Here is a list of available documentation for different topics:
- OPC UA Profiles and Facets - Overview of supported OPC UA profiles, facets, security policies, and transport protocols.
- Transport Profiles - Developer guide for the wire transports:
opc.tcp/ HTTPS (binary + JSON + REST) / WSS (binary + JSON), including server hosting and client connect examples. - REST Binding (OpenAPI Mapping) - OPC UA Part 6 §G.3 OpenAPI mapping: ASP.NET Core MVC controllers for every spec service, Compact / Verbose encoding negotiation, four pluggable auth modes (Anonymous / Bearer JWT / HTTP Basic / Mutual TLS), and the symmetric
IWebApiClient. - What's New in 2.0 - Developer-facing tour of the 1.5.378 → 2.0 changes, grouped by theme and layer, with links to deeper feature docs.
- Migration Guide - How to migrate from a previous version.
- Sessions, Reconnection, and Subscription Engines - Architectural overview of
Session,ManagedSession,SessionReconnectHandler, and the classic / V2 subscription engines, including guidance on which to use. - About .NET platform support, Nuget packages and versioning.
- How X.509 Certificates are used in the certificate stores.
- Using the Reverse Connect for the UA-TCP and WSS transports.
- Support for the TransferSubscriptions service set.
- Diagnostics — logging, telemetry, server audit events, server diagnostics nodes, and packet capture.
- Performance Benchmarks — BenchmarkDotNet methodology, the 2.0 (
master) vs 1.5.378 (master378) comparison, root-cause analysis of the encoder/decoder/session regressions and their real-world impact, the subscription-notification (pooled encodeable) micro-benchmarks, server session scalability (the 500-session capability, sizing and bottlenecks), and planned future work. - Server Session Scalability — why a single node tops out at ~2000 concurrent sessions, the establishment vs steady-state boundaries (socket backlog, the
BadTcpInternalErrorretry-storm amplifier, the O(N²) diagnostics rescan, CreateSession crypto-under-lock, the RSA CPU wall, and the held-Publish worker-accounting coupling) with code references, and a prioritized admission-control / rate-limiting roadmap for moving beyond it. - Support for WellKnownRoles & RoleBasedUserManagement.
- Pluggable Identity Providers — interfaces (
IClientIdentityProvider,IUserTokenAuthenticator,IAccessTokenProvider,ITokenIssuer,IIdentityClaims) plus the OPC 10000-6 §6.5.2.2IssuerEndpointUrlJSON parser for OAuth2 / OIDC / Entra / JWT flows. - Support for ECC Certificates.
- Working with ComplexTypes - Custom structures and enumerations.
- Client-based NodeSet Export - Export server address space to NodeSet2 XML.
- Source generated [DataTypes] - How to annotate POCO classes and let the source generator generate the
IEncodeableimplementation. - Runtime Schema Generation - Produce XSD, OPC Binary (BSD) and JSON Schema (Part 6 Annex C, compact + verbose) for generated encodeable types and dynamically added complex types via the injectable
ISchemaProvider; schemas are built as object models in code (trimmable, NativeAOT compatible). - Source generated NodeManagers - Emit an
AsyncCustomNodeManagerfrom a model design XML and wire callbacks via the fluentINodeManagerBuilderAPI; supports NativeAOT single-file servers (samples: MinimalBoilerServer, PumpDeviceIntegrationServer). Covers engineering units, property initialisation, alarms, simulation timers, instance creation, NAMUR-style supervision, multi-model composition, and the fluent state-machine builder on top of anyFiniteStateMachineStatesubclass. Cross-assembly model references are tracked via the ModelDependencyAttribute. Companion-spec packaging — model + server + client library trios — is covered end-to-end by the Device Integration developer guide using theOpc.Ua.Di/Opc.Ua.Di.Server/Opc.Ua.Di.Clienttrio as the worked example. - Device Integration (DI) developer guide - End-to-end documentation for the
Opc.Ua.Di*library trio: fluentIDeviceBuilder, device sub-type extensions (AddSoftware,AddBlock,AddConfigurableObject,AddLifetimeIndication,WithSupportInfo), hosting integration (AddOpcUaDi/ConfigureDevicesFor), lock service, software-update package store, and client helpers (DiLockClient,DiTopologyClient,SoftwareUpdateClient). Includes a section enumerating supported OPC 10000-100 features against the spec. - Alias Names - Full server + client support for the OPC UA Part 17 alias-name model (
AliasNameType,AliasNameCategoryType,FindAlias,FindAliasVerbose,AddAliasesToCategory,DeleteAliasesFromCategory,LastChange). - Alarms and Conditions - Full server + client support for OPC UA Part 9. Server-side state types for latched/silenced/out-of-service alarms, alarm groups and suppression engine, alarm rate metrics. Client-side
AlarmClient, typed alarm event records, fluentAlarmEventFilterBuilder,IAsyncEnumerablealarm streaming viaAlarmStreamExtensions. - Historical Access (Part 11) - Server provider model (
IHistorianProviderfamily) andInMemoryHistorianProvider, plus the clientHistoryClient(session.Historian()) for raw/modified/at-time/processed reads, annotations, and updates. - Aggregates (Part 13) - All 37 standard Part 13 v1.05.07 aggregate functions over historical data: server
AggregateManager/ calculators, native push-down vs framework fallback,AnnotationCountvia the annotation provider,AggregateConfigurationdefaults, and the clientReadProcessedAsynchelper. - Subscriptions and Monitored Items Service Set - V2 subscription engine API. Covers
ISubscriptionManagerfor long-lived callback-based subscriptions, the declarative+imperativeSetTriggeringAPI with N:M support and automatic replay on recreate/reconnect, andIStreamingSubscription(IAsyncEnumerable-based) for state-machine waits and short-lived monitoring (ManagedSession.DefaultStreaming,TakeUntilAsync/WithTimeoutAsynchelpers). - Unbounded Monitored Items - V2 logical-subscription wrapper that transparently splits monitored items across multiple server-side partitions when the per-subscription cap is exceeded (
IPartitionedSubscription,MonitoredItemOptions.Affinity, reactiveBad_TooManyMonitoredItemsfallback, secondary-partition idle-delete). - State Machines - Generic, extensible Part 16 state-machine API. Client side: streaming + read helpers on the source-generated
*TypeClientproxies (GetCurrentFiniteStateAsync,ObserveFiniteTransitionsAsync,WaitForStateAsync). Server side: unified fluentStateMachineBuilderwith two complementary modes — definition (Create(...)+AddState/AddTransition/OnCausefor ad-hoc machines viaFluentFiniteStateMachineState) and lifecycle (For(...)/INodeBuilder.AsStateMachine()+OnEnterState/WithCause/WithTimedTransitionto attach behavior to stack-shipped or generator-emitted FSMs). Vendor state machines inherit both ends of the API automatically. - Model Change Tracking - Client-side address-space change tracking with per-node
INodeCacheinvalidation; server-sideModelChangeAggregatorand auto-emittedGeneralModelChangeEventfromCustomNodeManager.CreateNode/DeleteNode. - NodeManagement Service Set - Server-side AddNodes / DeleteNodes / AddReferences / DeleteReferences, including the
INodeManagementAsyncNodeManageropt-in pattern and per-NodeManagerAllowNodeManagementgate. - Dependency Injection - The unified
services.AddOpcUa()/IOpcUaBuildersurface for hosting OPC UA components inMicrosoft.Extensions.DependencyInjection/ the .NET Generic Host (servers asIHostedService, options viaAction<T>orIConfiguration, AOT-friendly). - AuthorizationService - Modern Part 12
StartRequestToken/FinishRequestToken,ITokenIssuer, and GDS token issuance. - Fuzz testing - SharpFuzz + afl-fuzz + libFuzzer integration. Three areas:
Encoders(Binary/JSON/XML decoders, built-in type readers, parser entry points),Certificates(X509CRL, X509 extension parsers,PEMReader,Pkcs10CertificationRequest, ASN.1 helpers), andNetwork(UA-SC framing viaOpc.Ua.Core.Diagnostics+ internalTcpMessageParsersseam onOpc.Ua.Core). Thefuzz-testercustom agent drives the whole toolchain autonomously: it detects OS-available engines, runs them in parallel, fixes novel findings per repo guidelines, adds the failing input as a regression asset, and pushes one commit per fix until the user says stop. - KeyCredentialService - Pull, Push, and experimental bridge guidance for Part 12 KeyCredential flows.
- PubSub (Part 14) - Publisher/subscriber support library: architecture, fluent builder, transports (UDP / MQTT 3.1.1 + 5.0 / Ethernet Layer 2), encodings (UADP / JSON), security, and server-side address space.
- Migration sub-doc - 1.5.378 → 2.0 breaking API, transport, JSON, and field-encoding changes, plus the compatibility matrix.
- Ethernet transport - Layer 2 PubSub (
opc.eth://, EtherType0xB62C, 802.1Q VLAN) with native AF_PACKET / BPF, SharpPcap, and in-memory backends. - External server adapter - Bind PubSub publishers, subscribers, and Action responders to an external OPC UA server through
ManagedSession. - Dependency Injection extensions -
AddPubSub,AddPubSubPublisher,AddPubSubSubscriber,AddPubSubSecurityKeyServiceClient/Server,AddPubSubAddressSpace. - Profiles - Datagram-v2, SKS pull / push, AES-128/256-CTR security facets.
- PubSub Diagnostics - packet capture, dissection and replay of UDP / MQTT PubSub traffic, including decryption of encrypted UADP messages.
- Reference Client documentation for configuration of the console reference client using parameters.
- Reference Server documentation for running against CTT.
- ConsoleReferencePubSubClient documentation for the PubSub reference sample (publisher / subscriber / external-server adapter modes).
- Provisioning Mode for secure certificate provisioning and initial server configuration.
- Using the Container support of the Reference Server in Visual Studio 2026 and for local testing.
Starting with version 1.5.375.XX the Windows Forms reference client & reference server were moved to the OPC UA .NET Standard Samples repository.
- GDS Developer Guide — Application registration, certificate management (pull & push models), roles and authorization, provider implementation, end-to-end examples.
- KeyCredentialService — Credential issuance for non-OPC UA services (MQTT, REST), IKeyCredentialRequestStore provider guide, ISecretStore integration.
- AuthorizationService — OAuth2-style access token issuance, IAccessTokenProvider implementation guide.
- Role-Based Security — Part 18 roles and claim-based identity-mapping rules.
- Identity Providers — server and client identity-provider architecture.
- Dependency Injection — dependency injection hosting and identity registration extensions.