The OPC Security specification enables OPC applications to apply security that is over and above the security available in DCOM. DCOM security enables OPC Servers to allow or deny specific users or groups from launching or accessing an OPC Server. OPC Security enables the OPC Server administrator to further allow access to some items and deny access to others. This enables corporations to control client access to servers to protect sensitive information and guard against unauthorized modification of system parameters.
The OPC Foundation is responsible for defining and maintaining the OPC Security specification.
OPC has defined interfaces for Data Access Servers, Event Servers, and Historical Data Access Servers. These servers provide information that is valuable to the enterprise and if improperly updated, could have significant consequences to plant processes. Therefore, there is a need to control client access to these servers in order to protect this sensitive information and to guard against unauthorized modification of process parameters.
Security must be provided in a standard manner, consistent among implementations of OPC Servers by various vendors, to permit the implementation of portable client applications.
Security must be well integrated and be as transparent as possible to the client application. Ideally, security should "just be there" with no special actions by the client application required in order for security to be enforced.
The purpose of this specification is to specify how OPC Servers should implement security using operating system facilities. In addition, usage guidelines are provided for the OPC Client implementation to interact with a security aware OPC Server.
This specification is analogous to the OPC Common specification in that it applies to all of the defined OPC Servers. It focuses on client identification that is the exchanging of trusted credentials to be used for access authorization decisions by the OPC Server. It does not address which objects are to be secured, but leaves this matter to the OPC Server implementers.
This specification permits multiple levels of security to maintain coexistence with legacy OPC applications and to provide enhanced security capabilities.
Visit the OPC Foundation website for more detailed information about the OPC Security specification.