OPC UA Security

UA Security consists of authentication and authorization, encryption and data integrity via signatures. For that, the OPC Foundation hasn't reinvented the wheel but geared to the Web Service Security specifications. For Web Services the WS Secure Conversation gets used and is therefore compatible to .Net and other SOAP implementations. For the binary version, the algorithms of WS Secure Conversation have been adopted and been converted to a binary equivalent, which is now known as UA Secure Conversation.

As shown on the figure (Protocols ), there is also a mixed version where the code is binary but the transport layer is SOAP. This compromises efficient binary coding and Firewall-friendly transmission. Binary coding always requires UA Secure Conversation. The authentication uses x509 certificates exclusively. It depends on the application developer to which certificate storage the UA application gets bound to. For instance, it is possible to use the Public Key Infrastructure (PKI) of an Active Directory.