EN IEC 62541-12:2026
(Main)OPC unified architecture - Part 12: Discovery and global services
OPC unified architecture - Part 12: Discovery and global services
IEC 62541-12:2025 specifies how OPC Unified Architecture (OPC UA) Clients and Servers interact with DiscoveryServers when used in different scenarios. It specifies the requirements for the LocalDiscoveryServer, LocalDiscoveryServer-ME and GlobalDiscoveryServer. It also defines information models for Certificate management, KeyCredential management and AuthorizationServices. Annex A informatively discusses deployment and configuration aspects. Annex B defines NodeSet and numeric NodeIds. Annex F provides installation rules for the LDS. Annex H compares the Certificate management defined in this document with IETF RFC 7030. This second edition cancels and replaces the first edition published in 2020. This edition constitutes a technical revision. This edition includes the following significant technical changes with respect to the previous edition: a) addition of a "Quantity Model" which can be referenced from EngineeringUnit Properties. The model defines quantities and assigned units. In addition it provides alternative units and the conversion to them; b) addition of rules for ValuePrecision Property: • can also be used for other subtypes like Duration and Decimal. • additional rules when ValuePrecision has negative values.
OPC Unified Architecture - Teil 12: Erkundung und globale Dienste
Architecture unifiée OPC - Partie 12: Services globaux et de découverte
IEC 62541-12:2025 spécifie la manière dont les Clients et les Serveurs de l'Architecture Unifiée OPC (OPC UA) interagissent avec les DiscoveryServers lorsqu'ils sont utilisés dans différents scénarios. Elle définit les exigences pour le LocalDiscoveryServer, le LocalDiscoveryServer-ME et le GlobalDiscoveryServer. Elle définit également les modèles d'information pour la gestion des Certificats, la gestion des KeyCredentials et les AuthorizationServices. L'Annexe A, informative, examine les aspects relatifs au déploiement et à la configuration. L'Annexe B définit le NodeSet et les NodeIds numériques. L'Annexe F fournit les règles d'installation du LDS. L'Annexe H compare la gestion des Certificates définie dans le présent document à la IETF RFC 7030. Cette deuxième édition annule et remplace la première édition parue en 2020. Cette édition constitue une révision technique. Cette édition inclut les modifications techniques majeures suivantes par rapport à l'édition précédente: a) ajout d'un "modèle de quantité" qui peut être référencé à partir des propriétés EngineeringUnit. Le modèle définit les grandeurs et les unités attribuées. En outre, il fournit des unités alternatives et les règles de conversion vers ces unités; b) ajout de règles pour la propriété ValuePrecision: • peut également être utilisé pour d'autres sous-types tels que Duration et Decimal; • règles supplémentaires lorsque ValuePrecision a des valeurs négatives.
Enotna arhitektura OPC - 12. del: Odkrivanje in globalne storitve
General Information
- Status
- Not Published
- Publication Date
- 19-Feb-2026
- Technical Committee
- CLC/TC 65X - Industrial-process measurement, control and automation
- Current Stage
- 6055 - Ratification Completed (DOR) - Publishing
- Start Date
- 26-Jan-2026
- Completion Date
- 26-Jan-2026
Relations
- Effective Date
- 03-Feb-2026
- Effective Date
- 03-Feb-2026
- Effective Date
- 03-Feb-2026
- Effective Date
- 03-Feb-2026
- Effective Date
- 03-Feb-2026
- Effective Date
- 03-Feb-2026
- Effective Date
- 03-Feb-2026
- Effective Date
- 03-Feb-2026
- Effective Date
- 03-Feb-2026
- Effective Date
- 03-Feb-2026
- Effective Date
- 03-Feb-2026
- Effective Date
- 03-Feb-2026
- Effective Date
- 03-Feb-2026
- Effective Date
- 03-Feb-2026
- Effective Date
- 03-Feb-2026
Overview
prEN IEC 62541-12:2024 - "OPC Unified Architecture - Part 12: Discovery and global services" is a draft European adoption of the IEC OPC UA Part 12 specification. It defines the discovery mechanisms and the suite of global services that enable OPC UA applications to register, locate, authenticate and manage trust relationships across industrial and enterprise networks. The document covers discovery workflows (local, multicast, global, reverse), service roles and privileges, and a comprehensive information model for application and certificate lifecycle management.
Key Topics and Requirements
- Discovery process and workflows
- Registration and announcement of applications, Simple Discovery (DiscoveryUrl), Local Discovery, MulticastSubnet Discovery, Global Discovery, and Reverse Connections.
- Combined client discovery flow for locating servers in mixed network topologies.
- Local Discovery Server (LDS)
- Behavior for hosts with/without LDS, multicast DNS considerations and network architecture modes (single/multiple/no MulticastSubnet).
- Global Discovery Server (GDS)
- Roles, privileges and client connection models.
- Application registration workflow and directory information model (DirectoryType, ApplicationRecordDataType).
- Service operations such as FindApplications, RegisterApplication, UpdateApplication, GetApplication and QueryApplications.
- Certificate management
- Push and pull certificate management models; workflows for requesting, issuing, revoking and distributing certificates.
- Information model elements: TrustLists, CertificateGroups, CertificateTypes, CertificateDirectoryType and operations like GetCertificates, CheckRevocationStatus.
- Key credential management
- Management of keys/credentials via pull/push models, request/finish flows and audit events.
- Authorization services
- Models for issuing access tokens, implicit/explicit/chained authorization, and related information model operations (e.g., RequestAccessToken, GetServiceDescription).
- Security and auditing
- Roles and privileges, audit event types for registration, certificate issuance, credential delivery and revocation.
Applications and Who Uses It
- Industrial automation vendors (device manufacturers and OPC UA server authors) use this standard to implement compliant discovery and trust-management features.
- System integrators and OT/IT architects rely on these services to deploy scalable, secure OPC UA networks across plants, edge and cloud.
- Security architects and PKI operators implement certificate lifecycle and trust-list distribution according to the push/pull models.
- Platform and cloud providers offering Global Discovery or certificate services to fleets of OPC UA endpoints.
Related Standards
- Part of the IEC/IEC 62541 (OPC UA) family - consult other parts of the series for core services, transport, information modelling and security profiles.
- Relevant to standards and initiatives in industrial communication, cybersecurity (PKI), and enterprise integration.
Keywords: OPC Unified Architecture, OPC UA discovery, Global Discovery Server, Local Discovery Server, certificate management, authorization services, industrial automation.
Get Certified
Connect with accredited certification bodies for this standard
National Aerospace and Defense Contractors Accreditation Program (NADCAP)
Global cooperative program for special process quality in aerospace.
CARES (UK Certification Authority for Reinforcing Steels)
UK certification for reinforcing steels and construction.
DVS-ZERT GmbH
German welding certification society.
Sponsored listings
Frequently Asked Questions
EN IEC 62541-12:2026 is a draft published by CLC. Its full title is "OPC unified architecture - Part 12: Discovery and global services". This standard covers: IEC 62541-12:2025 specifies how OPC Unified Architecture (OPC UA) Clients and Servers interact with DiscoveryServers when used in different scenarios. It specifies the requirements for the LocalDiscoveryServer, LocalDiscoveryServer-ME and GlobalDiscoveryServer. It also defines information models for Certificate management, KeyCredential management and AuthorizationServices. Annex A informatively discusses deployment and configuration aspects. Annex B defines NodeSet and numeric NodeIds. Annex F provides installation rules for the LDS. Annex H compares the Certificate management defined in this document with IETF RFC 7030. This second edition cancels and replaces the first edition published in 2020. This edition constitutes a technical revision. This edition includes the following significant technical changes with respect to the previous edition: a) addition of a "Quantity Model" which can be referenced from EngineeringUnit Properties. The model defines quantities and assigned units. In addition it provides alternative units and the conversion to them; b) addition of rules for ValuePrecision Property: • can also be used for other subtypes like Duration and Decimal. • additional rules when ValuePrecision has negative values.
IEC 62541-12:2025 specifies how OPC Unified Architecture (OPC UA) Clients and Servers interact with DiscoveryServers when used in different scenarios. It specifies the requirements for the LocalDiscoveryServer, LocalDiscoveryServer-ME and GlobalDiscoveryServer. It also defines information models for Certificate management, KeyCredential management and AuthorizationServices. Annex A informatively discusses deployment and configuration aspects. Annex B defines NodeSet and numeric NodeIds. Annex F provides installation rules for the LDS. Annex H compares the Certificate management defined in this document with IETF RFC 7030. This second edition cancels and replaces the first edition published in 2020. This edition constitutes a technical revision. This edition includes the following significant technical changes with respect to the previous edition: a) addition of a "Quantity Model" which can be referenced from EngineeringUnit Properties. The model defines quantities and assigned units. In addition it provides alternative units and the conversion to them; b) addition of rules for ValuePrecision Property: • can also be used for other subtypes like Duration and Decimal. • additional rules when ValuePrecision has negative values.
EN IEC 62541-12:2026 is classified under the following ICS (International Classification for Standards) categories: 25.040.40 - Industrial process measurement and control. The ICS classification helps identify the subject area and facilitates finding related standards.
EN IEC 62541-12:2026 has the following relationships with other standards: It is inter standard links to EN IEC 62541-4:2020, FprEN IEC 62541-2:2025, EN IEC 62541-21:2026, EN IEC 62541-20:2026, EN IEC 62541-9:2020, EN IEC 62541-1:2026, EN IEC 62541-7:2020, EN IEC 62541-3:2026, EN IEC 62541-5:2026, EN IEC 62541-6:2020, prEN IEC 62541-14:2024, EN IEC 62541-6:2026, EN IEC 62541-7:2026, EN IEC 62541-17:2026, EN IEC 62541-4:2026. Understanding these relationships helps ensure you are using the most current and applicable version of the standard.
EN IEC 62541-12:2026 is available in PDF format for immediate download after purchase. The document can be added to your cart and obtained through the secure checkout process. Digital delivery ensures instant access to the complete standard document.
Standards Content (Sample)
SLOVENSKI STANDARD
01-marec-2024
Enotna arhitektura OPC - 12. del: Odkrivanje in globalne storitve
OPC unified architecture - Part 12: Discovery and global services
OPC Unified Architecture - Teil 12: Erkundung und globale Dienste
Architecture unifiée OPC - Partie 12: Services globaux et de découverte
Ta slovenski standard je istoveten z: prEN IEC 62541-12:2024
ICS:
25.040.40 Merjenje in krmiljenje Industrial process
industrijskih postopkov measurement and control
35.240.50 Uporabniške rešitve IT v IT applications in industry
industriji
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.
65E/1051/CDV
COMMITTEE DRAFT FOR VOTE (CDV)
PROJECT NUMBER:
IEC 62541-12 ED2
DATE OF CIRCULATION: CLOSING DATE FOR VOTING:
2024-01-26 2024-04-19
SUPERSEDES DOCUMENTS:
65E/973/RR
IEC SC 65E : DEVICES AND INTEGRATION IN ENTERPRISE SYSTEMS
SECRETARIAT: SECRETARY:
United States of America Mr Donald (Bob) Lattimer
OF INTEREST TO THE FOLLOWING COMMITTEES: PROPOSED HORIZONTAL STANDARD:
Other TC/SCs are requested to indicate their interest, if any,
in this CDV to the secretary.
FUNCTIONS CONCERNED:
EMC ENVIRONMENT QUALITY ASSURANCE SAFETY
SUBMITTED FOR CENELEC PARALLEL VOTING NOT SUBMITTED FOR CENELEC PARALLEL VOTING
Attention IEC-CENELEC parallel voting
The attention of IEC National Committees, members of
CENELEC, is drawn to the fact that this Committee Draft
for Vote (CDV) is submitted for parallel voting.
The CENELEC members are invited to vote through the
CENELEC online voting system.
This document is still under study and subject to change. It should not be used for reference purposes.
Recipients of this document are invited to submit, with their comments, notification of any relevant patent rights of which
they are aware and to provide supporting documentation.
Recipients of this document are invited to submit, with their comments, notification of any relevant “In Some Countries”
clauses to be included should this proposal proceed. Recipients are reminded that the CDV stage is the final stage for
submitting ISC clauses. (SEE AC/22/2007 OR NEW GUIDANCE DOC).
TITLE:
OPC Unified Architecture - Part 12: Discovery and global services
PROPOSED STABILITY DATE: 2026
NOTE FROM TC/SC OFFICERS:
electronic file, to make a copy and to print out the content for the sole purpose of preparing National Committee positions.
You may not copy or "mirror" the file or printed version of the document, or any part of it, for any other purpose without
permission in writing from IEC.
IEC CDV 62541-12 © IEC 2023
1 CONTENTS
2 Page
3 FIGURES . v
4 TABLES . vi
5 FOREWORD . ix
6 1 Scope . 1
7 2 Normative references . 1
8 3 Terms, definitions, and conventions . 2
9 3.1 Terms and definitions. 2
10 3.2 Abbreviations and symbols . 4
11 4 The Discovery Process . 5
12 4.1 Overview . 5
13 4.2 Registration and Announcement of Applications . 5
14 4.2.1 Overview . 5
15 4.2.2 Hosts with a LocalDiscoveryServer . 5
16 4.2.3 Hosts without a LocalDiscoveryServer . 6
17 4.3 The Discovery Process for Clients to Find Servers . 6
18 4.3.1 Overview . 6
19 4.3.2 Simple Discovery with a DiscoveryUrl . 7
20 4.3.3 Local Discovery . 7
21 4.3.4 MulticastSubnet Discovery . 8
22 4.3.5 Global Discovery . 8
23 4.3.6 Combined Discovery Process for Clients . 9
24 4.4 The Discovery Process for Reverse Connections . 10
25 4.4.1 Overview . 10
26 4.4.2 Out-of-band Discovery . 10
27 4.4.3 Global Discovery for Reverse Connections . 10
28 5 Local Discovery Server . 11
29 5.1 Overview . 11
30 5.2 Security Considerations for Multicast DNS . 11
31 5.3 Network Architectures . 11
32 5.3.1 Overview . 11
33 5.3.2 Single MulticastSubnet . 11
34 5.3.3 Multiple MulticastSubnet . 12
35 5.3.4 No MulticastSubnet . 13
36 5.3.5 Domain Names and MulticastSubnets . 13
37 6 Global Discovery Server . 14
38 6.1 Overview . 14
39 6.2 Roles and Privileges . 14
40 6.3 Client connections to global services . 14
41 6.4 Local Discovery . 15
42 6.5 Application Registration Workflow . 16
43 6.6 Information Model . 18
44 6.6.1 Overview . 18
45 6.6.2 Directory . 19
46 6.6.3 DirectoryType . 19
47 6.6.4 FindApplications . 20
IEC CDV 62541-12 © IEC 2023 ii
48 6.6.5 ApplicationRecordDataType . 21
49 6.6.6 RegisterApplication . 21
50 6.6.7 UpdateApplication . 22
51 6.6.8 UnregisterApplication . 23
52 6.6.9 GetApplication . 23
53 6.6.10 QueryApplications . 24
54 6.6.11 QueryServers (deprecated) . 25
55 6.6.12 ApplicationRegistrationChangedAuditEventType. 27
56 7 Certificate Management . 27
57 7.1 Overview . 27
58 7.2 Roles and Privileges . 28
59 7.3 Pull Management . 29
60 7.4 Push Management . 30
61 7.5 Application Setup . 30
62 7.6 Pull Management Workflow . 31
63 7.7 Push Management Workflow . 34
64 7.8 Common Information Model . 36
65 7.8.1 Overview . 36
66 7.8.2 TrustLists . 36
67 7.8.3 CertificateGroups . 44
68 7.8.4 CertificateTypes . 46
69 7.9 Information Model for Pull Certificate Management . 50
70 7.9.1 Overview . 50
71 7.9.2 CertificateDirectoryType . 50
72 7.9.3 StartSigningRequest . 51
73 7.9.4 StartNewKeyPairRequest . 53
74 7.9.5 FinishRequest . 54
75 7.9.6 RevokeCertificate . 55
76 7.9.7 GetCertificateGroups . 56
77 7.9.8 GetCertificates . 56
78 7.9.9 GetTrustList . 57
79 7.9.10 GetCertificateStatus . 58
80 7.9.11 CheckRevocationStatus . 58
81 7.9.12 CertificateRequestedAuditEventType . 59
82 7.9.13 CertificateDeliveredAuditEventType . 60
83 7.10 Information Model for Push Certificate Management . 60
84 7.10.1 Overview . 60
85 7.10.2 ServerConfiguration . 62
86 7.10.3 ServerConfigurationType . 63
87 7.10.4 UpdateCertificate . 64
88 7.10.5 GetCertificates . 65
89 7.10.6 ApplyChanges . 66
90 7.10.7 CreateSigningRequest . 66
91 7.10.8 CancelChanges . 67
92 7.10.9 GetRejectedList . 68
93 7.10.10 ResetToServerDefaults . 68
94 7.10.11 TransactionDiagnosticsType . 69
95 7.10.12 TransactionErrorType . 70
96 7.10.13 CertificateUpdateRequestedAuditEventType . 70
iii IEC CDV 62541-12 © IEC 2023
97 7.10.14 CertificateUpdatedAuditEventType . 70
98 8 KeyCredential Management . 71
99 8.1 Overview . 71
100 8.2 Roles and Privileges . 71
101 8.3 Pull Management . 72
102 8.4 Push Management . 73
103 8.5 Information Model for Pull Management . 73
104 8.5.1 Overview . 73
105 8.5.2 KeyCredentialManagementFolderType . 74
106 8.5.3 KeyCredentialManagement . 74
107 8.5.4 KeyCredentialServiceType . 74
108 8.5.5 StartRequest . 75
109 8.5.6 FinishRequest . 76
110 8.5.7 Revoke . 77
111 8.5.8 KeyCredentialAuditEventType . 77
112 8.5.9 KeyCredentialRequestedAuditEventType . 78
113 8.5.10 KeyCredentialDeliveredAuditEventType . 78
114 8.5.11 KeyCredentialRevokedAuditEventType . 78
115 8.6 Information Model for Push Management . 79
116 8.6.1 KeyCredentialConfigurationFolderType . 79
117 8.6.2 CreateCredential . 80
118 8.6.3 KeyCredentialConfiguration . 80
119 8.6.4 KeyCredentialConfigurationType . 80
120 8.6.5 GetEncryptingKey . 81
121 8.6.6 UpdateCredential . 82
122 8.6.7 DeleteCredential . 82
123 8.6.8 KeyCredentialUpdatedAuditEventType . 83
124 8.6.9 KeyCredentialDeletedAuditEventType . 83
125 9 AuthorizationServices . 84
126 9.1 Overview . 84
127 9.2 Roles and Privileges . 84
128 9.3 Implicit . 85
129 9.4 Explicit . 86
130 9.5 Chained . 86
131 9.6 Information Model for Requesting Access Tokens . 87
132 9.6.1 Overview . 87
133 9.6.2 AuthorizationServicesFolderType . 88
134 9.6.3 AuthorizationServices . 88
135 9.6.4 AuthorizationServiceType . 88
136 9.6.5 RequestAccessToken . 89
137 9.6.6 GetServiceDescription . 90
138 9.6.7 AccessTokenIssuedAuditEventType . 90
139 9.7 Information Model for Configuring Servers . 91
140 9.7.1 Overview . 91
141 9.7.2 AuthorizationServiceConfigurationFolderType . 91
142 9.7.3 AuthorizationServices . 92
143 9.7.4 AuthorizationServiceConfigurationType . 92
144 10 Namespaces. 92
145 10.1 Namespace Metadata . 92
IEC CDV 62541-12 © IEC 2023 iv
146 10.2 Handling of OPC UA Namespaces . 93
147 Annex A (informative) Deployment and Configuration . 94
148 A.1 Firewalls and Discovery . 94
149 A.2 Resolving References to Remote Servers . 96
150 Annex B (normative) NodeSet and Constants . 97
151 B.1 NodeSet . 97
152 B.2 Numeric Node Ids . 97
153 Annex C (normative) OPC UA Mapping to mDNS . 98
154 C.1 DNS Server (SRV) Record Syntax . 98
155 C.2 DNS Text (TXT) Record Syntax . 98
156 C.3 DiscoveryUrl Mapping . 99
157 Annex D (normative) Server Capability Identifiers . 100
158 Annex E (normative) DirectoryServices . 101
159 E.1 Global Discovery via Other Directory Services . 101
160 E.2 UDDI. 101
161 E.3 LDAP . 102
162 Annex F (normative) Local Discovery Server . 104
163 F.1 Certificate Store Directory Layout . 104
164 F.2 Installation Directories on Windows . 104
165 Annex G (normative) Application Setup . 106
166 G.1 Application Setup with Pull Management . 106
167 G.2 Application Setup with the Push Management . 106
168 G.3 Setting Permissions . 107
169 Annex H (informative) Comparison with RFC 7030 . 108
170 H.1 Overview . 108
171 H.2 Obtaining CA Certificates . 108
172 H.3 Initial Enrolment . 108
173 H.4 Client Certificate Reissuance . 108
174 H.5 Server Key Generation . 109
175 H.6 Certificate Signing Request (CSR) Attributes Request . 109
v IEC CDV 62541-12 © IEC 2023
178 FIGURES
179 Figure 1 – The Registration Process with an LDS . 6
180 Figure 2 – The Simple Discovery Process . 7
181 Figure 3 – The Local Discovery Process . 8
182 Figure 4 – The MulticastSubnet Discovery Process . 8
183 Figure 5 – The Global Discovery Process . 9
184 Figure 6 – The Discovery Process for Clients . 9
185 Figure 7 – The Global Discovery Process for Reverse Connections . 10
186 Figure 8 – The Single MulticastSubnet Architecture . 12
187 Figure 9 – The Multiple MulticastSubnet Architecture . 12
188 Figure 10 – The No MulticastSubnet Architecture . 13
189 Figure 11 – The Relationship Between GDS and other components . 15
190 Figure 12 – Application Registration Workflow . 17
191 Figure 13 – The Address Space for the GDS . 19
192 Figure 14 – The Pull Management Model for Certificates . 29
193 Figure 15 – The Push Certificate Management Model . 30
194 Figure 16 – Certificate Pull Management Workflow . 32
195 Figure 17 – The Pull Management Private Key Options . 33
196 Figure 18 – The Certificate Push Management Workflow . 35
197 Figure 19 – The Push Management Private Key Options . 36
198 Figure 20 – The Certificate Management AddressSpace for the GlobalDiscoveryServer . 50
199 Figure 21 – The AddressSpace for the Server that supports Push Management. 61
200 Figure 22 – The Transaction Lifecycle when using PushManagement . 62
201 Figure 23 – The Pull Model for KeyCredential Management . 72
202 Figure 24 – The Push Model for KeyCredential Management . 73
203 Figure 25 – The Address Space used for Pull KeyCredential Management. 74
204 Figure 26 – The Address Space used for Push KeyCredential Management . 79
205 Figure 27 – Roles and AuthorizationServices . 84
206 Figure 28 – Implicit Authorization . 85
207 Figure 29 – Explicit Authorization . 86
208 Figure 30 – Chained Authorization . 87
209 Figure 31 – The Model for Requesting Access Tokens from AuthorizationServices . 88
210 Figure 32 – The Model for Configuring Servers to use AuthorizationServices . 91
211 Figure 33 – Discovering Servers Outside a Firewall . 94
212 Figure 34 – Discovering Servers Behind a Firewall . 94
213 Figure 35 – Using a Discovery Server with a Firewall . 95
214 Figure 36 – Following References to Remote Servers . 96
215 Figure 37 – The UDDI or LDAP Discovery Process . 101
216 Figure 38 – UDDI Registry Structure . 102
217 Figure 39 – Sample LDAP Hierarchy . 103
IEC CDV 62541-12 © IEC 2023 vi
220 TABLES
221 Table 1 – Well-known Roles for a GDS . 14
222 Table 2 – Privileges for a GDS . 14
223 Table 3 – Application Registration Workflow Steps . 18
224 Table 4 – Directory Object Definition . 19
225 Table 5 – DirectoryType Definition . 19
226 Table 6 – FindApplications Method AddressSpace Definition . 20
227 Table 7 – ApplicationRecordDataType Structure . 21
228 Table 8 – ApplicationRecordDataType Definition . 21
229 Table 9 – RegisterApplication Method AddressSpace Definition . 22
230 Table 10 – UpdateApplication Method AddressSpace Definition . 23
231 Table 11 – UnregisterApplication Method AddressSpace Definition . 23
232 Table 12 – GetApplication Method AddressSpace Definition . 24
233 Table 13 – ApplicationRecordDataType to ApplicationDescription Mapping. 24
234 Table 14 – QueryApplications Method AddressSpace Definition . 25
235 Table 15 – ApplicationRecordDataType to ServerOnNetwork Mapping . 26
236 Table 16 – QueryServers Method AddressSpace Definition . 27
237 Table 17 – ApplicationRegistrationChangedAuditEventType Definition . 27
238 Table 18 – Well-known Roles for a CertificateManager . 28
239 Table 19 – Well-known Roles for Server managed by a CertificateManager . 28
240 Table 20 – Privileges for a CertificateManager . 29
241 Table 21 – Certificate Pull Management Workflow Steps . 33
242 Table 22 – TrustListType Definition . 37
243 Table 23 – OpenWithMasks Method AddressSpace Definition . 38
244 Table 24 – CloseAndUpdate Method AddressSpace Definition . 39
245 Table 25 – AddCertificate Method AddressSpace Definition . 40
246 Table 26 – RemoveCertificate Method AddressSpace Definition . 41
247 Table 27 – TrustListDataType Structure . 41
248 Table 28 – TrustListDataType Definition . 41
249 Table 29 – TrustListMasks Enumeration . 41
250 Table 30 – TrustListMasks Definition . 42
251 Table 31 – TrustListValidationOptions Values . 42
252 Table 32 – TrustListValidationOptions Definition . 42
253 Table 33 – TrustListOutOfDateAlarmType definition . 43
254 Table 34 – TrustListUpdateRequestedAuditEventType Definition . 43
255 Table 35 – TrustListUpdatedAuditEventType Definition . 44
256 Table 36 – CertificateGroupType Definition . 44
257 Table 37 – GetRejectedList Method AddressSpace Definition . 45
258 Table 38 – CertificateGroupFolderType Definition . 46
259 Table 39 – CertificateType Definition . 46
260 Table 40 – ApplicationCertificateType Definition . 46
261 Table 41 – HttpsCertificateType Definition . 47
262 Table 42 – RsaMinApplicationCertificateType Definition . 47
vii IEC CDV 62541-12 © IEC 2023
263 Table 43 – RsaSha256ApplicationCertificateType Definition . 47
264 Table 44 – EccApplicationCertificateType Definition . 48
265 Table 45 – EccNistP256ApplicationCertificateType Definition . 48
266 Table 46 – EccNistP384ApplicationCertificateType Definition . 48
267 Table 47 – EccBrainpoolP256r1ApplicationCertificateType Definition . 48
268 Table 48 – EccBrainpoolP384r1ApplicationCertificateType Definition . 49
269 Table 49 – EccCurve25519ApplicationCertificateType Definition . 49
270 Table 50 – EccCurve448ApplicationCertificateType Definition . 49
271 Table 51 – CertificateDirectoryType ObjectType Definition. 50
272 Table 52 – StartSigningRequest Method AddressSpace Definition . 53
273 Table 53 – StartNewKeyPairRequest Method AddressSpace Definition . 54
274 Table 54 – FinishRequest Method AddressSpace Definition . 55
275 Table 55 – Revoke Method AddressSpace Definition . 56
276 Table 56 – GetCertificateGroups Method AddressSpace Definition . 56
277 Table 57 – GetCertificates Method AddressSpace Definition . 57
278 Table 58 – GetTrustList Method AddressSpace Definition . 58
279 Table 59 – GetCertificateStatus Method AddressSpace Definition . 58
280 Table 60 – CheckRevocationStatus Method AddressSpace Definition . 59
281 Table 61 – CertificateRequestedAuditEventType Definition . 60
282 Table 62 – CertificateDeliveredAuditEventType Definition . 60
283 Table 63 – ServerConfiguration Object Definition . 62
284 Table 64 – ServerConfigurationType Definition . 63
285 Table 65 – UpdateCertificate Method AddressSpace Definition . 65
286 Table 66 – GetCertificates Method AddressSpace Definition . 66
287 Table 67 – ApplyChanges Method AddressSpace Definition . 66
288 Table 68 – CreateSigningRequest Method AddressSpace Definition . 67
289 Table 69 – CancelChanges Method AddressSpace Definition . 68
290 Table 70 – GetRejectedList Method AddressSpace Definition . 68
291 Table 71 – ResetToServerDefaults Method AddressSpace Definition . 69
292 Table 72 – TransactionDiagnosticsType Definition . 69
293 Table 73 – TransactionErrorType Structure . 70
294 Table 74 – TransactionErrorType Definition . 70
295 Table 75 – CertificateUpdateRequestedAuditEventType Definition . 70
296 Table 76 – CertificateUpdatedAuditEventType Definition . 71
297 Table 77 – Well-known Roles for a KeyCredentialService . 71
298 Table 78 – Well-known Roles for Server managed by a KeyCredentialService . 72
299 Table 79 – Privileges for a KeyCredentialService . 72
300 Table 80 – KeyCredentialManagementFolderType Definition . 74
301 Table 81 – KeyCredentialManagement Object Definition . 74
302 Table 82 – KeyCredentialServiceType Definition . 74
303 Table 83 – StartRequest Method AddressSpace Definition . 76
304 Table 84 – FinishRequest Method AddressSpace Definition . 77
305 Table 85 – Revoke Method AddressSpace Definition . 77
IEC CDV 62541-12 © IEC 2023 viii
306 Table 86 – KeyCredentialAuditEventType Definition . 78
307 Table 87 – KeyCredentialRequestedAuditEventType Definition . 78
308 Table 88 – KeyCredentialDeliveredAuditEventType Definition . 78
309 Table 89 – KeyCredentialRevokedAuditEventType Definition . 79
310 Table 90 – KeyCredentialConfigurationFolderType Definition . 79
311 Table 91 – CreateCredential Method AddressSpace Definition. 80
312 Table 92 – KeyCredentialConfiguration Object Definition . 80
313 Table 93 – KeyCredentialConfigurationType Definition. 81
314 Table 94 – GetEncryptingKey Method AddressSpace Definition . 82
315 Table 95 – UpdateCredential Method AddressSpace Definition . 82
316 Table 96 – DeleteCredential Method AddressSpace Definition . 83
317 Table 97 – KeyCredentialUpdatedAuditEventType Definition . 83
318 Table 98 – KeyCredentialDeletedAuditEventType Definition. 83
319 Table 99 – Well-known Roles for an AuthorizationService . 84
320 Table 100 – Privileges for an AuthorizationService . 84
321 Table 101 – AuthorizationServicesFolderType Definition . 88
322 Table 102 – AuthorizationServices Object Definition . 88
323 Table 103 – AuthorizationServiceType Definition . 88
324 Table 104 – RequestAccessToken Method AddressSpace Definition . 90
325 Table 105 – GetServiceDescription Method AddressSpace Definition . 90
326 Table 106 – AccessTokenIssuedAuditEventType Definition . 91
327 Table 107 – AuthorizationServicesFolderType Definition . 91
328 Table 108 – AuthorizationServices Object Definition . 92
329 Table 109 – AuthorizationServiceConfigurationType Definition . 92
330 Table 110 – NamespaceMetadata Object for this Document . 93
331 Table 111 – Namespaces used in this document . 93
332 Table 112 – Allowed mDNS Service Names . 98
333 Table 113 – DNS TXT Record String Format . 98
334 Table 114 – DiscoveryUrl to DNS SRV and TXT Record Mapping . 99
335 Table 115 – Examples of CapabilityIdentifiers . 100
336 Table 116 – UDDI tModels . 102
337 Table 117 – LDAP Object Class Schema . 103
338 Table 118 – Application Certificate Store Directory Layout . 104
339 Table 119 – Verifying that a Server is allowed to Provide Certificates . 108
340 Table 120 – Verifying that a Client is allowed to request Certificates . 108
ix IEC CDV 62541-12 © IEC 2023
344 INTERNATIONAL ELECTROTECHNICAL COMMISSION
345 ____________
347 OPC UNIFIED ARCHITECTURE –
349 Part 12: Discovery and Global Services
351 FOREWORD
352 1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising all
353 national electrotechnical committees (IEC National Committees). The object of IEC is to promote international co-
354 operation on all questions concerning standardization in the electrical and electronic fields. To this end and in addition
355 to other activities, IEC publishes International Standards, Technical Specifications, Technical Reports, Publicly
356 Available Specifications (PAS) and Guides (hereafter referred to as "IEC Publication(s)"). Their preparation is entrusted
357 to technical committees; any IEC National Committee interested in the subject dealt with may participate in this
358 preparatory work. International, governmental and non-governmental organizations liaising with the IEC also
359 participate in this preparation. IEC collaborates closely with the Internationa
...
Questions, Comments and Discussion
Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.
Loading comments...