Security in the Communication Layer has to be supported as required for the supported Transport. This includes application authentication and secure communication.
- The Server is obligated to minimally support user authentication with UserName/Password.
- Clients have to support UserName/Password or X.509 certificates as required by the Server.
Security, including encryption, signing, and user authentication, is a core element for OPC UA applications and is therefore part of the OPC Foundation stacks.
OPC UA has defined profiles for lowest-level embedded solutions that will be secured by means outside the scope of OPC UA.