The PSIA released the PLAI draft during a special session of the PLAI Working Group at ISC West in Las Vegas.
The PSIA released the PLAI draft during a special session of the PLAI Working Group at ISC West in Las Vegas.
Cost effective, automated synchronization of physical and logical identities, privileges and credentials took a major step toward becoming an industry standard, with the Physical Security Interoperability Association (PSIA) releasing a draft proposal of its Physical-Logical Access Interoperability (PLAI) specification.
"We're excited about the potential the PLAI specification has for reshaping physical and logical identity access for the security industry," said David Bunzel, executive director, the PSIA. "With the PLAI specification, we're making it possible to achieve access, privilege and credentials management across physical and logical identities on a plug-and-play basis. This is a game changer."
"Today we were pleased to demonstrate multiple disparate systems working seamlessly through the PLAI draft specification," said Mohammad Soleimani, chair of the PLAI Working Group and executive vice president and CTO, Kastle Systems. "That demonstration showed how the PLAI specification fundamentally changes the way the security industry approaches identity, privilege and access management. We are opening a door to enable broad, holistic solutions that span the physical and logical realms of identity."
During the ISC West demonstration, the PLAI specification enabled an identity to be entered into Microsoft's widely used and LDAP-compliant Active Directory, and then to automatically propagate all of that identity's associated privileges and credentials to physical access control systems (PACS). Similarly, when an identity was removed from Active Directory, the PLAI specification automatically propagated the revocation of privileges and credentials in the physical access control systems.
"Being able to automate temporary and permanent privilege management through the PLAI specification will significantly reduce administrative time and cost burden," said Mike Faddis, Director at Microsoft Global Security. "The PLAI specification streamlines and standardizes the management of physical and logical identities, helping chief security officers effectively support Enterprise Security Risk Management."
The PLAI specification ensures the logical and physical access privileges associated with an employee's role are always synchronized. That enables a company to ensure a person is physically present before permitting access to databases or applications.
Further, the PSIA's PLAI specification will enable automated inter-PACS interoperability in the market for the first time. Users can reduce multiple access cards because the inter-PACS interoperability automates the process of enabling an access card associated in one vendor's PACS to be used at entry points associated with a different PACS system as long as the card readers are the same.
"With the PLAI specification, the industry is getting functionality we've always wanted without spending significant time and money to build custom interfaces among dozens of systems," said Joshua Jackson, director, global product integration, Stanley Security. "This specification opens the door for manufacturers and integrators to add a great deal of value to security solutions while minimizing cost and implementation time."
The PLAI specification builds on standards already used in the logical identity and access management world, including Role-Based Access Control (RBAC-RPE) and Lightweight Directory Access Protocol (LDAP). These will enable vendors and users to more easily map logical identities and their role-based privileges to physical identities.
The specification is being developed by the PSIA's Physical-Logical Access Interoperability (PLAI) Working Group, which includes Allegion (previously Ingersoll Rand), Brivo Systems, HID Global, Inovonics, Kastle, Z9 Security, Mercury Systems, Microsoft Global Security, Stanley Security, Tyco Security and UTC.