IEC 62541-7:2020 defines the OPC Unified Architecture (OPC UA) Profiles. The Profiles in this document are used to segregate features with regard to testing of OPC UA products and the nature of the testing (tool based or lab based). This includes the testing performed by the OPC Foundation provided OPC UA CTT (a self-test tool) and by the OPC Foundation provided Independent certification test labs. This could equally as well refer to test tools provided by another organization or a test lab provided by another organization. What is important is the concept of automated tool-based testing versus lab-based testing. The scope of this standard includes defining functionality that can only be tested in a lab and defining the grouping of functionality that is to be used when testing OPC UA products either in a lab or using automated tools. The definition of actual TestCases is not within the scope of this document, but the general categories of TestCases are within the scope of this document.
Most OPC UA applications will conform to several, but not all, of the Profiles.
This third edition cancels and replaces the second edition published in 2015. This edition constitutes a technical revision.
This edition includes the following significant technical changes with respect to the previous edition:
a) new functional Profiles:
• profiles for global discovery and global certificate management;
• profiles for global KeyCredential management and global access token management;
• facet for durable subscriptions;
• standard UA Client Profile;
• profiles for administration of user roles and permissions.
b) new transport Profiles:
• HTTPS with JSON encoding;
• secure WebSockets (WSS) with binary or JSON encoding;
• reverse connectivity.
c) new security Profiles:
• transportSecurity – TLS 1.2 with PFS (with perfect forward secrecy);
• securityPolicy [A] – Aes128-Sha256-RsaOaep (replaces Base128Rsa15);
• securityPolicy – Aes256-Sha256-RsaPss adds perfect forward secrecy for UA TCP);
• user Token JWT (Jason Web Token).
d) deprecated Security Profiles (due to broken algorithms):
• securityPolicy – Basic128Rsa15 (broken algorithm Sha1);
• securityPolicy – Basic256 (broken algorithm Sha1);
• transportSecurity – TLS 1.0 (broken algorithm RC4);
• transportSecurity – TLS 1.1 (broken algorithm RC4).
e) deprecated Transport (missing support on most platforms):
• SOAP/HTTP with WS-SecureConversation (all encodings).