< PreviousField Device Integration (FDI) – Part 4: FDI Packages RELEASED FCG TS62769-4 , Ed. 1.2.0, 21 Jun 2019 Page 29 of 79 Figure 16 illustrates an example of selecting the most recent compatible UIP. FDI Device Package UIP version support UIP A: 01.*.* UIP B: 02.03.* UIP C: 01.04.11 UIP A Version: 01.02.15 UIPs available UIP A Version: 01.02.18 UIP A Version: 01.02.17 UIP A Version: 02.03.12 UIP B Version: 02.03.15 UIP B Version: 02.04.12 UIP C Version: 01.04.11 UIP C Version: 01.04.14 Figure 16 – UIP Version Support concept Field Device Integration (FDI) – Part 4: FDI Packages RELEASED FCG TS62769-4, Ed. 1.2.0, 21 Jun 2019 Page 30 of 79 7 Digital Signatures and Registration Certificates 7.1 Signed Elements and Certification documents The FDI Package signing policy defines that the entire FDI Package shall be signed by the FDI Package originator (see 7.3). FDI Packages which have been registered by an FDI Registration Authority should contain an FDI Registration Certificate (special attachment, see 5.3.4.4) which shall be signed by an FDI Registration Authority (see 7.3). FDI Packages are registered if they are successfully conformance tested (see B.2.4). Registered FDI Packages should carry one or more digitally signed FDI Registration Certificates to - indicate that the FDI Packages has been registered by an official FDI registration authority, - indicate that the files in the package, which had been central for registration of the package, have not been altered after submission for registration. FDI Packages as a whole (the surrounding entity covering all elements) shall be signed to – identify the originator (the signer) of the FDI Package, – verify that the signed FDI Package hasn’t been altered after the signature was applied. FDI Registration Certificate Catalog Signature Registration Authority Signature Package Originator Figure 17 – FDI Package signing The FDI Package originator first sends a package to the FDI Registration Authority. They perform defined conformance tests and additional tests according to their specific rules and test descriptions or agreements. After successful test those Registration Authorities might issue an FDI Registration Certificate which shall be signed by the individual FDI Registration Authority . The FDI Registration Certificate may contain more information about the registration as for example a hash on the parts of the FDI Package which had been covered by the conformance tests. The FDI Registration Certificate is incorporated into the FDI Package for release. After adding the FDI Registration Certificate to the FDI Package content the package is again signed and afterwards released / published by the originator. The FDI Package originator therefore takes over the responsibility that the FDI Registration Certificate is trustable by signing the entire FDI Package he releases. 7.2 Signing mechanism All signatures within the FDI Package shall be made according to the mechanism defined in ISO/IEC 29500-2. In addition to ISO/IEC 29500-2 the signature shall fulfill the following requirements: Field Device Integration (FDI) – Part 4: FDI Packages RELEASED FCG TS62769-4 , Ed. 1.2.0, 21 Jun 2019 Page 31 of 79 – The information needed to validate the signature shall be part of the digital signature, i.e. the KeyInfo element specified in XML Signature Syntax and Processing is mandatory. – Certificates used for signing shall be rooted in a Certificate Authority which is included in the trusted CAs of the Microsoft Windows Certificate Store. – The algorithms used in creation of the signature (for hashing and encryption/decryption) shall be from the list of NIST recommended algorithms in FIPS 140-2, Annex A (NIST). – The signature shall include a trusted timestamp in compliance with XAdES (XML Advanced Electronic Signatures - ETSI EN 319 132-1). – Any signature shall include a CommitmentTypeIndication according to ETSI TS 101 733. The used commitment types are specified in subclause 7.3. 7.3 FDI Package Originator, FDI Registration Authority The FDI Package Originator and the FDI Registration Authority have the following responsibilities: – An FDI Package originator officially publishes an FDI Package and signs it to ensure the integrity of the FDI Package. The FDI Package can be created by a device vendor or a software solution provider. The publisher of an FDI Package may be a different person. The commitment type is ProofOfOrigin. – An FDI Registration Authority has the right and the ability to perform FDI conformance tests on FDI Packages and to issue FDI Registration Certificates, typically interest groups representing an FDI supported communication protocol or their authorized partners. The commitment type is ProofOfApproval. 7.4 FDI Host behavior An FDI host system shall display a warning message when the FDI Package import procedure recognizes that – a digital signature on the package is not present or does not include all entities (files) inside the package, – the digital signature as such is not trustable, – the signature is broken which indicates that the package has been modified after signing. Additional security measures to be taken, if the warning message has been displayed, are in the responsibility of the FDI host system. An FDI host system should display an information message showing which parts of the ones having gone into the registration have been changed when the FDI Package import procedure recognizes that – the unique identifier (PackageID) and the version (as defined in Annex E) of the FDI Package does not match the same information given as a part of the FDI Registration Certificate file, – there is no FDI Registration Certificate present in the FDI Package, – the included FDI Registration Certificate is not signed, the signature is not trustable, or the signature is broken. An FDI host system can check the signature and certification status by reading the FDI Registration Certificate. A host shall provide a configuration, which allows to import a FDI Package, which does not include a FDI Registration Certificate. The functionality of this FDI Package shall not be limited. Field Device Integration (FDI) – Part 4: FDI Packages RELEASED FCG TS62769-4, Ed. 1.2.0, 21 Jun 2019 Page 32 of 79 Annex A (normative) File name conventions A.1 Identification Identification naming conventions shall be utilized to provide a unique way of identifying complete FDI Packages as well as elements of FDI Packages. Adherence to the identification rules will promote interoperability across systems. However, the names themselves shall not be the only mechanism for deployment. Traditionally machine-readable naming conventions have been utilized to uniquely link a file to a specific device and facilitate the import and use of device interface files, such as an EDD, making it difficult for users to determine if the required file was available in the file system. Because an FDI Package is the visible element to the user, a human readable format is preferred over that of a machine-readable version. A.2 FDI Package filename convention Individual FDI Packages shall be identified by unique file names, which shall consist of the manufacture, the model or type, the revision and the protocol supported. Due to filename persistence problems the file name shall not be the only means to identify an FDI Package. Secure means of identifying an FDI Package shall be utilized to prevent inappropriate mixing of device to FDI Packages. The FDI Package shall use the following naming convention <manufacturer>.<description>.<major>.<minor>.<revision>.<protocol>.fdix Each element of the filename is described in Table A.1. The following rules for naming an FDI Package shall apply: • All FDI Packages shall use the .fdix extension. • Maximum name length including .fdix extension: 128 characters. • The file name shall not include a space. NOTE The maximum file name length is limited to 128 characters to reduce the probability of a path exceeding the maximum value. Table A.1 – FDI Package Naming Convention Filename component Description Manufacturer String representation of the manufacturer name of the device. The manufacturer shall not include a period. Description A brief description of the package. The description shall not include a period. For an FDI Device Package, a string representation of the device type name. Major Two-character numerical representation of the major release of the FDI Package. Minor Two-character numerical representation of the minor release of the FDI Package. Revision Two-character numerical representation of the revision of the FDI Package. Protocol The communication profile family names are defined in the communication profiles (FCG TS62769-1xx-x). Field Device Integration (FDI) – Part 4: FDI Packages RELEASED FCG TS62769-4 , Ed. 1.2.0, 21 Jun 2019 Page 33 of 79 Annex B (informative) FDI Package Creation B.1 General Annex B describes the fundamentals of a possible FDI Package creation process by using standardized development tools and components available. B.2 Tools and Components B.2.1 Overview FDI Packages consist of several different components – which also might have relationships and dependencies to each other– that are developed by using different implementation technologies and that follow different standards. This complex structure of FDI Packages requires a tool support to make an easy and economic development and maintenance possible. B.2.2 FDI Reference Implementation/Common EDD Engine The FDI Reference Implementation, including a common EDD Engine, ensures that a common implementation is used for an FDI Package implementation and test that has a defined behavior. The FDI Reference Implementation is part of both tools mentioned below. B.2.3 FDI Package IDE The FDI Package IDE provides everything that is necessary to manage development projects for the different kind of FDI Packages, the development of the descriptive parts, the linking of all remaining package parts but also to do the actual packaging of the package. B.2.4 FDI Device Package Conformance Test Tool A developed FDI Package and especially FDI Device Packages are tested to prove the conformance of the implementation to the FDI Specification. This ensures interoperability. The conformance test is done by using the FDI Device Package Conformance Test Tool that executes defined test cases with the FDI Reference Implementation and the developed FDI Package. B.3 Development B.3.1 FDI Package core development The FDI Package IDE allows the creation of a development project for the FDI Package including the project type and version information. This development project can be used during the complete life-cycle of the FDI Package. A development project wizard might be available to speed up the project creation process. An editor component coming with the FDI Package IDE is available to implement the descriptive part (EDD) of the FDI Package. Features such as syntax checks, code folding, auto complete and wizards for complex constructs are available to support an efficient and safe development. The FDI Package (depending on the FDI Package type) consists of several FDI Package parts. A project management component is also part of the FDI Package IDE, which allows the linkage of external FDI Package parts to a specific FDI Package development project. As soon as the developer has linked all FDI Package parts to the development project (and has also implemented EDD relationships if necessary) the FDI Package can be bound and packaged. Field Device Integration (FDI) – Part 4: FDI Packages RELEASED FCG TS62769-4, Ed. 1.2.0, 21 Jun 2019 Page 34 of 79 The FDI Package IDE generates parts of the Package Catalog depending on linked FDI Package parts, development project information and EDD source code. Some parts of the FDI Package however cannot be developed by using the FDI Package IDE. Examples are given below and shown in Figure B.1. B.3.2 User Interface Plug-in development User Interface Plug-ins are developed using well known implementation technologies (for example, Microsoft.NET 1 ). There are several powerful development tools available to use those implementation technologies (for example, Microsoft Visual Studio® 2 ). Those tools should be used to implement the User Interface-Plug-ins needed. The ready implemented Plug-ins can then be imported into the FDI Package IDE development project to be referenced in the EDD and to be packaged into the FDI Package for release but also to be tested under runtime conditions in conjunction with the descriptive part of the FDI Package. See also Figure B.1. FDI Package IDE EDD editing, packaging, runtime, debug, ... Microsoft Visual Studio Other tools PDF creator Graphics editor Text editor Figure B.1 – Tools used for FDI Package development B.3.3 FDI Package Attachment development There are different kinds of Attachments that can be incorporated into FDI Packages. Due to the variety of possible and necessary Attachments appropriate development tools depending on the type of Attachment shall be used to implement/create those. The Attachments can then be imported into the FDI Package IDE development project to be packaged into the FDI Package for release. See also Figure B.1. B.3.4 FDI Package binding and packaging The last step of the FDI Package development is the packaging as such. In this development step all developed and related parts of the FDI Package are packed according to this specification. Checks are performed to ensure consistency. The output can then be used for conformance testing and in systems. 1 Microsoft.NET is the trade name of a product supplied by Microsoft Corporation. This information is given for the convenience of users of this standard and does not constitute an endorsement by IEC of the product named. Equivalent products may be used if they can be shown to lead to the same results. 2 Microsoft Visual Studio is the trade name of a product supplied by Microsoft Corporation. This information is given for the convenience of users of this standard and does not constitute an endorsement by IEC of the product named. Equivalent products may be used if they can be shown to lead to the same results. Field Device Integration (FDI) – Part 4: FDI Packages RELEASED FCG TS62769-4 , Ed. 1.2.0, 21 Jun 2019 Page 35 of 79 B.3.5 Conformance Test The use of the FDI Package Conformance Test tool which is also part of the FDI Package IDE to ensure the conformance of the FDI Package with the FDI specification marks the last step before releasing the product. The Conformance Test tool uses specified test cases with an FDI runtime engine to check the single features of the FDI that have or may be implemented into an FDI product (an FDI Package in this case). Field Device Integration (FDI) – Part 4: FDI Packages RELEASED FCG TS62769-4, Ed. 1.2.0, 21 Jun 2019 Page 36 of 79 Annex C (informative) FDI Package deployment C.1 General Annex C describes sequence examples of how to deploy different FDI Package types to different system architectures. The sequence and detailed features are system specific. For FDI Servers, no conditional deployment of UIP Variants is defined because package content can be consumed by different kinds of FDI Clients. For standalone FDI host systems, FDI Server and FDI Client application are a single integrated entity. A standalone FDI host system can perform conditional deployment of the UIP Variants according to the integrated FDI Client capabilities. C.2 Scenarios C.2.1 FDI Package deployment to PC based client/server systems C.2.1.1 FDI Device Packages/FDI Profile Packages/FDI Communication Packages The following steps apply for the deployment of FDI Device Packages, FDI Profile Packages and FDI Communication Packages to an FDI Server. a) The user chooses an FDI Package from the file system. b) The system validates the FDI Package signature and integrity. c) The system reads the FDI Package Catalog root element as defined in 4.2.1 and verifies • that the PackageType shall be “Device”, “Profile”, or “Communication”; • that the FDIVersionSupported shall be equal to the Major version (depending on the use of wildcards instead of actual version numbers, the Minor and the Revision part of the version information shall also be interpreted) of the FDI Server; and • the version and PackageId against already installed versions of this device type and handles the update and upgrade accordingly. The deployment is aborted if there is a higher version installed since downgrades are not supported by the FDI. d) The system adds the FDI Package information to the system specific device catalog. e) The system reads all UIPs stored in the FDI Package and adds all UIPs and all available variants to the system specific UIP catalog. f) The system reads the ListOfSupportedUips for each device type and notifies the user if a required UIP is not installed. g) The system stores the entire FDI Device Package content. h) The system reads the EDD for each device type and creates Information Model (IM) type nodes. C.2.1.2 FDI UIP Packages The following steps apply for the deployment of UIP Packages to an FDI Server. a) The user chooses an FDI Package from the file system. b) The system validates the FDI Package signature and integrity. Field Device Integration (FDI) – Part 4: FDI Packages RELEASED FCG TS62769-4 , Ed. 1.2.0, 21 Jun 2019 Page 37 of 79 c) The system reads the FDI Package Catalog root element as defined in 4.2.1 and verifies • that the PackageType is “Uip”; • that the FDIVersionSupported is equal to the Major version (depending on the use of wildcards instead of actual version numbers, the Minor and the Revision part of the version information shall also be interpreted) of the FDI Server; and • the version and PackageId against already installed versions of this device type and handles the update and upgrade accordingly. The deployment is aborted if there is a higher version installed since downgrades are not supported by the FDI. d) The system reads the ListOfSupportedUips for each device type and notifies the user if a required UIP is not installed. e) The system stores the entire FDI Device Package content. f) The system reads all UIPs stored in the FDI Package and adds all UIPs and all available variants to the system specific UIP catalog. C.2.2 FDI Package deployment to an FDI standalone system C.2.2.1 FDI Device Packages/FDI Profile Packages/FDI Communication Packages The following steps apply for the deployment of FDI Device Packages, FDI Profile Packages and FDI Communication Packages to an FDI standalone system. a) The user chooses an FDI Package from the file system. b) The system validates the FDI Package signature and integrity. c) The system reads the FDI Package Catalog root element as defined in 4.2.1 and verifies • that the PackageType is “Device”, “Profile”, or “Communication”; • that the FDIVersionSupported is equal to the Major version (depending on the use of wildcards instead of actual version numbers, the Minor and the Revision part of the version information shall also be interpreted) of the FDI Server; and • the version and PackageId against already installed versions of this device type and handles the update and upgrade accordingly. The deployment is aborted if there is a higher version installed since downgrades are not supported by FDI. d) The system reads all UIP Variants for all UIPs in the FDI Package and verifies • that the PlatformId and RuntimeId is supported by the integrated FDI Client; and • the version and UipId against already imported UIP Variants and handles the update and upgrade accordingly. If there is already a higher version installed the import is aborted since downgrades are not supported by the FDI. e) The system adds the UIP information of matching and imported UIPs to the system specific UIP catalog. f) The system reads the ListOfSupportedUips for each device type and notifies the user if a required UIP is not installed. g) The system stores the relevant FDI Device Package content. h) The system reads the EDD for each device type and creates Information Model (IM) type nodes. C.2.2.2 FDI UIP Packages The following steps apply for the deployment of UIP Packages to an FDI standalone system. a) The user chooses an FDI Package from file system. b) The system validates the FDI Package signature and integrity. Field Device Integration (FDI) – Part 4: FDI Packages RELEASED FCG TS62769-4, Ed. 1.2.0, 21 Jun 2019 Page 38 of 79 c) The system reads the FDI Package Catalog information as defined in 4.2.1: • the PackageType attribute is being checked (see Annex E) for “Uip” • the FDIVersionSupported shall be equal to the Major version (depending on the use of wildcards instead of actual version numbers, the Minor and the Revision part of the version information shall also be interpreted) of the FDI Server; and • the system imports UIPs including UIP Variants and checks for already imported versions of the particular UIP and handles the update and upgrade accordingly. If there is already a higher version installed the import is aborted since downgrades are not supported by the FDI. d) The system reads all UIP Variants for all UIPs in the FDI Package and verifies: • that the PlatformId and RuntimeId is supported by the integrated FDI Client; and • the version and UipId against already imported UIP Variants and handles the update and upgrade accordingly. If there is already a higher version installed the import is aborted since downgrades are not supported by FDI. e) The system stores the relevant FDI Device Package content. Next >