Standard Event Types |
This topic contains the following sections:
- BaseEventType
- SystemEventType
- AuditEventType
- AuditSecurityEventType
- AuditChannelEventType
- AuditOpenSecureChannelEventType
- AuditSessionEventType
- AuditCreateSessionEventType
- AuditUrlMismatchEventType
- AuditActivateSessionEventType
- AuditCancelEventType
- AuditCertificateEventType
- AuditCertificateDataMismatchEventType
- AuditCertificateExpiredEventType
- AuditCertificateInvalidEventType
- AuditCertificateUntrustedEventType
- AuditCertificateRevokedEventType
- AuditCertificateMismatchEventType
- AuditNodeManagementEventType
- AuditAddNodesEventType
- AuditDeleteNodesEventType
- AuditAddReferencesEventType
- AuditDeleteReferencesEventType
- AuditUpdateEventType
- AuditWriteUpdateEventType
- AuditHistoryUpdateEventType
- AuditUpdateMethodEventType
- DeviceFailureEventType
- Model Change Events
- SemanticChangeEventType
- See Also
The following subclauses define event types. Their representation in the Address Space is described in section Information Model. Additional event types may be specified. Figure 1 informally describes the hierarchy of these event types.
BaseEventTypeThe BaseEventType defines all general characteristics of an event. All other event types derive from it. There is no other semantic associated with this type.
SystemEventTypeSystem events are generated as a result of some event that occurs within the server or by a system that the server is representing.
AuditEventTypeAudit events are generated as a result of an action taken on the server by a client of the server. For example, in response to a client issuing a write to a Variable, the server would generate an audit event describing the Variable as the source and the user and client session as the initiators of the event.
Figure 2 illustrates the defined behaviour of an OPC Unified Architecture server in response to an auditable action request. If the action is accepted, an action audit event is generated and processed by the server. If the action is not accepted due to security reasons, a security audit event is generated and processed by the server. The server may involve the underlying device or system in the process but it is the server’s responsibility to provide the event to any interested clients. Clients are free to subscribe to events from the server and will receive the audit events in response to normal Publish requests.
All action requests include a human readable AuditEntryId. The AuditEntryId is included in the audit event to allow human readers to correlate an event with the initiating action. The AuditEntryId typically contains who initiated the action and from where it was initiated.
The server may elect to optionally persist the audit events in addition to the mandatory event subscription delivery to clients.
Figure 3 illustrates the expected behaviour of an aggregating server in response to an auditable action request. This use case involves the aggregating server passing on the action to one of its aggregated servers. The general behaviour described above is extended by this behaviour and not replaced. That is, the request could fail and generate a security audit event within the aggregating server. The normal process is to pass the action down to an aggregated server for processing. The aggregated server will, in turn, follow this behaviour or the general behaviour and generate the appropriate audit events. The aggregating server periodically issues publish requests to the aggregated servers. These collected events are merged with self-generated events and made available to subscribing clients. If the aggregating server supports the optional persisting of AuditEvent, the collected events are persisted along with locally-generated events.
The aggregating server may map the authenticated user account making the request to one of its own accounts when passing on the request to an aggregated server. It shall, however, preserve the AuditEntryId by passing it on as received. The aggregating server may also generate its own audit event for the request prior to passing it on to the aggregated server, in particular, if the aggregating server needs to break a request into multiple requests that are each directed to separate aggregated servers or if part of a request is denied do to security on the aggregating server.
AuditSecurityEventTypeThis is a subtype of AuditEventType and is used only for categorization of security-related events. This type follows all behaviour of its parent type.
AuditChannelEventTypeThis is a subtype of AuditSecurityEventType and is used for categorization of security-related events from the SecureChannel service set described in section Services.
AuditOpenSecureChannelEventTypeThis is a subtype of AuditChannelEventType and is used for events generated from calling the OpenSecureChannel service described in section Services.
AuditSessionEventTypeThis is a subtype of AuditSecurityEventType and is used for categorization of security-related events from the Session service set described in section Services.
AuditCreateSessionEventTypeThis is a subtype of AuditSessionEventType and is used for events generated from calling the CreateSession service described in section Services.
AuditUrlMismatchEventTypeThis is a subtype of AuditCreateSessionEventType and is used for events generated from calling the CreateSession service described in section Services. if the EndpointUrl used in the service call does not match the server’s HostNames (see section Services for details).
AuditActivateSessionEventTypeThis is a subtype of AuditSessionEventType and is used for events generated from calling the ActivateSession service described in section Services.
AuditCancelEventTypeThis is a subtype of AuditSessionEventType and is used for events generated from calling the Cancel service described in section Services.
AuditCertificateEventTypeThis is a subtype of AuditSecurityEventType and is used only for categorization of Certificate related Events. This type follows all behaviour of its parent type. These AuditEvents will be generated for Certificate errors in addition to other AuditEvents related to service calls.
AuditCertificateDataMismatchEventTypeThis is a subtype of AuditCertificateEventType and is used only for categorization of Certificate related events. This type follows all behaviour of its parent type. This audit event is generated if the HostName in the URL used to connect to the server is not the same as one of the host names specified in the Certificate or if application and software certificates contain an application or product URI that does not match the URI specified in the ApplicationDescription provided with the certificate. For more details on certificates see section Services.
AuditCertificateExpiredEventTypeThis is a subtype of AuditCertificateEventType and is used only for categorization of certificate related events. This type follows all behaviour of its parent type. This audit event is generated if the current time is not after the start of the validity period and before the end.
AuditCertificateInvalidEventTypeThis is a subtype of AuditCertificateEventType and is used only for categorization of certificate related events. This type follows all behaviour of its parent type. This audit event is generated if the certificate structure is invalid or if the certificate has an invalid signature.
AuditCertificateUntrustedEventTypeThis is a subtype of AuditCertificateEventType and is used only for categorization of certificate related events. This type follows all behaviour of its parent type. This audit event is generated if the certificate is not trusted i.e. if the issuer certificate is unknown.
AuditCertificateRevokedEventTypeThis is a subtype of AuditCertificateEventType and is used only for categorization of certificate related events. This type follows all behaviour of its parent type. This audit event is generated if a certificate has been revoked of if the revocation list is not available (i.e. a network interruption prevents the Application from accessing the list).
AuditCertificateMismatchEventTypeThis is a subtype of AuditCertificateEventType and is used only for categorization of certificate related events. This type follows all behaviour of its parent type. This audit event is generated if a certificate set of uses does not match use requested for the certificate (i.e. application, software or CA),
AuditNodeManagementEventTypeThis is a subtype of AuditEventType and is used for categorization of node management related events. This type follows all behaviour of its parent type.
AuditAddNodesEventTypeThis is a subtype of AuditNodeManagementEventType and is used for events generated from calling the AddNodes service described in section Services.
AuditDeleteNodesEventTypeThis is a subtype of AuditNodeManagementEventType and is used for events generated from calling the DeleteNodes service described in section Services.
AuditAddReferencesEventTypeThis is a subtype of AuditNodeManagementEventType and is used for events generated from calling the AddReferences service described in section Services.
AuditDeleteReferencesEventTypeThis is a subtype of AuditNodeManagementEventType and is used for events generated from calling the DeleteReferences service described in section Services.
AuditUpdateEventTypeThis is a subtype of AuditEventType and is used for categorization of update related events. This type follows all behaviour of its parent type.
AuditWriteUpdateEventTypeThis is a subtype of AuditUpdateEventType and is used for categorization of write update related events. This type follows all behaviour of its parent type.
AuditHistoryUpdateEventTypeThis is a subtype of AuditUpdateEventType and is used for categorization of history update related events. This type follows all behaviour of its parent type.
AuditUpdateMethodEventTypeThis is a subtype of AuditEventType and is used for categorization of method related events. This type follows all behaviour of its parent type.
DeviceFailureEventTypeA DeviceFailureEvent indicates a failure in a device of the underlying system.
Model Change EventsThis section contains the following subsections:
- NodeVersion Property
- Views
- Event Compression
- BaseModelChangeEventType
- GeneralModelChangeEventType
- Guidelines for Model Change Events
Model change events are generated to indicate a change of the Address Space structure. The change may consist of adding or deleting an node or reference object. Although the relationship of a Variable or VariableType to its DataType is not modelled using references, changes to the DataType attribute of a Variable or VariableType are also considered as model changes and therefore a model change event is generated if the DataType attribute changes.
NodeVersion Property
There is a correlation between model change events and the NodeVersion property of nodes. Every time a model change event is issued for a node, its NodeVersion shall be changed, and every time the NodeVersion is changed, a model change event shall be generated. A server shall support both the model change event and the NodeVersion property or neither, but never only one of the two mechanisms.
Views
A model change event is always generated in the context of a View node class including the default View where the whole Address Space is considered. Therefore the only notifiers which report the model change events are View nodes and the Server object representing the default view. Each action generating a model change event may lead to several events since it may affect different views. If, for example, a node was deleted from the Address Space, and this node was also contained in a View "A", there would be one event having the Address Space as context and another having the View "A" as context. If a node would only be removed from View "A", but still exists in the Address Space, it would generate only a model change event for View "A".
If a client does not want to receive duplicates of changes it has to use the filter mechanisms of the event subscription filtering only for the default view and suppress the model change events having other views as context.
When a model change event is issued on a view and the view supports the ViewVersion property, the ViewVersion has to be updated.
Event Compression
An implementation is not required to issue an event for every update as it occurs. An OPC Unified Architecture server may be capable of grouping a series of transactions or simple updates into a larger unit. This series may constitute a logical grouping or a temporal grouping of changes. A single model change event may be issued after the last change of the series, to cover all of the changes. This is referred to as event compression. A change in the NodeVersion and the ViewVersion may thus reflect a group of changes and not a single change.
BaseModelChangeEventType
The BaseModelChangeEventType is the base type for model change events and does not contain information about the changes but only indicates that changes occurred. Therefore the client shall assume that any or all of the Nodes may have changed.
GeneralModelChangeEventType
The GeneralModelChangeEventType is a subtype of the BaseModelChangeEventType. It contains information about the node that was changed and the action that occurred the model change event (e.g. add a node object, delete a node object, etc.). If the affected object is a Variable or Object, the type definition node is also present.
To allow event compression, a general model change event contains an array of this structure.
Guidelines for Model Change Events
Two types of model change events are defined: the base model change event that does not contain any information about the changes and the general model change event that identifies the changed nodes via an array. The precision used depends on both the capability of the OPC Unified Architecture server and the nature of the update. An OPC Unified Architecture server may use either model change event type depending on circumstances. It may also define subtypes of these event types adding additional information.
To ensure interoperability, the following guidelines for events should be observed:
If the array of the general model change event is present, then it should identify every node that has changed since the preceding model change event.
The OPC Unified Architecture server should emit exactly one model change event for an update or series of updates. It should not issue multiple types of model change event for the same update.
Any client that responds to model change events should respond to any event of the BaseModelChangeEventType including its subtypes like the GeneralModelChangeEventType.
If a client is not capable of interpreting additional information of the subtypes of the BaseModelChangeEventType, it should treat events of these types the same way as events of the BaseModelChangeEventType.
SemanticChangeEventTypeThis section contains the following subsections:
Semantic change events are generated to indicate a change of the Address Space semantics. The change consists of a change to the Value attribute of a Property
The semantic change event contains information about the node owning the property that was changed. If this is a Variable or Object, the type definition node is also present.
The SemanticChange bit of the AccessLevel attribute of a property indicates whether changes of the value are considered for semantic change events (see Variable ).
ViewVersion and NodeVersion Properties
The ViewVersion and NodeVersion properties do not change due to the publication of a semantic change event.
Views
Semantic change events are handled in the context of a view the same way as model change events (see Views).
Event Compression
Semantic change events can be compressed the same way as model change events (see EventCompression).
See Also