return to the IEC Standards

Note: The following is an excerpt from the official IEC catalog. It is provided here as a convenience and is not authoritative. Refer to the original document as the authoritative reference.

IEC 62541-7:2020 defines the OPC Unified Architecture (OPC UA) Profiles. The Profiles in this document are used to segregate features with regard to testing of OPC UA products and the nature of the testing (tool based or lab based). This includes the testing performed by the OPC Foundation provided OPC UA CTT (a self-test tool) and by the OPC Foundation provided Independent certification test labs. This could equally as well refer to test tools provided by another organization or a test lab provided by another organization. What is important is the concept of automated tool-based testing versus lab-based testing. The scope of this standard includes defining functionality that can only be tested in a lab and defining the grouping of functionality that is to be used when testing OPC UA products either in a lab or using automated tools. The definition of actual TestCases is not within the scope of this document, but the general categories of TestCases are within the scope of this document.

Most OPC UA applications will conform to several, but not all, of the Profiles. This third edition cancels and replaces the second edition published in 2015. This edition constitutes a technical revision. This edition includes the following significant technical changes with respect to the previous edition:

a) new functional Profiles:

• profiles for global discovery and global certificate management;
• profiles for global KeyCredential management and global access token management;
• facet for durable subscriptions;
• standard UA Client Profile;
• profiles for administration of user roles and permissions.

b) new transport Profiles:

• HTTPS with JSON encoding;
• secure WebSockets (WSS) with binary or JSON encoding;
• reverse connectivity.

c) new security Profiles:

• transportSecurity – TLS 1.2 with PFS (with perfect forward secrecy);
• securityPolicy [A] – Aes128-Sha256-RsaOaep (replaces Base128Rsa15);
• securityPolicy – Aes256-Sha256-RsaPss adds perfect forward secrecy for UA TCP);
• user Token JWT (Jason Web Token).

d) deprecated Security Profiles (due to broken algorithms):

• securityPolicy – Basic128Rsa15 (broken algorithm Sha1);
• securityPolicy – Basic256 (broken algorithm Sha1);
• transportSecurity – TLS 1.0 (broken algorithm RC4);
• transportSecurity – TLS 1.1 (broken algorithm RC4).

e) deprecated Transport (missing support on most platforms):

• SOAP/HTTP with WS-SecureConversation (all encodings).

See also:

• IEC 62541-001 OPC Unified Architecture - Part 1: Overview and concepts
• IEC 62541-002 OPC Unified Architecture - Part 2: Security Model
• IEC 62541-003 OPC Unified Architecture - Part 3: Address Space Model
• IEC 62541-004 OPC Unified Architecture - Part 4: Services
• IEC 62541-005 OPC Unified Architecture - Part 5: Information Model
• IEC 62541-006 OPC Unified Architecture - Part 6: Mappings
• IEC 62541-008 OPC Unified Architecture - Part 8: Data Access
• IEC 62541-009 OPC Unified Architecture - Part 9: Alarms and Conditions
• IEC 62541-010 OPC Unified Architecture - Part 10: Programs
• IEC 62541-011 OPC Unified Architecture - Part 11: Historical Access
• IEC 62541-012 OPC Unified Architecture - Part 12: Discovery and global
• IEC 62541-013 OPC Unified Architecture - Part 13: Aggregates
• IEC 62541-014 OPC Unified Architecture - Part 14: PubSub
• IEC 62541-100 OPC Unified Architecture - Part 100: Device Interface