The Physical Security Interoperability Association (PSIA) has released a draft proposal of its Physical-Logical Access Interoperability (PLAI) specification. PSIA demonstrated how it would work during the recent ISC West event in Las Vegas: the PLAI specification enabled an identity to be entered into Microsoft’s widely used and LDAP-compliant Active Directory, and was then used to automatically propagate all of that identity’s associated privileges and credentials to physical access control systems (PACS). Similarly, when an identity was removed from Active Directory, the PLAI specification automatically propagated the revocation of all associated privileges and credentials.
“We’re excited about the potential the PLAI specification has for reshaping physical and logical identity access for the security industry,” said David Bunzel, executive director at the PSIA, in a statement. “With the PLAI specification, we’re making it possible to achieve access, privilege and credentials management across physical and logical identities on a plug-and-play basis. This is a game changer.”
The PLAI specification ensures the logical and physical access privileges associated with an employee’s role are always synchronized. That enables a company to ensure a person is physically present before permitting access to databases or applications.
“Being able to automate temporary and permanent privilege management through the PLAI specification will significantly reduce administrative time and cost burden,” said Mike Faddis, director at Microsoft Global Security. “The PLAI specification streamlines and standardizes the management of physical and logical identities, helping chief security officers effectively support Enterprise Security Risk Management.”
Further, the PSIA’s PLAI specification will enable automated inter-PACS interoperability in the market for the first time. Users can reduce the use of multiple access cards because the inter-PACS interoperability automates the process of enabling an access card associated in one vendor’s PACS to be used at entry points associated with a different PACS system, as long as the card readers are the same.
“With the PLAI specification, the industry is getting functionality we’ve always wanted without spending significant time and money to build custom interfaces among dozens of systems,” said Joshua Jackson, director, global product integration, Stanley Security. “This specification opens the door for manufacturers and integrators to add a great deal of value to security solutions while minimizing cost and implementation time.”
The PLAI specification builds on standards already used in the logical identity and access management world, including Role-Based Access Control (RBAC-RPE) and Lightweight Directory Access Protocol (LDAP). These will enable vendors and users to more easily map logical identities and their role-based privileges to physical identities.
The specification is being developed by the PSIA’s Physical-Logical Access Interoperability (PLAI) Working Group, which includes Allegion (previously Ingersoll Rand), Brivo Systems, HID Global, Inovonics, Kastle, Z9 Security, Mercury Systems, Microsoft Global Security, Stanley Security, Tyco Security and UTC.