Added text to CreateSession:
If the response message size exceeds the maxResponseMessageSize if the Server software certificates are included, the Server shall not include the software certificates into the response.

Added text to ActivateSession:
If the request message size exceeds the maxRequestMessageSize if the Client software certificates are included, the Client shall not include the software certificates into the request.

We agreed to the following changes in the UA telco on 17/01/2012:

(1) Deprecated parameter CreateSession::serverSoftwareCertificates
Refering to new variable in Part 5

(2) Limited returned information in CreateSession::serverEndpoints to endpointUrl, securityMode, securityPolicyUri, userIdentityTokens, transportProfileUri and securityLevel

(2) Replaced new text at ActivateSession::clientSoftwareCertificates with:
The Client shall not include the SoftwareCertificates into the request if the the maxRequestMessageSize is less than one megabyte.

Changed in document version OPC UA Part 4 - Services 1.02.12 Draft.doc

The new text in Part 4 (table 11) clearly shows that the serverSoftwareCertificates[] is deprecated and therefore empty, but the description for the CreateSession service was not modified and still refers to the existence of the certificates in the CreateSession response.

See OPC UA Part 4 - Services 1.02.012 Draft.doc (page 43 of 191) the following paragraphs near the bottom of the page:

"The response also contains a list of SoftwareCertificates that identify the capabilities of the Server. It contains the list of OPC UA Profiles supported by the Server. OPC UA Profiles are defined in Part 7.

Additional Certificates issued by other organisations may be included to identify additional Server capabilities. Examples of these Profiles include support for specific information models and support for access to specific types of devices."

I was actually looking for the information that describes HOW and WHEN to obtain the certificate information. It seems that now a session must be fully established prior to reading the ServerCapabilities.SoftwareCertificates value. It would be nice to have details that describe when to obtain this information such as immediately after ActivateSession, and what to do with the information once received, such as keep the connection or closing the connection etc.

Received additional review comments from Karl and Nathan for the change

Incorporated proposed changes from Karl.

Changed paragraph mentioned by Nathan. Just explained why we deprecated the SoftwareCertificates parameter and where the information can be found now.
It is up to the client to decide if and when to read the information and what to do with the information.

Changed in document version OPC UA Part 4 - Services 1.02.13 Draft.doc

reviewed and agreed to changes made in the telecon.