IEC TR 62541-2
OPC Unified Architecture – Part 2: Security Model
|Publication Date:||1 October 2016|
|ICS Code (Open systems interconnection in general):||35.100.01|
|ICS Code (Industrial process measurement and control):||25.040.40|
This part of IEC 62541, which a Technical Report, describes the OPC unified architecture (OPC UA) security model. It describes the security threats of the physical, hardware, and software environments in which OPC UA is expected to run. It describes how OPC UA relies upon other standards for security. It provides definition of common security terms that are used in this and other parts of the OPC UA specification. It gives an overview of the security features that are specified in other parts of the OPC UA specification. It references services, mappings, and Profiles that are specified normatively in other parts of this multi-part specification. It provides suggestions or best practice guidelines on implementing security. Any seeming ambiguity between this part of IEC 62541 and one of the normative parts of IEC 62541 does not remove or reduce the requirement specified in the normative part.
Note that there are many different aspects of security that have to be addressed when developing applications. However since OPC UA specifies a communication protocol, the focus is on securing the data exchanged between applications. This does not mean that an application developer can ignore the other aspects of security like protecting persistent data against tampering. It is important that the developers look into all aspects of security and decide how they can be addressed in the application.
This part of IEC 62541 is directed to readers who will develop OPC UA Client or Server applications or implement the OPC UA services layer. It is also for end users that wish to understand the various security features and functionality provided by OPC UA. It also offers some suggestions that can be applied when deploying systems. These suggestions are generic in nature since the details would depend on the actual implementation of the OPC UA Applications and the choices made for the site security.
It is assumed that the reader is familiar with Web Services and XML/SOAP. Information on these technologies can be found in SOAP Part 1: and SOAP Part 2.