Trip Report - Download Now DOC by 2R33d6


									                                    Trip Report
                         SIA Standards Committee
                                  July 7-9, 2004
                   SIA Headquarters, Alexandria, VA
This was actually a series of three one day meetings: Data Modeling, Access Control
Panel, and Digital Video. Historically, SIA held brief one or two hour meetings at ISC
East and West. However, in an effort to improve their standards programs and to gain
attendance from those working the booths, SIA is moving to full day independent

It should be noted that ASIS had stated that they have no intention to get into the
standards business. The DHS has come to SIA and told them that if SIA doesn’t begin to
produce standards that meet their needs, then the DHS will do so. The DHS needs are
focused on interoperability. We know that Tom Ridge is chartered to make the various
agencies that make up the DHS work together. Tom Ridge has issued an edict from the
top that security systems will be open architecture and work together as well.

The Data Modeling effort is directed at defining in a vendor neutral way the basic
functionality of various security systems. Once the Data Model is defined, the protocol
or schema will be defined as a standard. Day one was focused on defining the Data
Model tools, policy and procedure. Day Two began to use the Data Modeling tools to
model the prototypical Access Control Panel and Day Three did a similar effort for
Digital Video Servers and other video agenda items.

Data Modeling Session 7/7/2004
The chairman – Hunter Knight of Integrated Command Software, a systems integrator -
opened by stating that we would be defining performance standards for open systems
integration. Interoperability would encompass security controller to security device,
security controller to security controller, and security controller to non-security
equipment. In order to bring everyone up to speed, several outside organizations that
have been seeking SIA’s endorsements for their data models were invited to present their
approaches to Data Modeling (but not their Data Models at this time).

Jim Luth – Iconics & Chairman of the OPC Foundation
Note that Iconics is an industrial process controls type of front end much like
WonderWare. OPC stands for OLE for Process Controls.

Jim explained that OPC had previously used Microsoft COM but that COM is obsolete.
So, they are just introducing a “New Architecture” based on Web Services and XML.
They used UML (Unified Modeling Language – not related to XML) to create their Data
Models, and then developed XML Schemas for each industry from the UML models.
Visio supports UML and facilitates generating the XML Schemas. OPC used XML to
create B2MML (Business to Manufacturing Markup Language). B2MML is focused on
describing and moving data, but will let organizations such as SIA define the data. When
the new Unified Architecture is released by year end, the OPC vision is a Web Services
based Interoperable spec. The spec will include or address:
 Browsable Namespace & Query
 Tree Architecture
 Reliability
 Redundancy
 Federation
 OPC Interoperability SYSTEM Architecture
 Performance
 Platform/Language Transparency/Neutrality
Reference links:
Jim recommended doing the data model first then the schema and not attempting to do
everything in one effort.

Piers McMahon- VP Computer Associates & OSE Consortium
Piers provided an overview of the OSE (Open Systems Exchange) modeling framework
used with PHYSBITS (Physical Security Bridge to IT Security). Their focus is on using
the same credential for physical and logical access with provision for the credential being
applied to people and assets. CA uses UML and Piers does considerable training on this
tool. At CA the training typically takes a week and is used to develop software…

CA is using XML for the data. Their current focus is on XML based SEDML (Security
Event Data Markup Language). They have plans for similar markup languages that
address Credential Management and Storage Management..

Curtis Ide – VP Vistascape (Behavior Recognitions Software for
Video) & OSE Consortium
Curtis confirmed that they currently have no vendors interoperating with OSE. Goals of
OSE are:
     Facilitate Interoperation
     Vendor Neutral
     Flexible & Extensible.
     Support Enterprise Architecture
OSE models security system integration as an exchange of messages between security
     Systems treated as objects
     Interaction defined by messages sent
     Messages can trigger actions or respond to triggers
     Message interaction covers virtually any form of integration purpose
Use Cases
     Event notification
     Client Server interaction
     Query-Response interaction
     Data transfer
Normalized security events are represented as:
     Who
     What
     When
     Where
     State (current state of the event)
OSE intends to use UML - then XML for access control. They also intend to be SIA
compliant in accordance with OSIPS and to adapt to the SIA standard when published.
OSE is not addressing the transport layer. They are adding in a user council for end user

Hunter Knight – Chairman
SIA will use UML as their data modeling tool. UML provides an existing methodology
capable of representing diverse model requirements and is neutral regarding stakeholders.
Suggested books to read to get up to speed quickly on UML are:
    UML in a Nutshell,
    UML a Beginners Guide (Jason T. Rott) [probably the better of the two]
Hunter has purchased SPARX as a dedicated tool to do graphic modeling with UML,
however the audience said Visio worked equally well. Hunter said it was critical to
decide on the notation and methodology early.

By ASIS, the working group will develop a policy on vocabulary (UML) and a small set
of modeling tools. There will also be a straw man using the DVR concept to critique.
Samples to review will be done by the end of August. This group will meet again on the
Thursday following ASIS in Dallas. Friday for Access Control.

Access Control Panel Session 7/8/2004
Hunter Knight (chairman) opened the session by saying that SIA will choose data models
rather than interface message solutions. The data model will be developed with an as yet
undelivered policy from the Data Model Committee. He said “If you don’t have products
made to the OSIPS standards, you won’t sell to the Federal Government. The
Government has threatened to create their own standards if SIA didn’t.”

Bill Swan - Novar Alerton & BACnet
Bill is the chairman of the parent committee to the Life Safety Standards committee
which has the Access Control and Digital Video assignment. Bill stated that BACnet
also has BACnet Testing Labs for conformance testing.
Dave Ritter – Delta Controls & BACnet LSS Chairman
The Life Safety Standards committee first met in February 2000 for Fire Alarm
Interoperability. An addendum for this purpose was published in September 2001. The
LSS started on the Access Control Data Model in January 2003. They are also tasked to
work on CCTV and Digital Video – an effort just starting. Their Goals:
 Not defining an access control system – only externally visible characteristics
 Reuse as many BACnet objects as possible
 Develop a data model aimed at the controller level
 Able to model both simple and complex access control systems
 Become the Global Standard for Access Control
This group has observed the following differences between Access Control and other
BAS (Building Automation Systems):
 More Dynamic
 Larger Number of Objects
 Different type of operator
 More rigid network security and integrity requirements
One of the issues they are considering is whether it is better to interface at the Server
rather than the Field Panel where BACnet normally focuses in order to inherit all the
security measures such as encryption, authentication, etc.

Rob Zivney – VP Marketing Hirsch Electronics Speaking on
Behalf of oBIX/OASIS (also a member of SIA and the BACnet
LSS committee)
oBIX (Open Building Information eXchange) began under the stewardship of CABA
(Continental Automated Building Association) at BuilConn in March of 2003. Nearly 75
companies from around the world were represented in person and via teleconference. It
appeared that the tool of XML had reached critical mass such that all these companies
were embracing it for data exchange. They had a common vision to establish quick
guidelines for interoperability between the building systems and the business systems in
the enterprise.
Later in 2003 when it became obvious that there was demand for a standard and not just a
guideline, it was necessary for oBIX to leave the CABA incubator as CABA was not a
standards organization. After evaluating several alternatives including ASHRAE and
BACnet it was decide to select an organization more associated with the IT industry. So,
the preeminent IT organization OASIS (Organization for the Advancement of Structured
Information Standards) was selected. The association with OBIX began again June 15,
2004 and the work of the oBIX Data Modeling committee is now being updated.

oBIX/OASIS is focused on Web Service and XML implementations at a level higher
than the controller/device level where BACnet and others have existed. They are more
broadly oriented than BAS and want to interoperate with the business systems of the
enterprise as well. oBIX desires a relationship with SIA and wants to embrace the Data
Model developed by SIA as their own. They will develop the XML implementations
thereof as required.

Hunter Knight
Hinter has his own definition of interoperability which was inconsistent with the rest of
the folks in the room. Hunter said the operative word was “substitution.” He believed it
was necessary to turn the access control panel into a commodity that was interchangeable
and easy to substitute one manufacturer’s controller on another’s system.

Hunter stated that Sandia Labs (who was also present) believed that controllers were
obsolete and going away - the next generation systems would be comprised of smart
devices on a network. Hunter also said UL (joined us later) is a participant in the new
Access Control panel spec effort and will adjust their standards as necessary to support
the output of the committee.

During the group discussion, it was stated that there will need to be an API at the
controller level although the standard will serve that purpose to a great extent. There is a
need for local diagnostics. There was great difficulty in defining goals as Hunter drifted
off into architectural implementations. However, the following initial Use Cases were
identified by the audience:
 BACnet
 Get Access
 Unlock Door
 Lock Door
 Monitor Status (focused on the portal)
 Collect Data
 Provisioning (including adding and deleting users; also
    configuring system)
 System Reporting
 Report / Get Status
 Control Output
 <<Remote System Management>>
 Execute Commands - Set
 Global Activity Updates
 <<Diagnostic Uses>>
By the last day of July all contributors should have use cases submitted. These Use
Cases will be compiled and published by the end of August.

Post meeting discussions seemed to favor aligning with BACnet as this group was farther
along with comprehensive data models, handled themselves very professionally, had
invited Rob Zivney and Mark Visbal of SIA to participate in their working group
meetings, was willing to adapt to the needs of the security industry as represented by SIA
and SIA needed to show significant progress in short order to achieve their goal of having
a standard for the government. SIA expects to continue to contribute to the BACnet LSS
efforts and appreciates the two way relationship.

Digital Video – 7/9/2004
Per Hansen of Salient Systems is the chairman of this subcommittee. He opened by
stating that this group will also be using UML for data modeling. There will be a
document to vote on for release to public review at ISC East.

SWGIT Discussion
The FBI and Law Enforcement independently developed this video guideline and have
sought SIA input. It was noted by Pelco that the move by the commercial broadcast
industry to digital (HDTV) will have an impact our industry since they will drive the
availability of chips, etc. No more analog chips will be available after the 2006 deadline.

Digital Video Server Project
Yakov of Vicon said “Europe , after IFSEC, is going XML for standards.” EIA-TIA-
250C is a good reference document, and suitable for adoption. The next meeting will be
on the Wednesday of ASIS.

UML Discussion
Hunter created some controversy when he showed a sample Data Model with schedules.
The video guys were uncomfortable with being sent schedules as they were now used to
the third party systems sending an event trigger based on their own schedules. They
expected the third party guys to use their API, however it is clear that API’s are soon
dead in the light of a standard. Pelco just this past week got their API and SDK out for
their 8000 series DVR.

SIA’s OSIPS, which covers all things security, is being developed in a partnership with
Government. DHS is mandating that systems work together.

Sandia is going to be focusing on horizon technologies and let UL do the testing for
mainstream products. They will be doing more research and will encourage
manufacturers to develop new solutions. Nuclear facilities will be eliminating lights and
cameras and thermal imagers and shift from delay to destroy strategies.

Digital Video Viewer Project
This will be combined with Digital Video Server for purposes of UML activity and
delivery dates. There are question on how Video Servers will authenticate end users:
 Show chain of custody
 Capture pure and uncompressed
 Download once
 Take the document and seal it
 Watermarks of no value – alters image

Everyone wants a single site to post and find all the vendor’s viewers.

Note that IP cameras (many now available with storage) can be viewed as a server.
Actually, they area server, anyway!

To top