Authorization in asset administration shells using OPC UA

Industrie 4.0 (I4.0) in Germany-or Industrial Internet 4.0, as it is called internationally-are key initiatives in order to bring digitization into the automation domain by taking advantage of recent technology advancements such as the Internet of Things (IoT). The core concept for I4.0 is the digital twin or asset administration shell (AAS), as it is called by the German Plattform Industrie 4.0 initiative. It shall provide a machine-readable description of I4.0 components, being available over the entire lifecycle and being used for various advanced use cases and services. Security has been an increasingly known and needed aspect during the last years and is a key requirement to make I4.0 actually happen. In a previous paper we proposed concepts for integrating authorization tightly into OPC Unified Architecture (OPC UA)-based information models. OPC UA is a new and promising industrial technology, which could be used to implement AAS concepts. The current proposals for AAS define necessary security concepts; however, there is no work explaining how these concepts can be implemented in OPC UA. This paper closes this gap by elaborating on realization alternatives in OPC UA. Furthermore, we extend our basic performance evaluation with more realistic data access patterns based on I4.0 use cases, showing the applicability of our approach in practice.