>\n<\/tr>\n
19<\/td>\n4 The discovery process
4.1 Overview
Tables
Table 1 \u2013 GDS NamespaceMetadataType Object definition <\/td>\n<\/tr>\n
20<\/td>\n4.2 Registration and announcement of Applications
4.2.1 Overview
4.2.2 Hosts with a LocalDiscoveryServer <\/td>\n<\/tr>\n
21<\/td>\n4.2.3 Hosts without a LocalDiscoveryServer
4.3 The discovery process for Clients to find Servers
4.3.1 Overview
Figures
Figure 1 \u2013 The Registration process with an LDS <\/td>\n<\/tr>\n
22<\/td>\n4.3.2 Security
4.3.3 Simple Discovery with a DiscoveryUrl
4.3.4 Local Discovery
Figure 2 \u2013 The simple Discovery process <\/td>\n<\/tr>\n
23<\/td>\n4.3.5 MulticastSubnet Discovery
Figure 3 \u2013 The Local Discovery process
Figure 4 \u2013 The MulticastSubnet Discovery process <\/td>\n<\/tr>\n
24<\/td>\n4.3.6 Global Discovery
4.3.7 Combined Discovery Process for Clients
Figure 5 \u2013 The Global Discovery process <\/td>\n<\/tr>\n
25<\/td>\n5 Local Discovery Server
5.1 Overview
Figure 6 \u2013 The Discovery Process for Clients <\/td>\n<\/tr>\n
26<\/td>\n5.2 Security considerations for Multicast DNS
6 Global Discovery Server
6.1 Overview
Figure 7 \u2013 The relationship between GDS and other components <\/td>\n<\/tr>\n
27<\/td>\n6.2 Network architectures
6.2.1 Overview
6.2.2 Single MulticastSubnet
Figure 8 \u2013 The Single MulticastSubnet architecture <\/td>\n<\/tr>\n
28<\/td>\n6.2.3 Multiple MulticastSubnet
6.2.4 No MulticastSubnet
Figure 9 \u2013 The Multiple MulticastSubnet architecture <\/td>\n<\/tr>\n
29<\/td>\n6.2.5 Domain Names and MulticastSubnets
Figure 10 \u2013 The No MulticastSubnet architecture <\/td>\n<\/tr>\n
30<\/td>\n6.3 Information Model
6.3.1 Overview
6.3.2 Directory
6.3.3 DirectoryType
Figure 11 \u2013 The Address Space for the GDS
Table 2 \u2013 Directory Object definition <\/td>\n<\/tr>\n
31<\/td>\n6.3.4 FindApplications
Table 3 \u2013 DirectoryType definition <\/td>\n<\/tr>\n
32<\/td>\n6.3.5 ApplicationRecordDataType
Table 4 \u2013 FindApplications Method AddressSpace definition <\/td>\n<\/tr>\n
33<\/td>\n6.3.6 RegisterApplication
Table 5 \u2013 ApplicationRecordDataType definition <\/td>\n<\/tr>\n
34<\/td>\n6.3.7 UpdateApplication
Table 6 \u2013 RegisterApplication Method AddressSpace definition <\/td>\n<\/tr>\n
35<\/td>\n6.3.8 UnregisterApplication
6.3.9 GetApplication
Table 7 \u2013 UpdateApplication Method AddressSpace definition
Table 8 \u2013 UnregisterApplication Method AddressSpace definition <\/td>\n<\/tr>\n
36<\/td>\n6.3.10 QueryApplications
Table 9 \u2013 GetApplication Method AddressSpace definition <\/td>\n<\/tr>\n
38<\/td>\n6.3.11 QueryServers (deprecated)
Table 10 \u2013 QueryApplications Method AddressSpace definition <\/td>\n<\/tr>\n
39<\/td>\n6.3.12 ApplicationRegistrationChangedAuditEventType
Table 11 \u2013 QueryServers Method AddressSpace definition <\/td>\n<\/tr>\n
40<\/td>\n7 Certificate management overview
7.1 Overview
Table 12 \u2013 ApplicationRegistrationChangedAuditEventType definition <\/td>\n<\/tr>\n
41<\/td>\n7.2 Pull Management
7.3 Push management
Figure 12 \u2013 The Pull Certificate management model <\/td>\n<\/tr>\n
42<\/td>\n7.4 Provisioning
Figure 13 \u2013 The Push Certificate management model <\/td>\n<\/tr>\n
43<\/td>\n7.5 Common Information Model
7.5.1 Overview
7.5.2 TrustListType <\/td>\n<\/tr>\n
44<\/td>\n7.5.3 OpenWithMasks
Table 13 \u2013 TrustListType definition <\/td>\n<\/tr>\n
45<\/td>\n7.5.4 CloseAndUpdate
Table 14 \u2013 OpenWithMasks Method AddressSpace definition <\/td>\n<\/tr>\n
46<\/td>\n7.5.5 AddCertificate
Table 15 \u2013 CloseAndUpdate Method AddressSpace definition
Table 16 \u2013 AddCertificate Method AddressSpace definition <\/td>\n<\/tr>\n
47<\/td>\n7.5.6 RemoveCertificate
7.5.7 TrustListDataType
Table 17 \u2013 RemoveCertificate Method AddressSpace definition
Table 18 \u2013 TrustListDataType definition <\/td>\n<\/tr>\n
48<\/td>\n7.5.8 TrustListMasks
7.5.9 TrustListOutOfDateAlarmType
7.5.10 CertificateGroupType
Table 19 \u2013 TrustListMasks values
Table 20 \u2013 TrustListOutOfDateAlarmType definition <\/td>\n<\/tr>\n
49<\/td>\n7.5.11 CertificateType
Table 21 \u2013 CertificateGroupType definition <\/td>\n<\/tr>\n
50<\/td>\n7.5.12 ApplicationCertificateType
7.5.13 HttpsCertificateType
7.5.14 UserCredentialCertificateType
Table 22 \u2013 CertificateType definition
Table 23 \u2013 ApplicationCertificateType definition
Table 24 \u2013 HttpsCertificateType definition <\/td>\n<\/tr>\n
51<\/td>\n7.5.15 RsaMinApplicationCertificateType
7.5.16 RsaSha256ApplicationCertificateType
7.5.17 CertificateGroupFolderType
Table 25 \u2013 UserCredentialCertificateType definition
Table 26 \u2013 RsaMinApplicationCertificateType definition
Table 27 \u2013 RsaSha256ApplicationCertificateType definition <\/td>\n<\/tr>\n
52<\/td>\n7.5.18 TrustListUpdatedAuditEventType
Table 28 \u2013 CertificateGroupFolderType definition
Table 29 \u2013 TrustListUpdatedAuditEventType definition <\/td>\n<\/tr>\n
53<\/td>\n7.6 Information Model for Pull Certificate Management
7.6.1 Overview
7.6.2 CertificateDirectoryType
Figure 14 \u2013 The Certificate Management AddressSpace for the GlobalDiscoveryServer <\/td>\n<\/tr>\n
54<\/td>\n7.6.3 StartSigningRequest
Table 30 \u2013 CertificateDirectoryType ObjectType definition <\/td>\n<\/tr>\n
56<\/td>\n7.6.4 StartNewKeyPairRequest
Table 31 \u2013 StartSigningRequest Method AddressSpace definition <\/td>\n<\/tr>\n
58<\/td>\n7.6.5 FinishRequest
Table 32 \u2013 StartNewKeyPairRequest Method AddressSpace definition <\/td>\n<\/tr>\n
59<\/td>\n7.6.6 GetCertificateGroups
Table 33 \u2013 FinishRequest Method AddressSpace definition <\/td>\n<\/tr>\n
60<\/td>\n7.6.7 GetTrustList
Table 34 \u2013 GetCertificateGroups Method AddressSpace definition <\/td>\n<\/tr>\n
61<\/td>\n7.6.8 GetCertificateStatus
Table 35 \u2013 GetTrustList Method AddressSpace definition <\/td>\n<\/tr>\n
62<\/td>\n7.6.9 CertificateRequestedAuditEventType
Table 36 \u2013 GetCertificateStatus Method AddressSpace definition <\/td>\n<\/tr>\n
63<\/td>\n7.6.10 CertificateDeliveredAuditEventType
7.7 Information Model for Push Certificate Management
7.7.1 Overview
Table 37 \u2013 CertificateRequestedAuditEventType definition
Table 38 \u2013 CertificateDeliveredAuditEventType definition <\/td>\n<\/tr>\n
64<\/td>\n7.7.2 ServerConfiguration
7.7.3 ServerConfigurationType
Figure 15 \u2013 The AddressSpace for the Server that supports Push Management
Table 39 \u2013 ServerConfiguration Object definition <\/td>\n<\/tr>\n
65<\/td>\nTable 40 \u2013 ServerConfigurationType definition <\/td>\n<\/tr>\n
66<\/td>\n7.7.4 UpdateCertificate <\/td>\n<\/tr>\n
67<\/td>\n7.7.5 ApplyChanges
Table 41 \u2013 UpdateCertificate Method AddressSpace Definition <\/td>\n<\/tr>\n
68<\/td>\n7.7.6 CreateSigningRequest
Table 42 \u2013 ApplyChanges Method AddressSpace Definition <\/td>\n<\/tr>\n
69<\/td>\n7.7.7 GetRejectedList
7.7.8 CertificateUpdatedAuditEventType
Table 43 \u2013 CreateSigningRequest Method AddressSpace definition
Table 44 \u2013 GetRejectedList Method AddressSpace definition <\/td>\n<\/tr>\n
70<\/td>\n8 KeyCredential management
8.1 Overview
Table 45 \u2013 CertificateUpdatedAuditEventType definition <\/td>\n<\/tr>\n
71<\/td>\n8.2 Pull management
8.3 Push management
Figure 16 \u2013 The Pull Model for KeyCredential management <\/td>\n<\/tr>\n
72<\/td>\n8.4 Information Model for pull management
8.4.1 Overview
Figure 17 \u2013 The Push Model for KeyCredential management <\/td>\n<\/tr>\n
73<\/td>\n8.4.2 KeyCredentialManagement
8.4.3 KeyCredentialServiceType
Figure 18 \u2013 The Address Space used for Pull KeyCredential management
Table 46 \u2013 KeyCredentialManagement Object definition <\/td>\n<\/tr>\n
74<\/td>\n8.4.4 StartRequest
Table 47 \u2013 KeyCredentialServiceType definition <\/td>\n<\/tr>\n
75<\/td>\n8.4.5 FinishRequest
Table 48 \u2013 StartRequest Method AddressSpace definition <\/td>\n<\/tr>\n
76<\/td>\n8.4.6 Revoke
Table 49 \u2013 FinishRequest Method AddressSpace definition <\/td>\n<\/tr>\n
77<\/td>\n8.4.7 KeyCredentialAuditEventType
Table 50 \u2013 Revoke Method AddressSpace definition
Table 51 \u2013 KeyCredentialAuditEventType definition <\/td>\n<\/tr>\n
78<\/td>\n8.4.8 KeyCredentialRequestedAuditEventType
8.4.9 KeyCredentialDeliveredAuditEventType
8.4.10 KeyCredentialRevokedAuditEventType
Table 52 \u2013 KeyCredentialRequestedAuditEventType definition
Table 53 \u2013 KeyCredentialDeliveredAuditEventType definition <\/td>\n<\/tr>\n
79<\/td>\n8.5 Information Model for push management
8.5.1 General
8.5.2 KeyCredentialConfiguration
Figure 19 \u2013 The AddressSpace used for Push KeyCredential management
Table 54 \u2013 KeyCredentialRevokedAuditEventType definition
Table 55 \u2013 KeyCredentialConfiguration Object definition <\/td>\n<\/tr>\n
80<\/td>\n8.5.3 KeyCredentialConfigurationType
8.5.4 UpdateCredential
Table 56 \u2013 KeyCredentialConfigurationType definition <\/td>\n<\/tr>\n
81<\/td>\n8.5.5 DeleteCredential
Table 57 \u2013 UpdateCredential Method AddressSpace definition <\/td>\n<\/tr>\n
82<\/td>\n8.5.6 KeyCredentialUpdatedAuditEventType
8.5.7 KeyCredentialDeletedAuditEventType
Table 58 \u2013 DeleteCredential Method AddressSpace definition
Table 59 \u2013 KeyCredentialUpdatedAuditEventType definition
Table 60 \u2013 KeyCredentialUpdatedAuditEventType definition <\/td>\n<\/tr>\n
83<\/td>\n9 Authorization Services
9.1 Overview
9.2 Implicit
Figure 20 \u2013 Roles and Authorization Services <\/td>\n<\/tr>\n
84<\/td>\n9.3 Explicit
Figure 21 \u2013 Implicit authorization <\/td>\n<\/tr>\n
85<\/td>\n9.4 Chained
Figure 22 \u2013 Explicit authorization <\/td>\n<\/tr>\n
86<\/td>\n9.5 Information Model for Requesting Access Tokens
9.5.1 Overview
Figure 23 \u2013 Chained authorization <\/td>\n<\/tr>\n
87<\/td>\n9.5.2 AuthorizationServices
9.5.3 AuthorizationServiceType
Figure 24 \u2013 The Model for Requesting Access Tokens from Authorization Services
Table 61 \u2013 AuthorizationServices Object definition
Table 62 \u2013 AuthorizationServiceType definition <\/td>\n<\/tr>\n
88<\/td>\n9.5.4 RequestAccessToken <\/td>\n<\/tr>\n
89<\/td>\n9.5.5 GetServiceDescription
Table 63 \u2013 RequestAccessToken Method AddressSpace definition <\/td>\n<\/tr>\n
90<\/td>\n9.5.6 AccessTokenIssuedAuditEventType
9.6 Information Model for configuring Servers
9.6.1 Overview
Figure 25 \u2013 The Model for configuring Servers to use Authorization Services
Table 64 \u2013 GetServiceDescription Method AddressSpace definition
Table 65 \u2013 AccessTokenIssuedAuditEventType definition <\/td>\n<\/tr>\n
91<\/td>\n9.6.2 AuthorizationServices
9.6.3 AuthorizationServiceConfigurationType
Table 66 \u2013 AuthorizationServices Object definition
Table 67 \u2013 AuthorizationServiceConfigurationType definition <\/td>\n<\/tr>\n
92<\/td>\nAnnex A (informative)Deployment and configuration
A.1 Firewalls and discovery
Figure A.1 \u2013 Discovering Servers outside a firewall <\/td>\n<\/tr>\n
93<\/td>\nFigure A.2 \u2013 Discovering Servers behind a firewall <\/td>\n<\/tr>\n
94<\/td>\nA.2 Resolving references to remote Servers
Figure A.3 \u2013 Using a Discovery Server with a firewall <\/td>\n<\/tr>\n
95<\/td>\nFigure A.4 \u2013 Following References to Remote Servers <\/td>\n<\/tr>\n
96<\/td>\nAnnex B (normative)Constants <\/td>\n<\/tr>\n
97<\/td>\nAnnex C (normative)OPC UA Mapping to mDNS
C.1 DNS Server (SRV) record syntax
C.2 DNS Text (TXT) record syntax
Table C.1 \u2013 Allowed mDNS service names <\/td>\n<\/tr>\n
98<\/td>\nC.3 DiscoveryUrl mapping
Table C.2 \u2013 DNS TXT record string format
Table C.3 \u2013 DiscoveryUrl to DNS SRV and TXT Record Mapping <\/td>\n<\/tr>\n
99<\/td>\nAnnex D (normative)Server Capability Identifiers
Table D.1 \u2013 Examples of ServerCapabilityIdentifiers <\/td>\n<\/tr>\n
100<\/td>\nAnnex E (normative)DirectoryServices
E.1 Global Discovery via other directory services
E.2 UDDI
Figure E.1 \u2013 The UDDI or LDAP Discovery process <\/td>\n<\/tr>\n
101<\/td>\nE.3 LDAP
Figure E.2 \u2013 UDDI registry structure
Table E.1 \u2013 UDDI tModels <\/td>\n<\/tr>\n
102<\/td>\nFigure E.3 \u2013 Sample LDAP hierarchy
Table E.2 \u2013 LDAP object class schema <\/td>\n<\/tr>\n
103<\/td>\nAnnex F (normative)Local Discovery Server
F.1 Certificate store directory layout
Table F.1 \u2013 Application Certificate store directory layout <\/td>\n<\/tr>\n
104<\/td>\nF.2 Installation directories on Windows <\/td>\n<\/tr>\n
105<\/td>\nAnnex G (normative)Application installation process
G.1 Provisioning with Pull Management
G.2 Provisioning with Push Management <\/td>\n<\/tr>\n
106<\/td>\nG.3 Setting permissions <\/td>\n<\/tr>\n
107<\/td>\nAnnex H (informative)Comparison with RFC 7030
H.1 Overview
H.2 Obtaining CA Certificates
H.3 Initial enrolment
Table H.1 \u2013 Verifying that a Server is allowed to provide Certificates
Table H.2 \u2013 Verifying that a Client is allowed to request Certificates <\/td>\n<\/tr>\n
108<\/td>\nH.4 Client Certificate reissuance
H.5 Server key generation
H.6 Certificate Signing Request (CSR) attributes request <\/td>\n<\/tr>\n<\/table>\n","protected":false},"excerpt":{"rendered":"

OPC unified architecture – Discovery and global services<\/b><\/p>\n\n\n\n\n
Published By<\/td>\nPublication Date<\/td>\nNumber of Pages<\/td>\n<\/tr>\n
BSI<\/b><\/a><\/td>\n2020<\/td>\n110<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n","protected":false},"featured_media":244968,"template":"","meta":{"rank_math_lock_modified_date":false,"ep_exclude_from_search":false},"product_cat":[385,2641],"product_tag":[],"class_list":{"0":"post-244966","1":"product","2":"type-product","3":"status-publish","4":"has-post-thumbnail","6":"product_cat-25-040-40","7":"product_cat-bsi","9":"first","10":"instock","11":"sold-individually","12":"shipping-taxable","13":"purchasable","14":"product-type-simple"},"_links":{"self":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product\/244966","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product"}],"about":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/types\/product"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/media\/244968"}],"wp:attachment":[{"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/media?parent=244966"}],"wp:term":[{"taxonomy":"product_cat","embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product_cat?post=244966"},{"taxonomy":"product_tag","embeddable":true,"href":"https:\/\/pdfstandards.shop\/wp-json\/wp\/v2\/product_tag?post=244966"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}