Monday’s Enterprise User Interoperability Showcase by the Physical Security Interoperability Alliance (PSIA) at ASIS highlighted the value of interoperability standards—including a demonstration by Cisco‘s Deon Chatterton, senior manager integrated buildings and risk technologies, of a security operations application written by Cisco’s application developers based on the PSIA’s Area Control specification. One of the developers explained that they wrote and tested their application against the PSIA specification, configured it, and then plugged in the interfacing systems—products compliant with the Area Control specification—and it all worked without any workarounds or special coding outside beyond what the standards called for.
In the physical security industry, standards development has lagged for almost two decades, with many manufacturers skeptical of the value of jumping in early. It often takes very large customers or a large end-user organization to drive the development and adoption of interoperability standards.
A case in point is the story of the largest single U.S. purchaser of access and ID cards—the U.S. federal government—who developed a smart card interoperability standard on its own initiative when they couldn’t get the smart card industry to do it. Next, they established a government-wide policy not to buy any smart card technology that didn’t comply with a minimum level of standards implementation.
Thanks to the PSIA’s initiative, two very large physical security technology customers—Cisco and Microsoft—didn’t have to develop their own standards. Instead, both companies have joined the PSIA board to provide the PSIA with end-user board representation, with the objective to help facilitate their deployment of security technology profile through standards.
“We are making standards and interoperability core to our security strategy here at Microsoft Global Security,” said Mike Faddis, group manager. “Two years ago during ASIS in Orlando, I challenged the industry groups to aspire to greater interoperability and indicated that we will increasingly be basing our purchases and security ecosystem on tools and technology from vendors who have adopted security standards and have a focus on interoperability with others.”
Physical-Logical Security Interoperability
At the Showcase, the PSIA announced its launch of the Physical-Logical Access Interoperability Working Group (PLAI). This group will develop a specification to unify the management of logical and physical identities so that security industry manufacturers, integrators and end users can develop cost effective, easily administered solutions that span the physical and logical security domains.
“Many security end users want to synchronize the identities used by their logical and physical security access control systems but cannot justify the costs of proprietary solutions that require custom programming and disruptive new work flows,” said Mohammad Soleimani, executive vice president and chief technology officer, Kastle Systems, and interim chair of the new PSIA group.
The new PSIA specification will build on standards already used in the logical identity and access management world, including Policy-Enhanced Role-Based Access Control standard (RPE) and Lightweight Directory Access Protocol (LDAP) to enable vendors and users to more easily map logical identities and their role-based privileges to physical identities.