iTeh StandardsiTeh Standards
EURUSD
Your shopping cart is empty.
SIST

SIST EN IEC 62541-12:2020

(Main)

OPC Unified Architecture Specification - Part 12: Discovery (IEC 62541-12:2020)

OPC Unified Architecture Specification - Part 12: Discovery (IEC 62541-12:2020)

This part of IEC 62541 specifies how OPC Unified Architecture (OPC UA) Clients and Servers
interact with DiscoveryServers when used in different scenarios. It specifies the requirements
for the LocalDiscoveryServer, LocalDiscoveryServer-ME and GlobalDiscoveryServer. It also
defines information models for Certificate management, KeyCredential management and
Authorization Services.

OPC Unified Architecture - Teil 12: Erkundung und globale Dienste (IEC 62541-12:2020)

Architecture unifiée OPC - Partie 12: Services globaux et de découverte (IEC 62541-12:2020)

IEC 62541-12:2020 spécifie la manière dont les Clients et les Serveurs de l'Architecture Unifiée OPC (OPC UA) interagissent avec les DiscoveryServers lorsqu'ils sont utilisés dans différents scénarios. Elle définit les exigences pour le LocalDiscoveryServer, le LocalDiscoveryServer-ME et le GlobalDiscoveryServer. Elle définit également les modèles d'information pour la gestion des Certificats, la gestion des KeyCredentials et les Services d'Autorisation.

Enotna arhitektura OPC - 12. del: Razkritje in globalne storitve (IEC 62541-12:2020)

General Information

Status
Published
Public Enquiry End Date
08-Nov-2018
Publication Date
05-Nov-2020
ICS
25.040.40 - Industrial process measurement and control
35.240.50 - IT applications in industry
Technical Committee
MOV - Measuring equipment for electromagnetic quantities
Current Stage
6060 - National Implementation/Publication (Adopted Project)
Start Date
24-Aug-2020
Due Date
29-Oct-2020
Completion Date
06-Nov-2020
Ref Project
EN IEC 62541-12:2020 - OPC unified architecture - Part 12: Discovery and global services

Buy Standard

EN IEC 62541-12:2020EN IEC 62541-12:2020
PreviousNext
Standard
EN IEC 62541-12:2020
English language
107 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day
prEN IEC 62541-12:2018prEN IEC 62541-12:2018
PreviousNext
Draft
prEN IEC 62541-12:2018
English language
95 pages
sale 10% off
Preview
sale 10% off
Preview
e-Library read for
1 day

Standards Content (Sample)

SLOVENSKI STANDARD
SIST EN IEC 62541-12:2020
01-december-2020
Enotna arhitektura OPC - 12. del: Razkritje in globalne storitve (IEC 62541-12:2020)
OPC Unified Architecture Specification - Part 12: Discovery (IEC 62541-12:2020)
OPC Unified Architecture - Teil 12: Erkundung und globale Dienste (IEC 62541-12:2020)
Architecture unifiée OPC - Partie 12: Services globaux et de découverte (IEC 62541-
12:2020)
Ta slovenski standard je istoveten z: EN IEC 62541-12:2020
ICS:
25.040.40 Merjenje in krmiljenje Industrial process
industrijskih postopkov measurement and control
35.240.50 Uporabniške rešitve IT v IT applications in industry
industriji
SIST EN IEC 62541-12:2020 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
SIST EN IEC 62541-12:2020

---------------------- Page: 2 ----------------------
SIST EN IEC 62541-12:2020


EUROPEAN STANDARD EN IEC 62541-12

NORME EUROPÉENNE

EUROPÄISCHE NORM
August 2020
ICS 25.040.40

English Version
OPC unified architecture - Part 12: Discovery and global
services
(IEC 62541-12:2020)
Architecture unifiée OPC - Partie 12: Services globaux et de OPC Unified Architecture - Teil 12: Erkundung und globale
découverte Dienste
(IEC 62541-12:2020) (IEC 62541-12:2020)
This European Standard was approved by CENELEC on 2020-07-21. CENELEC members are bound to comply with the CEN/CENELEC
Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration.
Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC
Management Centre or to any CENELEC member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by translation
under the responsibility of a CENELEC member into its own language and notified to the CEN-CENELEC Management Centre has the
same status as the official versions.
CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic,
Denmark, Estonia, Finland, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia, Lithuania, Luxembourg, Malta, the
Netherlands, Norway, Poland, Portugal, Republic of North Macedonia, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden, Switzerland,
Turkey and the United Kingdom.


European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung
CEN-CENELEC Management Centre: Rue de la Science 23, B-1040 Brussels
© 2020 CENELEC All rights of exploitation in any form and by any means reserved worldwide for CENELEC Members.
 Ref. No. EN IEC 62541-12:2020 E

---------------------- Page: 3 ----------------------
SIST EN IEC 62541-12:2020
EN IEC 62541-12:2020 (E)
European foreword
The text of document 65E/711/FDIS, future edition 1 of IEC 62541-12, prepared by SC 65E "Devices
and integration in enterprise systems" of IEC/TC 65 "Industrial-process measurement, control and
automation" was submitted to the IEC-CENELEC parallel vote and approved by CENELEC as
EN IEC 62541-12:2020.
The following dates are fixed:
• latest date by which the document has to be implemented at national (dop) 2021-04-21
level by publication of an identical national standard or by endorsement
• latest date by which the national standards conflicting with the (dow) 2023-07-21
document have to be withdrawn

Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CENELEC shall not be held responsible for identifying any or all such patent rights.

Endorsement notice
The text of the International Standard IEC 62541-12:2020 was approved by CENELEC as a European
Standard without any modification.


2

---------------------- Page: 4 ----------------------
SIST EN IEC 62541-12:2020
EN IEC 62541-12:2020 (E)
Annex ZA
(normative)

Normative references to international publications
with their corresponding European publications
The following documents are referred to in the text in such a way that some or all of their content
constitutes requirements of this document. For dated references, only the edition cited applies. For
undated references, the latest edition of the referenced document (including any amendments)
applies.
NOTE 1  Where an International Publication has been modified by common modifications, indicated by (mod), the relevant
EN/HD applies.
NOTE 2  Up-to-date information on the latest versions of the European Standards listed in this annex is available here:
www.cenelec.eu.
Publication Year Title EN/HD Year
IEC/TR 62541-1 - OPC unified architecture - Part 1: Overview CLC/TR 62541-1 -
and concepts
IEC/TR 62541-2 - OPC unified architecture - Part 2: Security CLC/TR 62541-2 -
model
IEC 62541-3 - OPC Unified Architecture - Part 3: Address - -
Space Model
IEC 62541-4 - OPC Unified Architecture - Part 4: Services - -
IEC 62541-5 - OPC Unified Architecture - Part 5: - -
Information Model
IEC 62541-6 - OPC Unified Architecture - Part 6: Mappings - -
IEC 62541-7 - OPC unified architecture - Part 7: Profiles - -
IEC 62541-9 - OPC Unified Architecture - Part 9: Alarms - -
and Conditions
IEC 62541-14 - OPC Unified Architecture - Part 14: PubSub - -
X.500: ISO/IEC 2017 Information technology - Open Systems
9594-1 Interconnection - The Directory - Part 1:
Overview of concepts, models and services
IETF RFC 1035 - Domain Names - Implementation and - -
Specification
IETF RFC 2986 - PKCS #10: Certification Request Syntax - -
Specification Version 1.7
IETF RFC 3927 - Dynamic Configuration of IPv4 Link-Local - -
Addresses
3

---------------------- Page: 5 ----------------------
SIST EN IEC 62541-12:2020
EN IEC 62541-12:2020 (E)
IETF RFC 5958 - Asymmetric Key Packages - -
IETF RFC 6762 - mDNS: Multicast DNS - -
IETF RFC 6763 - DNS-SD: DNS Based Service Discovery - -
IETF RFC 7030 - Enrollment over Secure Transport - -
PKCS #12 - Personal Information Exchange Syntax - -
DI - OPC Unified Architecture for Devices (DI) - -
ADI - OPC Unified Architecture for Analyzer - -
Devices (ADI)
PLCopen - OPC Unified Architecture / PLCopen - -
Information Model
FDI - OPC Unified Architecture for FDI - -
ISA-95 - ISA-95 Common Object Model - -



4

---------------------- Page: 6 ----------------------
SIST EN IEC 62541-12:2020



IEC 62541-12

®


Edition 1.0 2020-06




INTERNATIONAL



STANDARD




NORME


INTERNATIONALE











OPC unified architecture –

Part 12: Discovery and global services



Architecture unifiée OPC –

Partie 12: Services globaux et de découverte
















INTERNATIONAL

ELECTROTECHNICAL

COMMISSION


COMMISSION

ELECTROTECHNIQUE


INTERNATIONALE




ICS 25.040.40 ISBN 978-2-8322-8455-1




Warning! Make sure that you obtained this publication from an authorized distributor.

Attention! Veuillez vous assurer que vous avez obtenu cette publication via un distributeur agréé.

® Registered trademark of the International Electrotechnical Commission
Marque déposée de la Commission Electrotechnique Internationale

---------------------- Page: 7 ----------------------
SIST EN IEC 62541-12:2020
– 2 – IEC 62541-12:2020 © IEC 2020
CONTENTS
FOREWORD . 8
1 Scope . 10
2 Normative references . 10
3 Terms, definitions, abbreviated terms and conventions . 11
3.1 Terms and definitions . 11
3.2 Abbreviated terms and symbols . 13
3.3 Conventions for namespaces . 13
4 The discovery process . 14
4.1 Overview. 14
4.2 Registration and announcement of Applications . 15
4.2.1 Overview . 15
4.2.2 Hosts with a LocalDiscoveryServer . 15
4.2.3 Hosts without a LocalDiscoveryServer . 16
4.3 The discovery process for Clients to find Servers . 16
4.3.1 Overview . 16
4.3.2 Security . 17
4.3.3 Simple Discovery with a DiscoveryUrl . 17
4.3.4 Local Discovery . 17
4.3.5 MulticastSubnet Discovery . 18
4.3.6 Global Discovery . 19
4.3.7 Combined Discovery Process for Clients . 19
5 Local Discovery Server . 20
5.1 Overview. 20
5.2 Security considerations for Multicast DNS . 21
6 Global Discovery Server . 21
6.1 Overview. 21
6.2 Network architectures . 22
6.2.1 Overview . 22
6.2.2 Single MulticastSubnet . 22
6.2.3 Multiple MulticastSubnet . 23
6.2.4 No MulticastSubnet. 23
6.2.5 Domain Names and MulticastSubnets . 24
6.3 Information Model . 25
6.3.1 Overview . 25
6.3.2 Directory . 25
6.3.3 DirectoryType . 25
6.3.4 FindApplications . 26
6.3.5 ApplicationRecordDataType. 27
6.3.6 RegisterApplication . 28
6.3.7 UpdateApplication . 29
6.3.8 UnregisterApplication . 30
6.3.9 GetApplication . 30
6.3.10 QueryApplications . 31
6.3.11 QueryServers (deprecated) . 33
6.3.12 ApplicationRegistrationChangedAuditEventType . 34
7 Certificate management overview . 35

---------------------- Page: 8 ----------------------
SIST EN IEC 62541-12:2020
IEC 62541-12:2020 © IEC 2020 – 3 –
7.1 Overview. 35
7.2 Pull Management . 36
7.3 Push management . 36
7.4 Provisioning . 37
7.5 Common Information Model . 38
7.5.1 Overview . 38
7.5.2 TrustListType . 38
7.5.3 OpenWithMasks . 39
7.5.4 CloseAndUpdate . 40
7.5.5 AddCertificate . 41
7.5.6 RemoveCertificate . 42
7.5.7 TrustListDataType . 42
7.5.8 TrustListMasks . 43
7.5.9 TrustListOutOfDateAlarmType . 43
7.5.10 CertificateGroupType . 43
7.5.11 CertificateType . 44
7.5.12 ApplicationCertificateType . 45
7.5.13 HttpsCertificateType . 45
7.5.14 UserCredentialCertificateType . 45
7.5.15 RsaMinApplicationCertificateType . 46
7.5.16 RsaSha256ApplicationCertificateType . 46
7.5.17 CertificateGroupFolderType . 46
7.5.18 TrustListUpdatedAuditEventType . 47
7.6 Information Model for Pull Certificate Management . 48
7.6.1 Overview . 48
7.6.2 CertificateDirectoryType . 48
7.6.3 StartSigningRequest . 49
7.6.4 StartNewKeyPairRequest . 51
7.6.5 FinishRequest . 53
7.6.6 GetCertificateGroups . 54
7.6.7 GetTrustList . 55
7.6.8 GetCertificateStatus . 56
7.6.9 CertificateRequestedAuditEventType . 57
7.6.10 CertificateDeliveredAuditEventType . 58
7.7 Information Model for Push Certificate Management . 58
7.7.1 Overview . 58
7.7.2 ServerConfiguration . 59
7.7.3 ServerConfigurationType . 59
7.7.4 UpdateCertificate . 61
7.7.5 ApplyChanges . 62
7.7.6 CreateSigningRequest . 63
7.7.7 GetRejectedList . 64
7.7.8 CertificateUpdatedAuditEventType . 64
8 KeyCredential management . 65
8.1 Overview. 65
8.2 Pull management . 66
8.3 Push management . 66
8.4 Information Model for pull management . 67
8.4.1 Overview . 67

---------------------- Page: 9 ----------------------
SIST EN IEC 62541-12:2020
– 4 – IEC 62541-12:2020 © IEC 2020
8.4.2 KeyCredentialManagement . 68
8.4.3 KeyCredentialServiceType . 68
8.4.4 StartRequest . 69
8.4.5 FinishRequest . 70
8.4.6 Revoke . 71
8.4.7 KeyCredentialAuditEventType . 72
8.4.8 KeyCredentialRequestedAuditEventType . 73
8.4.9 KeyCredentialDeliveredAuditEventType . 73
8.4.10 KeyCredentialRevokedAuditEventType . 73
8.5 Information Model for push management . 74
8.5.1 General . 74
8.5.2 KeyCredentialConfiguration . 74
8.5.3 KeyCredentialConfigurationType . 75
8.5.4 UpdateCredential . 75
8.5.5 DeleteCredential . 76
8.5.6 KeyCredentialUpdatedAuditEventType . 77
8.5.7 KeyCredentialDeletedAuditEventType . 77
9 Authorization Services . 78
9.1 Overview. 78
9.2 Implicit . 78
9.3 Explicit . 79
9.4 Chained . 80
9.5 Information Model for Requesting Access Tokens . 81
9.5.1 Overview . 81
9.5.2 AuthorizationServices . 82
9.5.3 AuthorizationServiceType . 82
9.5.4 RequestAccessToken . 83
9.5.5 GetServiceDescription . 84
9.5.6 AccessTokenIssuedAuditEventType . 85
9.6 Information Model for configuring Servers . 85
9.6.1 Overview . 85
9.6.2 AuthorizationServices . 86
9.6.3 AuthorizationServiceConfigurationType . 86
Annex A (informative) Deployment and configuration . 87
A.1 Firewalls and discovery . 87
A.2 Resolving references to remote Servers . 89
Annex B (normative) Constants . 91
Annex C (normative) OPC UA Mapping to mDNS . 92
C.1 DNS Server (SRV) record syntax . 92
C.2 DNS Text (TXT) record syntax . 92
C.3 DiscoveryUrl mapping . 93
Annex D (normative) Server Capability Identifiers . 94
Annex E (normative) DirectoryServices . 95
E.1 Global Discovery via other directory services . 95
E.2 UDDI . 95
E.3 LDAP . 96
Annex F (normative) Local Discovery Server. 98
F.1 Certificate store directory layout . 98

---------------------- Page: 10 ----------------------
SIST EN IEC 62541-12:2020
IEC 62541-12:2020 © IEC 2020 – 5 –
F.2 Installation directories on Windows . 99
Annex G (normative) Application installation process . 100
G.1 Provisioning with Pull Management . 100
G.2 Provisioning with Push Management . 100
G.3 Setting permissions . 101
Annex H (informative)  Comparison with RFC 7030 . 102
H.1 Overview. 102
H.2 Obtaining CA Certificates . 102
H.3 Initial enrolment . 102
H.4 Client Certificate reissuance . 103
H.5 Server key generation . 103
H.6 Certificate Signing Request (CSR) attributes request . 103

Figure 1 – The Registration process with an LDS . 16
Figure 2 – The simple Discovery process . 17
Figure 3 – The Local Discovery process . 18
Figure 4 – The MulticastSubnet Discovery process . 18
Figure 5 – The Global Discovery process . 19
Figure 6 – The Discovery Process for Clients . 20
Figure 7 – The relationship between GDS and other components . 21
Figure 8 – The Single MulticastSubnet architecture . 22
Figure 9 – The Multiple MulticastSubnet architecture . 23
Figure 10 – The No MulticastSubnet architecture . 24
Figure 11 – The Address Space for the GDS. 25
Figure 12 – The Pull Certificate management model . 36
Figure 13 – The Push Certificate management model . 37
Figure 14 – The Certificate Management AddressSpace for the GlobalDiscoveryServer. 48
Figure 15 – The AddressSpace for the Server that supports Push Management . 59
Figure 16 – The Pull Model for KeyCredential management . 66
Figure 17 – The Push Model for KeyCredential management . 67
Figure 18 – The Address Space used for Pull KeyCredential management . 68
Figure 19 – The AddressSpace used for Push KeyCredential management . 74
Figure 20 – Roles and Authorization Services . 78
Figure 21 – Implicit authorization . 79
Figure 22 – Explicit authorization . 80
Figure 23 – Chained authorization . 81
Figure 24 – The Model for Requesting Access Tokens from Authorization Services . 82
Figure 25 – The Model for configuring Servers to use Authorization Services . 85
Figure A.1 – Discovering Servers outside a firewall . 87
Figure A.2 – Discovering Servers behind a firewall . 88
Figure A.3 – Using a Discovery Server with a firewall . 89
Figure A.4 – Following References to Remote Servers. 90
Figure E.1 – The UDDI or LDAP Discovery process . 95
Figure E.2 – UDDI registry structure . 96

---------------------- Page: 11 ----------------------
SIST EN IEC 62541-12:2020
– 6 – IEC 62541-12:2020 © IEC 2020
Figure E.3 – Sample LDAP hierarchy .
...

SLOVENSKI STANDARD
oSIST prEN IEC 62541-12:2018
01-november-2018
Enotna arhitektura OPC - 12. del: Odkritje
OPC Unified Architecture Specification - Part 12: Discovery
Ta slovenski standard je istoveten z: prEN IEC 62541-12:2018
ICS:
25.040.40 Merjenje in krmiljenje Industrial process
industrijskih postopkov measurement and control
35.240.50 Uporabniške rešitve IT v IT applications in industry
industriji
oSIST prEN IEC 62541-12:2018 en,fr,de
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

---------------------- Page: 1 ----------------------
oSIST prEN IEC 62541-12:2018

---------------------- Page: 2 ----------------------
oSIST prEN IEC 62541-12:2018
65E/615/CDV

COMMITTEE DRAFT FOR VOTE (CDV)
PROJECT NUMBER:
IEC 62541-12 ED1
DATE OF CIRCULATION: CLOSING DATE FOR VOTING:
2018-08-24 2018-11-16
SUPERSEDES DOCUMENTS:
65E/562/CD,65E/604/CC

IEC SC 65E : DEVICES AND INTEGRATION IN ENTERPRISE SYSTEMS
SECRETARIAT: SECRETARY:
United States of America Mr Donald (Bob) Lattimer
OF INTEREST TO THE FOLLOWING COMMITTEES: PROPOSED HORIZONTAL STANDARD:


Other TC/SCs are requested to indicate their interest, if
any, in this CDV to the secretary.
FUNCTIONS CONCERNED:
EMC ENVIRONMENT QUALITY ASSURANCE SAFETY

SUBMITTED FOR CENELEC PARALLEL VOTING NOT SUBMITTED FOR CENELEC PARALLEL VOTING
Attention IEC-CENELEC parallel voting
The attention of IEC National Committees, members of
CENELEC, is drawn to the fact that this Committee Draft
for Vote (CDV) is submitted for parallel voting.
The CENELEC members are invited to vote through the
CENELEC online voting system.

This document is still under study and subject to change. It should not be used for reference purposes.
Recipients of this document are invited to submit, with their comments, notification of any relevant patent rights of which
they are aware and to provide supporting documentation.

TITLE:
OPC Unified Architecture Specification: Part 12 - Discovery

PROPOSED STABILITY DATE: 2021

NOTE FROM TC/SC OFFICERS:


Copyright © 2018 International Electrotechnical Commission, IEC. All rights reserved. It is permitted to download this
electronic file, to make a copy and to print out the content for the sole purpose of preparing National Committee positions.
You may not copy or "mirror" the file or printed version of the document, or any part of it, for any other purpose without
permission in writing from IEC.

---------------------- Page: 3 ----------------------
oSIST prEN IEC 62541-12:2018
65E/615/CDV - 2 - IEC CDV 62541-12 © IEC 2017
CONTENTS
Page
FIGURES . 6
TABLES . 7
FOREWORD . 9
1 Scope . 11
2 Normative references . 11
3 Terms, definitions, and conventions . 12
3.1 Terms and definitions . 12
3.2 Abbreviations and symbols . 14
3.3 Conventions for Namespaces. 14
4 The Discovery Process . 15
4.1 Overview. 15
4.2 Registration and announcement of Applications . 15
4.2.1 Overview . 15
4.2.2 Hosts with a LocalDiscoveryServer . 15
4.2.3 Hosts without a LocalDiscoveryServer . 16
4.3 The Discovery Process for Clients to find Servers . 16
4.3.1 Overview . 16
4.3.2 Security . 17
4.3.3 Simple Discovery with a DiscoveryUrl . 17
4.3.4 Local Discovery . 17
4.3.5 MulticastSubnet Discovery . 18
4.3.6 Global Discovery . 19
4.3.7 Combined Discovery Process for Clients . 19
5 Local Discovery Server . 20
5.1 Overview. 20
5.2 Security considerations for Multicast DNS . 21
6 Global Discovery Server . 21
6.1 Overview. 21
6.2 Network Architectures . 22
6.2.1 Overview . 22
6.2.2 Single MulticastSubnet . 23
6.2.3 Multiple MulticastSubnet . 23
6.2.4 No MulticastSubnet. 24
6.2.5 Domain Names and MulticastSubnets . 24
6.3 Information Model . 25
6.3.1 Overview . 25
6.3.2 Directory . 25
6.3.3 DirectoryType . 26
6.3.4 FindApplications . 26
6.3.5 ApplicationRecordDataType. 27
6.3.6 RegisterApplication . 27
6.3.7 UpdateApplication . 28
6.3.8 UnregisterApplication . 29
6.3.9 GetApplication . 29
6.3.10 QueryApplications . 30

---------------------- Page: 4 ----------------------
oSIST prEN IEC 62541-12:2018
IEC CDV 62541-12 © IEC 2017 - 3 - 65E/615/CDV
6.3.11 QueryServers (depreciated) . 31
6.3.12 ApplicationRegistrationChangedAuditEventType . 32
7 Certificate Management Overview . 33
7.1 Overview. 33
7.2 Pull Management . 34
7.3 Push Management . 35
7.4 Provisioning . 36
7.5 Common Information Model . 36
7.5.1 Overview . 36
7.5.2 TrustListType . 36
7.5.3 OpenWithMasks . 37
7.5.4 CloseAndUpdate . 38
7.5.5 AddCertificate . 38
7.5.6 RemoveCertificate . 39
7.5.7 TrustListDataType . 40
7.5.8 TrustListMasks . 40
7.5.9 TrustListOutOfDateAlarmType . 40
7.5.10 CertificateGroupType . 41
7.5.11 CertificateType . 41
7.5.12 ApplicationCertificateType . 42
7.5.13 HttpsCertificateType . 42
7.5.14 UserCredentialCertificateType . 42
7.5.15 RsaMinApplicationCertificateType . 42
7.5.16 RsaSha256ApplicationCertificateType . 43
7.5.17 CertificateGroupFolderType . 43
7.5.18 TrustListUpdatedAuditEventType . 43
7.6 Information Model for Pull Certificate Management . 44
7.6.1 Overview . 44
7.6.2 CertificateDirectoryType . 44
7.6.3 StartSigningRequest . 45
7.6.4 StartNewKeyPairRequest . 47
7.6.5 FinishRequest . 49
7.6.6 GetCertificateGroups . 49
7.6.7 GetTrustList . 50
7.6.8 GetCertificateStatus . 51
7.6.9 CertificateRequestedAuditEventType . 52
7.6.10 CertificateDeliveredAuditEventType . 52
7.7 Information Model for Push Certificate Management . 53
7.7.1 Overview . 53
7.7.2 ServerConfiguration . 53
7.7.3 ServerConfigurationType . 54
7.7.4 UpdateCertificate . 55
7.7.5 ApplyChanges . 56
7.7.6 CreateSigningRequest . 56
7.7.7 GetRejectedList . 57
7.7.8 CertificateUpdatedAuditEventType . 58
8 KeyCredential Management . 58
8.1 Overview. 58
8.2 Pull Management . 59

---------------------- Page: 5 ----------------------
oSIST prEN IEC 62541-12:2018
IEC CDV 62541-12 © IEC 2017 - 4 - 65E/615/CDV

8.3 Push Management . 59
8.4 Information Model for Pull Management . 60
8.4.1 Overview . 60
8.4.2 KeyCredentialManagement . 61
8.4.3 KeyCredentialServiceType . 61
8.4.4 StartRequest . 62
8.4.5 FinishRequest . 63
8.4.6 Revoke . 64
8.4.7 KeyCredentialAuditEventType . 64
8.4.8 KeyCredentialRequestedAuditEventType . 65
8.4.9 KeyCredentialDeliveredAuditEventType . 65
8.4.10 KeyCredentialRevokedAuditEventType . 66
8.5 Information Model for Push Management . 66
8.5.1 KeyCredentialConfiguration . 67
8.5.2 KeyCredentialConfigurationType . 67
8.5.3 UpdateCredential . 67
8.5.4 DeleteCredential . 68
8.5.5 KeyCredentialUpdatedAuditEventType . 69
8.5.6 KeyCredentialDeletedAuditEventType . 69
9 Authorization Services . 69
9.1 Overview. 69
9.2 Implicit . 70
9.3 Explicit . 71
9.4 Chained . 72
9.5 Information Model for Requesting Access Tokens . 73
9.5.1 Overview . 73
9.5.2 AuthorizationServices . 74
9.5.3 AuthorizationServiceType . 74
9.5.4 RequestAccessToken . 75
9.5.5 GetServiceDescription . 76
9.5.6 AccessTokenIssuedAuditEventType . 76
9.6 Information Model for Configuring Servers . 77
9.6.1 Overview . 77
9.6.2 AuthorizationServices . 77
9.6.3 AuthorizationServiceConfigurationType . 77
Annex A (informative) Deployment and Configuration . 79
A.1 Firewalls and Discovery . 79
A.2 Resolving references to remote Servers . 81
Annex B (normative) Constants. 83
B.1 Numeric Node Ids . 83
Annex C (normative) OPC UA Mapping to mDNS . 84
C.1 DNS Server (SRV) Record syntax . 84
C.2 DNS Text (TXT) Record syntax . 84
C.3 DiscoveryUrl mapping . 85
Annex D (normative) Server Capability Identifiers . 86
Annex E (normative) DirectoryServices . 87
E.1 Global Discovery via other directory services . 87
E.2 UDDI . 87

---------------------- Page: 6 ----------------------
oSIST prEN IEC 62541-12:2018
IEC CDV 62541-12 © IEC 2017 - 5 - 65E/615/CDV
E.3 LDAP . 88
Annex F (normative) Local Discovery Server . 90
F.1 Certificate store directory layout . 90
F.2 Installation directories on Windows . 90
Annex G (normative) Application installation process . 92
G.1 Provisioning with Pull Management . 92
G.2 Provisioning with the Push Management . 92
G.3 Setting permissions . 93
Annex H (informative)  Comparison with RFC 7030 . 94
H.1 Overview. 94
H.2 Obtaining CA Certificates . 94
H.3 Initial enrolment . 94
H.4 Client Certificate reissuance . 95
H.5 Server key generation . 95
H.6 Certificate Signing Request (CSR) attributes request . 95

---------------------- Page: 7 ----------------------
oSIST prEN IEC 62541-12:2018
IEC CDV 62541-12 © IEC 2017 - 6 - 65E/615/CDV

FIGURES
Figure 1 – The Registration process with an LDS . 16
Figure 2 – The simple Discovery process . 17
Figure 3 – The Local Discovery process . 18
Figure 4 – The MulticastSubnet Discovery process . 18
Figure 5 – The Global Discovery process . 19
Figure 6 – The Discovery Process for Clients . 20
Figure 7 – The relationship between GDS and other components . 22
Figure 8 – The Single MulticastSubnet architecture . 23
Figure 9 – The Multiple MulticastSubnet architecture . 24
Figure 10 – The No MulticastSubnet architecture . 24
Figure 11 – The Address Space for the GDS . 25
Figure 12 – The Pull Certificate management model . 34
Figure 13 – The Push Certificate management model . 35
Figure 14 – The Certificate Management AddressSpace for the GlobalDiscoveryServer . 44
Figure 15 – The AddressSpace for the Server that supports Push Management. 53
Figure 16 – The Pull Model for KeyCredential management . 59
Figure 17 – The Push Model for KeyCredential management . 60
Figure 18 – The Address Space used for Pull KeyCredential management. 61
Figure 19 – The Address Space used for Push KeyCredential management . 66
Figure 20 – Roles and Authorization Services . 70
Figure 21 – Implicit authorization . 71
Figure 22 – Explicit authorization . 72
Figure 23 – Chained authorization . 73
Figure 24 – The Model for Requesting Access Tokens from Authorization Services . 74
Figure 25 – The Model for Configuring Servers to use Authorization Services . 77
Figure 26 – Discovering Servers outside a firewall . 79
Figure 27 – Discovering Servers behind a firewall . 80
Figure 28 – Using a Discovery Server with a firewall . 81
Figure 29 – Following References to Remote Servers . 82
Figure 30 – The UDDI or LDAP Discovery process . 87
Figure 31 – UDDI registry structure . 88
Figure 32 – Sample LDAP hierarchy . 89

---------------------- Page: 8 ----------------------
oSIST prEN IEC 62541-12:2018
IEC CDV 62541-12 © IEC 2017 - 7 - 65E/615/CDV
TABLES
Table 1 – GDS NamespaceMetadataType Object definition . 14
Table 2 – Directory Object definition . 25
Table 3 – DirectoryType definition. 26
Table 4 – FindApplications Method AddressSpace definition . 27
Table 5 – ApplicationRecordDataType definition . 27
Table 6 – RegisterApplication Method AddressSpace definition . 28
Table 7 – UpdateApplication Method AddressSpace definition . 29
Table 8 – UnregisterApplication Method AddressSpace definition . 29
Table 9 – GetApplication Method AddressSpace definition . 30
Table 10 – QueryApplications Method AddressSpace definition . 31
Table 11 – QueryServers Method AddressSpace definition . 32
Table 12 – ApplicationRegistrationChangedAuditEventType definition . 33
Table 13 – TrustListType definition . 36
Table 14 – OpenWithMasks Method AddressSpace definition . 37
Table 15 – CloseAndUpdate Method AddressSpace definition . 38
Table 16 – AddCertificate Method AddressSpace definition . 39
Table 17 – RemoveCertificate Method AddressSpace definition . 40
Table 18 – TrustListDataType definition . 40
Table 19 – TrustListMasks values . 40
Table 20 – TrustListOutOfDateAlarmType definition . 40
Table 21 – CertificateGroupType definition . 41
Table 22 – CertificateType definition . 41
Table 23 – ApplicationCertificateType definition . 42
Table 24 – HttpsCertificateType definition . 42
Table 25 – UserCredentialCertificateType definition . 42
Table 26 – RsaMinApplicationCertificateType definition . 42
Table 27 – RsaSha256ApplicationCertificateType definition . 43
Table 28 – CertificateGroupFolderType definition . 43
Table 29 – TrustListUpdatedAuditEventType definition . 44
Table 30 – CertificateDirectoryType ObjectType definition . 45
Table 31 – StartSigningRequest Method AddressSpace definition. 47
Table 32 – StartNewKeyPairRequest Method AddressSpace definition . 48
Table 33 – FinishRequest Method AddressSpace definition . 49
Table 34 – GetCertificateGroups Method AddressSpace definition . 50
Table 35 – GetTrustList Method AddressSpace definition . 51
Table 36 – GetCertificateStatus Method AddressSpace definition . 52
Table 37 – CertificateRequestedAuditEventType definition . 52
Table 38 – CertificateDeliveredAuditEventType definition . 52
Table 39 – ServerConfiguration Object definition . 53
Table 40 – ServerConfigurationType definition . 54
Table 41 – UpdateCertificate Method AddressSpace Definition . 56
Table 42 – ApplyChanges Method AddressSpace Definition . 56

---------------------- Page: 9 ----------------------
oSIST prEN IEC 62541-12:2018
IEC CDV 62541-12 © IEC 2017 - 8 - 65E/615/CDV

Table 43 – CreateSigningRequest Method AddressSpace definition . 57
Table 44 – GetRejectedList Method AddressSpace definition . 58
Table 45 – CertificateUpdatedAuditEventType definition . 58
Table 46 – KeyCredentialManagement Object definition . 61
Table 47 – KeyCredentialServiceType definition . 61
Table 48 – StartRequest Method AddressSpace definition . 63
Table 49 – FinishRequest Method AddressSpace definition . 64
Table 50 – Revoke Method AddressSpace definition . 64
Table 51 – KeyCredentialAuditEventType definition .
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.

This May Also Interest You

SIST
SIST EN IEC 61987-31:2023(Main)
Industrial-process measurement and control - Data structures and elements in process equipment catalogues - Part 31: List of Properties (LOPs) of infrastructure devices for electronic data exchange - Generic structures (IEC 61987-31:2022)
EN IEC 61987-31:2023

This part of IEC 61987 provides
• a characterization for the integration of infrastructure devices in the Common Data
Dictionary (CDD);
• generic structures in conformance with IEC 61987-10 for Operating Lists of Properties
(OLOPs) and Device Lists of Properties (DLOPs) of infrastructure devices.
The generic structures for the OLOP and DLOP contain the most important blocks for
infrastructure devices. Blocks pertaining to a specific equipment type will be described in the
corresponding part of the IEC 61987 series. Similarly, equipment properties are not part of this
part of IEC 61987. For instance, the OLOP and DLOP for I/O-modules are to be found in
IEC 61987-32.

  • Standard
    27 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Draft
    24 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN IEC 61918:2019/A12:2023(Amendment)
Industrial communication networks - Installation of communication networks in industrial premises
EN IEC 61918:2018/A12:2023

This document specifies basic requirements for the installation of media for communication networks within and between the automation islands, of industrial sites. This standard covers balanced and optical fibre cabling. It also covers the cabling infrastructure for wireless media, but not the wireless media itself. Additional media are covered in the IEC 61784-5 series.
This document is a companion standard to the communication networks of the industrial automation islands and especially to the communication networks specified in the IEC 61158 series and the IEC 61784 series.
In addition, this document covers the connection between the generic telecommunications cabling specified in ISO/IEC 11801-3 and the specific communication cabling of an automation island, where an automation outlet (AO) replaces the telecommunication outlet (TO) of ISO/IEC 11801-3.
NOTE If the interface used at the AO does not conform to that specified for the TO of ISO/IEC 11801-3, the cabling no longer conforms to ISO/IEC 11801-3 although certain features, including performance, of generic cabling may be retained.
This document provides guidelines that cope with the critical aspects of the industrial automation area (safety, security and environmental aspects such as mechanical, liquid, particulate, climatic, chemicals and electromagnetic interference).
This document does not recognise implementations of power distribution with or through Ethernet balanced cabling systems that are not specified in IEEE 802.3af and in IEEE 802.3at.
This document deals with the roles of planner, installer, verifier, and acceptance test personnel, administration and maintenance personnel and specifies the relevant responsibilities and/or gives guidance.

  • Amendment
    4 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Draft
    3 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN IEC 62714-2:2023(Main)
Engineering data exchange format for use in industrial automation systems engineering - Automation markup language - Part 2: Semantics libraries (IEC 62714-2:2022)
EN IEC 62714-2:2022

The IEC 62714 series specifies an engineering data exchange format for use in industrial automation systems.
This part of IEC 62714 specifies normative as well as informative AML libraries for the modelling of engineering information for the exchange between engineering tools in the plant automation area by means of AML. Moreover, it presents additional user defined libraries as an example. Its provisions apply to the export/import applications of related tools.
This part of IEC 62714 specifies AML role class libraries and AML attribute type libraries. Role classes provide semantics to AML objects, attribute types provide semantics to AML attributes. The association of role classes to AML objects or attribute types to AML attributes represent the possibility to add (also external) semantic to it. By associating a role class to an AML object or an attribute type to an AML attribute,it gets a semantic.This part of IEC 62714 does not define details of the data exchange procedure or implementation requirements for the import/export tools.

  • Standard
    61 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Draft
    60 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN IEC 62453-2:2022(Main)
Field device tool (FDT) interface specification - Part 2: Concepts and detailed description (IEC 62453-2:2022)
EN IEC 62453-2:2022

This part of IEC 62453 explains the common principles of the field device tool concept. These
principles can be used in various industrial applications such as engineering systems,
configuration programs and monitoring and diagnostic applications.
This document specifies the general objects, general object behavior and general object
interactions that provide the base of FDT.

  • Standard
    168 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN IEC 62453-309:2022(Main)
Field device tool (FDT) interface specification - Part 309: Communication profile integration - IEC 61784 CPF 9 (IEC 62453-309:2022)
EN IEC 62453-309:2022

Communication Profile Family 9 (commonly known as HART®1) defines communication profiles based on IEC 61158-5-20 and IEC 61158-6-20. The basic profile CP 9/1 is defined in IEC 61784-1.
This part of IEC 62453 provides information for integrating the HART® technology into the FDT standard (IEC 62453-2).
This part of the IEC 62453 specifies communication and other services.
This standard neither contains the FDT specification nor modifies it.

  • Standard
    51 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Draft
    49 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN IEC 61131-9:2022(Main)
Programmable controllers - Part 9: Single-drop digital communication interface for small sensors and actuators (SDCI) (IEC 61131-9:2022)
EN IEC 61131-9:2022

This part of IEC 61131 specifies a single-drop digital communication interface technology for small sensors and actuators SDCI (commonly known as IO-LinkTM2), which extends the traditional digital input and digital output interfaces as defined in IEC 61131-2 towards a point-to-point communication link. This technology enables the transfer of parameters to Devices and the delivery of diagnostic information from the Devices to the automation system.
This technology is mainly intended for use with simple sensors and actuators in factory automation, which include small and cost-effective microcontrollers.
This part specifies the SDCI communication services and protocol (physical layer, data link layer and application layer in accordance with the ISO/OSI reference model) for both SDCI Masters and Devices.
This part also includes EMC test requirements.
This part does not cover communication interfaces or systems incorporating multiple point or multiple drop linkages, or integration of SDCI into higher level systems such as fieldbuses.

  • Standard
    333 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Draft
    298 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN IEC 62714-5:2022(Main)
Engineering data exchange format for use in industrial automation systems engineering - Automation markup language - Part 5: Communication (IEC 62714-5:2022)
EN IEC 62714-5:2022

Engineering processes of technical systems and their embedded automation systems have to be executed with increasing efficiency and quality. Especially since the project duration tends to increase as the complexity of the engineered system increases. To solve this problem, the engineering process is more often being executed by exploiting software based engineering tools exchanging engineering information and artefacts along the engineering process related tool chain.
Communication systems establish an important part of modern technical systems and, especially, of automation systems embedded within them. Following the increasing decentralisation of automation systems and the application of fieldbus and Ethernet technology connecting automation devices and further interacting entities have to fulfil special requirements on communication quality, safety and security. Thus, within the engineering process of modern technical systems, engineering information and artefacts relating to communication systems also have to be exchanged along the engineering process tool chain.
In each phase of the engineering process of technical systems, communication system related information can be created which can be consumed in later engineering phases. A typical application case is the creation of configuration information for communication components of automation devices including communication addresses and communication package structuring within controller programming devices during the control programming phase and its use in a device configuration tool. Another typical application case is the transmission of communication device configurations to virtual commissioning tools, to documentation tools, or to diagnosis tools.
At present, the consistent and lossless transfer of communication system engineering information along the complete engineering chain of technical systems is unsolved. While user organisations and companies have provided data exchange formats for parts of the relevant information like FDCML, EDDL, and GSD the above named application cases cannot be covered by a data exchange format. Notably the networking related information describing communication relations and their properties and qualities cannot be modelled by a data exchange format.

  • Standard
    58 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Draft
    52 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN IEC 61918:2019/A1:2022(Amendment)
Industrial communication networks - Installation of communication networks in industrial premises (IEC 61918:2018/AMD1:2022)
EN IEC 61918:2018/A1:2022

No scope available

  • Amendment
    25 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Draft
    19 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN IEC 62264-6:2022(Main)
Enterprise-control system integration - Part 6: Messaging service model (IEC 62264-6:2020)
EN IEC 62264-6:2022

This document defines a technology independent model for a set of abstract services that is
located above the application layer of the OSI model, and that is used for exchanging
transaction messages based on the transaction models defined in IEC 62264-5. The model,
which is called the Messaging Service Model (MSM), is intended for interoperability between
manufacturing operations domain applications and applications in other domains.
NOTE It is recognized that other sets of services not defined in accordance with this document are possible for the
exchange of MOM information and are not deemed invalid as a result of this document.

  • Standard
    53 pages
    English language
    sale 10% off
    e-Library read for
    1 day
  • Draft
    53 pages
    English language
    sale 10% off
    e-Library read for
    1 day
SIST
SIST EN 62591:2017/AC:2021(Corrigendum)
Industrial communication networks - Wireless communication network and communication profiles - WirelessHART™
EN 62591:2016/AC:2021-03

IEC Corrected version.

  • Corrigendum
    3 pages
    English and French language
    sale 10% off
    e-Library read for
    1 day