Issue link: https://securitytechnologyexecutive.epubxp.com/i/557126
10 SECURITY TECHNOLOGY EXECUTIVE • July/August 2015 www.SecurityInfoWatch.com TECH TRENDS B y Ray C o ulo m b e Ray Coulombe is Founder and Managing Director of SecuritySpecifiers.com and RepsForSecurity.com. Ray can be reached at ray@SecuritySpecifiers. com, through LinkedIn at www.linkedin.com/in/ raycoulombe or followed on Twitter @RayCoulombe. I PSIA Primer Access control standards at stake n my last column, I provided thoughts on the ONVIF specification effort, which was initiated in 2008 by Axis, Bosch, and Sony. This month, I'll turn my attention to another effort to drive system interoperability. Also founded in 2008 by over 20 companies, including Cisco, Honey- well, GE (now UTC), and Tyco, that organiza- tion is the PSIA, short for the Physical Security Interoperability Alliance (www.psialliance.org). Although neither have the power of a true stan- dards making organization, I believe that either would claim success if their efforts became de- facto standards and widely adopted by both manufacturers and specifiers. The PSIA has created a security eco- system, relying on seven complemen- tary specifications, which enable sys- tems and devices to interoperate and exchange information. Three of these - the Service Model; PSIA Common Meta- data & Event Model; and the PSIA Com- mon Security Model – provide a frame- work for the functional specifications, including the IP Media Device spec (video), Recording and Content Man- agement spec (storage), Video Analytics spec, and Area Control (access control, intrusion, power management) spec. While early on, both organizations focused on video, ONVIF has evolved to have a strong international coalition of companies who, today, are mainly video centric. The PSIA has emerged to have access control as its primary focus, embodied in the functional specification for Area Control. Leadership contends that most of the significant North American PACS (Physical Access Control System) manufacturers now par- ticipate in this effort. I asked David Bunzel, PSIA Executive Director, about the need for interoperability of access con- trol systems since, unlike cameras, there seems to be less of a requirement for "mix and match", particularly since many hardware panels can be repurposed with a change in access control soft- ware. David explained that the idea is to provide actionable intelligence coming back to a dash- board from disparate systems, with the ability to share data among systems. This suggests a larger, enterprise focus, which David verified. Think of a scenario where a company grows by acquisi- tion and wants to avoid a fork lift replacement or extensive modification of acquired systems. If both the incumbent and the acquired system meet the PSIA specification, the barriers to a lower cost implementation may be lowered. The PSIA has achieved industry attention in the last year because of its Physical Logical Access Interoperability (PLAI) profile, which is part of the Area Control specification. PLAI is a dynamic identity management protocol, designed to have Lightweight Directory Access Protocol (LDAP) as a single authoritative source for identities using role-based access control (RBAC). NIST (Nation- al Institute of Standards and Technology) has mandated that RBAC requires all access occurs through roles, and permissions are connected only to roles, not directly to users. (CINCITS 359- 2012 is the current standard for RBAC, approved by ANSI in 2012.) In IT terms, this is in lieu of Access Control Lists (ACL's), where permissions are assigned to individual users, much like today's physical access control world. In RBAC, roles can be easily created, changed, or discontinued as the needs of the enterprise evolve, without having to individually update the privileges for every user. Originally intended for the logical domain, using a working standardized framework in the melding of the physical and logical domains makes good sense, as the above benefits could certainly be imparted to the physical world. And, clearly, the industry recognizes that com- mon physical-logical credentialing is a neces- sary component for next generation access con- trol systems. The PSIA is also moving to include areas adja- cent to access control, such as power manage- ment, an integral part of many access control sys- tems. Both Altronix and LifeSafety Power are par- ticipants in the initial stage of this effort. Other areas of emerging interest are battery-powered locks and the Internet of Things (IoT). So, while ONVIF has dominated the "de facto standards" of IP surveillance video, the PSIA has clearly staked its future on access control, the physical-logical evolution of access control, and adjacent areas. We're not yet seeing the PSIA compliance splashed throughout manufacturers' product literature or web sites, and PSIA compli- ance has not become a key consultant spec item. Also, ONVIF approved its access control standard in December, 2013. Can ONVIF push its advan- tage into access, given its broad membership and the increasing integration of video and access? ■