(This is related to the Profiles website, but since that is basically "Part 7"'s data part this issue is done to Part 7 here)

The https://profiles.opcfoundation.org/conformancegroup/155 "Security Algorithms" that are new (not used in RSA) and related to ECC lack the "The URI is ..." text part compared to the RSA-counterparts. For example, in AsymmetricSignatureAlgorithm_RSA-PSS-SHA2-256 there is this line "The URI is http://opcfoundation.org/UA/security/rsa-pss-sha2-256.". As far as I see the ECC-ones do not have it, for example:

AsymmetricSignatureAlgorithm_ECDSA-SHA2-256
ECC digital signature algorithm described in http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf.
The hash algorithm is SHA2 with 256 bits and is described in http://tools.ietf.org/html/rfc6234.

AsymmetricSignatureAlgorithm_ECDSA-SHA2-384
ECC digital signature algorithm described in http://nvlpubs.nist.gov/nistpubs/FIPS/NIST.FIPS.186-4.pdf.
The hash algorithm is SHA2 with 384 bits and is described in http://tools.ietf.org/html/rfc6234.

AsymmetricSignatureAlgorithm_PureEdDSA-25519
ECC digital signature algorithm Ed25519 described in
http://tools.ietf.org/html/rfc8032

AsymmetricSignatureAlgorithm_PureEdDSA-448
ECC digital signature algorithm Ed448 described in
http://tools.ietf.org/html/rfc8032.

While they do have some URLs/URIs related to the definitions of those algorithms, I think those are not the same thing compared to the definitions of RSA-ones.

I'm not 100% sure are the URIs needed, but even if they wouldn't it would be nice to have 1:1 for the RSA ones to have something to refer in code.

One potential place where the lack causes issue is in Part 4 section 5.7.2 on CreateSessionResponse (https://reference.opcfoundation.org/Core/Part4/v105/docs/5.7.2), which defines on the serverSignature SignatureData: "The SignatureAlgorithm shall be the AsymmetricSignatureAlgorithm specified in the SecurityPolicy for the Endpoint. The SignatureData type is defined in 7.37.". The SignatureData then defines a String field 'algorithm' with "A string containing the URI of the algorithm. The URI string values are defined as part of the security profiles specified in OPC 10000-7.". It is not currently possible to "use ECC", as there is nothing defined to put to the 'algorithm' field. Unless the intention would be to allow leaving that field null/empty (since the algorithm is known from the endpoint/securitypolicy). However, then it should be written more clearly to indicate this is allowed or intended. In addition, if such wording is written, I would consider making different wording for RSA and ECC, since I'm not sure setting this null in RSA might cause interoperability issues.

One additional place URI-usage place is in ActivateSession (https://reference.opcfoundation.org/Core/Part4/v105/docs/5.7.3), in the request there is "userTokenSignature SignatureData" as well. However, I'm not sure does it apply to ECC.