High Security Tier – This would be like a hotel that often has high-profile guests or offers different amenities to different guests. The room key may also grant access to restricted elevator floors, the pool at special times or access to the hospitality suite. In the High-Security tier, OPC applications would use a combination of local trust lists and Certification Authorities. Each application's trust list would have to be managed centrally, but administrators would have fine-grain control over who has access to what. OPC Security Gateway servers could be used to provide access to other servers using lower security tiers or to provide users with easy management of security settings.
Anonymous Web Client Tier – The final tier is much like the person who shows up off the street looking for a room, but does not have a reservation. The desk clerk must use some means of proving him trustworthy. The OPC UA application would ensure privacy and integrity by authenticating username/passwords after a secure connection is created. After proper authentication, each application would be issued a certificate with a Private key, but no advance trust relationship is required.
Thank You for Choosing OPC UA
The OPC UA specifications, profiles and certification process provide users with the comfort that OPC applications are being built on strong security foundations that incorporate the use of encryption for confidentiality and signatures for source authentication and integrity. This allows asset owners to secure OPC UA client/server communication using the protocol itself rather than add-on security. But just like hotels, not all applications will be created equal. Users who are serious about the security of their system communications will look to compliant, trusted OPC vendors who have made security a priority in their applications. Knowledgeable vendors can help users access their security needs and explain how concepts of certificate handling and key storage apply to the various security tiers. The nature of OPC UA specifications mean that layered products like Security Gateways can provide integrated security at the protocol level that augment OPC UA products of lower security implementations. The OPC UA specifications provide the building blocks for secure applications to be built.
Thank you for choosing OPC UA. Have a safe and pleasant stay.
Eric Murphy, BSc, PEng (Alberta), is a chemical engineer with a process control specialization and an OPC expert. Eric has been a part of the OPC community since its early beginnings in the mid-1990s. He is heavily involved with the OPC Foundation and is a member of the OPC Foundation Technical Advisory Council (TAC). Eric is also a co-editor for the OPC Unified Architecture (UA) specifications as well as the chair of the OPC Historical Data Access (HDA) working group. Visit Eric at his Blog, the OPC Exchange, to follow the latest trends and discussions about OPC technology, or click here for free downloads.