Trip Report

SIA Standards Committee

July 7-9, 2004

SIA Headquarters, Alexandria, VA

Overview

This was actually a series of three one day meetings: Data Modeling, Access Control Panel, and Digital Video. Historically, SIA held brief one or two hour meetings at ISC East and West. However, in an effort to improve their standards programs and to gain attendance from those working the booths, SIA is moving to full day independent meetings.

It should be noted that ASIS had stated that they have no intention to get into the standards business. The DHS has come to SIA and told them that if SIA doesn’t begin to produce standards that meet their needs, then the DHS will do so. The DHS needs are focused on interoperability. We know that TomRidge is chartered to make the various agencies that make up the DHS work together. TomRidge has issued an edict from the top that security systems will be open architecture and work together as well.

The Data Modeling effort is directed at defining in a vendor neutral way the basic functionality of various security systems. Once the Data Model is defined, the protocol or schema will be defined as a standard. Day one was focused on defining the Data Model tools, policy and procedure. Day Two began to use the Data Modeling tools to model the prototypical Access Control Panel and Day Three did a similar effort for Digital Video Servers and other video agenda items.

Data Modeling Session7/7/2004

The chairman – Hunter Knight of Integrated Command Software, a systems integrator - opened by stating that we would be defining performance standards for open systems integration. Interoperability would encompass security controller to security device, security controller to security controller, and security controller to non-security equipment. In order to bring everyone up to speed, several outside organizations that have been seeking SIA’s endorsements for their data models were invited to present their approaches to Data Modeling (but not their Data Models at this time).

Jim Luth – Iconics & Chairman of the OPC Foundation

Note that Iconics is an industrial process controls type of front end much like WonderWare. OPC stands for OLE for Process Controls.

Jim explained that OPC had previously used Microsoft COM but that COM is obsolete. So, they are just introducing a “New Architecture” based on Web Services and XML. They used UML (Unified Modeling Language – not related to XML) to create their Data Models, and then developed XML Schemas for each industry from the UML models. Visio supports UML and facilitates generating the XML Schemas. OPC used XML to create B2MML (Business to Manufacturing Markup Language). B2MML is focused on describing and moving data, but will let organizations such as SIA define the data. When the new Unified Architecture is released by year end, the OPC vision is a Web Services based Interoperable spec. The spec will include or address:

  • Browsable Namespace & Query
  • Tree Architecture
  • Reliability
  • Redundancy
  • Federation
  • OPC Interoperability SYSTEM Architecture
  • Performance
  • Platform/Language Transparency/Neutrality

Reference links:

Jim recommended doing the data model first then the schema and not attempting to do everything in one effort.

Piers McMahon- VP Computer Associates & OSE Consortium

Piers provided an overview of the OSE (Open Systems Exchange) modeling framework used with PHYSBITS (PhysicalSecurityBridge to IT Security). Their focus is on using the same credential for physical and logical access with provision for the credential being applied to people and assets. CA uses UML and Piers does considerable training on this tool. At CA the training typically takes a week and is used to develop software…

CA is using XML for the data. Their current focus is on XML based SEDML (Security Event Data Markup Language). They have plans for similar markup languages that address Credential Management and Storage Management..

Curtis Ide – VP Vistascape (Behavior Recognitions Software for Video) & OSE Consortium

Curtis confirmed that they currently have no vendors interoperating with OSE. Goals of OSE are:

  • Facilitate Interoperation
  • Vendor Neutral
  • Flexible & Extensible.
  • Support Enterprise Architecture

OSE models security system integration as an exchange of messages between security systems.

  • Systems treated as objects
  • Interaction defined by messages sent
  • Messages can trigger actions or respond to triggers
  • Message interaction covers virtually any form of integration purpose

Use Cases

  • Event notification
  • Client Server interaction
  • Query-Response interaction
  • Data transfer

Normalized security events are represented as:

  • Who
  • What
  • When
  • Where
  • State (current state of the event)

OSE intends to use UML - then XML for access control. They also intend to be SIA compliant in accordance with OSIPS and to adapt to the SIA standard when published. OSE is not addressing the transport layer. They are adding in a user council for end user perspective.

Hunter Knight – Chairman

SIA will use UML as their data modeling tool. UML provides an existing methodology capable of representing diverse model requirements and is neutral regarding stakeholders. Suggested books to read to get up to speed quickly on UML are:

  • UML in a Nutshell,
  • UML a Beginners Guide (Jason T. Rott) [probably the better of the two]

Hunter has purchased SPARX as a dedicated tool to do graphic modeling with UML, however the audience said Visio worked equally well. Hunter said it was critical to decide on the notation and methodology early.

By ASIS, the working group will develop a policy on vocabulary (UML) and a small set of modeling tools. There will also be a straw man using the DVR concept to critique. Samples to review will be done by the end of August. This group will meet again on the Thursday following ASIS in Dallas. Friday for Access Control.

Access Control Panel Session 7/8/2004

Hunter Knight (chairman) opened the session by saying that SIA will choose data models rather than interface message solutions. The data model will be developed with an as yet undelivered policy from the Data Model Committee. He said “If you don’t have products made to the OSIPS standards, you won’t sell to the Federal Government. The Government has threatened to create their own standards if SIA didn’t.”

Bill Swan - Novar Alerton & BACnet

Bill is the chairman of the parent committee to the Life Safety Standards committee which has the Access Control and Digital Video assignment. Bill stated that BACnet also has BACnet Testing Labs for conformance testing.

Dave Ritter – Delta Controls & BACnet LSS Chairman

The Life Safety Standards committee first met in February 2000 for Fire Alarm Interoperability. An addendum for this purpose was published in September 2001. The LSS started on the Access Control Data Model in January 2003. They are also tasked to work on CCTV and Digital Video – an effort just starting. Their Goals:

  • Not defining an access control system – only externally visible characteristics
  • Reuse as many BACnet objects as possible
  • Develop a data model aimed at the controller level
  • Able to model both simple and complex access control systems
  • Become the Global Standard for Access Control

This group has observed the following differences between Access Control and other BAS (Building Automation Systems):

  • More Dynamic
  • Larger Number of Objects
  • Different type of operator
  • More rigid network security and integrity requirements

One of the issues they are considering is whether it is better to interface at the Server rather than the Field Panel where BACnet normally focuses in order to inherit all the security measures such as encryption, authentication, etc.

Rob Zivney – VP Marketing Hirsch Electronics Speaking on Behalf of oBIX/OASIS (also a member of SIA and the BACnet LSS committee)

oBIX (Open Building Information eXchange) began under the stewardship of CABA (Continental Automated Building Association) at BuilConn in March of 2003. Nearly 75 companies from around the world were represented in person and via teleconference. It appeared that the tool of XML had reached critical mass such that all these companies were embracing it for data exchange. They had a common vision to establish quick guidelines for interoperability between the building systems and the business systems in the enterprise.

Later in 2003 when it became obvious that there was demand for a standard and not just a guideline, it was necessary for oBIX to leave the CABA incubator as CABA was not a standards organization. After evaluating several alternatives including ASHRAE and BACnet it was decide to select an organization more associated with the IT industry. So, the preeminent IT organization OASIS (Organization for the Advancement of Structured Information Standards) was selected. The association with OBIX began again June 15, 2004 and the work of the oBIX Data Modeling committee is now being updated.
oBIX/OASIS is focused on Web Service and XML implementations at a level higher than the controller/device level where BACnet and others have existed. They are more broadly oriented than BAS and want to interoperate with the business systems of the enterprise as well. oBIX desires a relationship with SIA and wants to embrace the Data Model developed by SIA as their own. They will develop the XML implementations thereof as required.

Hunter Knight

Hinter has his own definition of interoperability which was inconsistent with the rest of the folks in the room. Hunter said the operative word was “substitution.” He believed it was necessary to turn the access control panel into a commodity that was interchangeable and easy to substitute one manufacturer’s controller on another’s system.

Hunter stated that Sandia Labs (who was also present) believed that controllers were obsolete and going away - the next generation systems would be comprised of smart devices on a network. Hunter also said UL (joined us later) is a participant in the new Access Control panel spec effort and will adjust their standards as necessary to support the output of the committee.

During the group discussion, it was stated that there will need to be an API at the controller level although the standard will serve that purpose to a great extent. There is a need for local diagnostics. There was great difficulty in defining goals as Hunter drifted off into architectural implementations. However, the following initial Use Cases were identified by the audience:

  • BACnet
  • OSE
  • Get Access
  • Unlock Door
  • Lock Door
  • Monitor Status (focused on the portal)
  • Collect Data
  • Provisioning (including adding and deleting users; also configuring system)
  • System Reporting
  • Report / Get Status
  • Control Output
  • <Remote System Management>
  • Execute Commands - Set
  • Global Activity Updates
  • <Diagnostic Uses>

By the last day of July all contributors should have use cases submitted. These Use Cases will be compiled and published by the end of August.

Post meeting discussions seemed to favor aligning with BACnet as this group was farther along with comprehensive data models, handled themselves very professionally, had invited Rob Zivney and Mark Visbal of SIA to participate in their working group meetings, was willing to adapt to the needs of the security industry as represented by SIA and SIA needed to show significant progress in short order to achieve their goal of having a standard for the government. SIA expects to continue to contribute to the BACnet LSS efforts and appreciates the two way relationship.

Digital Video – 7/9/2004

Per Hansen of Salient Systems is the chairman of this subcommittee. He opened by stating that this group will also be using UML for data modeling. There will be a document to vote on for release to public review at ISC East.

SWGIT Discussion

The FBI and Law Enforcement independently developed this video guideline and have sought SIA input. It was noted by Pelco that the move by the commercial broadcast industry to digital (HDTV) will have an impact our industry since they will drive the availability of chips, etc. No more analog chips will be available after the 2006 deadline.

Digital Video Server Project

Yakov of Vicon said “Europe , after IFSEC, is going XML for standards.” EIA-TIA-250C is a good reference document, and suitable for adoption. The next meeting will be on the Wednesday of ASIS.

UML Discussion

Hunter created some controversy when he showed a sample Data Model with schedules. The video guys were uncomfortable with being sent schedules as they were now used to the third party systems sending an event trigger based on their own schedules. They expected the third party guys to use their API, however it is clear that API’s are soon dead in the light of a standard. Pelco just this past week got their API and SDK out for their 8000 series DVR.

SIA’s OSIPS, which covers all things security, is being developed in a partnership with Government. DHS is mandating that systems work together.

Sandia is going to be focusing on horizon technologies and let UL do the testing for mainstream products. They will be doing more research and will encourage manufacturers to develop new solutions. Nuclear facilities will be eliminating lights and cameras and thermal imagers and shift from delay to destroy strategies.

Digital Video Viewer Project

This will be combined with Digital Video Server for purposes of UML activity and delivery dates. There are question on how Video Servers will authenticate end users:

  • Show chain of custody
  • Capture pure and uncompressed
  • Download once
  • Take the document and seal it
  • Watermarks of no value – alters image

Everyone wants a single site to post and find all the vendor’s viewers.

Note that IP cameras (many now available with storage) can be viewed as a server. Actually, they area server, anyway!