IEC 62541-7:2020 RLV
OPC unified architecture - Part 7: Profiles
Product Details
Most OPC UA applications will conform to several, but not all, of the Profiles.
This third edition cancels and replaces the second edition published in 2015. This edition constitutes a technical revision.
This edition includes the following significant technical changes with respect to the previous edition:
a) new functional Profiles:
• profiles for global discovery and global certificate management;
• profiles for global KeyCredential management and global access token management;
• facet for durable subscriptions;
• standard UA Client Profile;
• profiles for administration of user roles and permissions.
b) new transport Profiles:
• HTTPS with JSON encoding;
• secure WebSockets (WSS) with binary or JSON encoding;
• reverse connectivity.
c) new security Profiles:
• transportSecurity – TLS 1.2 with PFS (with perfect forward secrecy);
• securityPolicy [A] – Aes128-Sha256-RsaOaep (replaces Base128Rsa15);
• securityPolicy – Aes256-Sha256-RsaPss adds perfect forward secrecy for UA TCP);
• user Token JWT (Jason Web Token).
d) deprecated Security Profiles (due to broken algorithms):
• securityPolicy – Basic128Rsa15 (broken algorithm Sha1);
• securityPolicy – Basic256 (broken algorithm Sha1);
• transportSecurity – TLS 1.0 (broken algorithm RC4);
• transportSecurity – TLS 1.1 (broken algorithm RC4).
e) deprecated Transport (missing support on most platforms):
• SOAP/HTTP with WS-SecureConversation (all encodings).