Skip to main content

Go Search
Home
  
Standards Actions & Public Review Drafts > Review Comments > Access Control Object Reference Inconsistencies  

Review Comments: Access Control Object Reference Inconsistencies

Document Title

BSR/ASHRAE Addendum j to ANSI/ASHRAE Standard 135-2004, BACnet-A Data Communication Protocol for Building Automation and Control Networks (Third Public Review Draft) 

Title

Access Control Object Reference Inconsistencies 

Comment Number

010 

Comment Type

 

Commenter Number

0005 

Component Identifier

 

Component Type

 

Date Submitted

5/5/2008 5:23 AM 

Supportive

No 

Comment Text

Cross-Reference Listing of Access Control related Object Types:

 

Access Point is referenced in:

  • AccessZone.EntryPoints
  • AccessZone.ExitPoints
  • AccessRights.NegativeAccessRules.Location*
  • AccessRights.PositiveAccessRules.Location*

Access Zone is referenced in:

  • AccessPoint.ZoneTo
  • AccessPoint.ZoneFrom
  • AccessRights.NegativeAccessRules.Location*
  • AccessRights.PositiveAccessRules.Location*

Access User is referenced in:

  • AccessUser.Members
  • AccessUser.Member_Of
  • AccessCredential.BelongsTo
  • AccessRights.Accompanied*

Access Rights is referenced in:

  • AccessRights.Accompanied*
  • AccessCredential.AssignedAccessRights.AssignedAccessRights*

Access Credential is referenced in:

  • AccessPoint.AccessEvent*
  • AccessZone.CredentialsInZone*
  • AccessZone.LastCredentialAdded*
  • AccessZone.LastCredentialRemoved*
  • AccessUser.Credentials
  • AccessRights.Accompanied*

Additional possible cross-device references (for consistency with Location):

  • AccessRights.NegativeAccessRules.TimeRange*
  • AccessRights.PositiveAccessRules.TimeRange*

 

* Referenced by BACnetObjectIdentifier

 

Analyzing the above cross-references table it highlights some limitations. The Access Authentication & Authorization process can only run on a Device having all its elements locally: Access Point objects, Access Credential objects, Access Rights objects, Access Zone objects and Access User objects (see

  • AccessRights.NegativeAccessRules.Location,
  • ccessRights.PositiveAccessRules.Location,
  • AccessRights.Accompanied, etc.).

 

In some cases remote relations are used:

  • The device has limited capacity and needs to do some data access remotely, having only the recent most used data locally (Cache)
  • The device has some object types remotely stored (e.g. Access User)
  • Global Anti-Passback when the devices have no peer-to-peer communication in pure Client-Server systems
  • Etc.

 

But in other properties, these same object types can be reached using DeviceObjectReference meaning that the object can be located on the same device or also on another device. This could be the case for

  • AccessUser and AccessZone
    with the following limitation: an AccessUser or an AccessZone involved by the Authentication & Authorization process shall be accessible locally. Note: this applies especially to Access Zones pointed by any ZoneTo and ZoneFrom when Anti-Passback and/or Zone Counting are involved (see
    • AccessZone.CredentialInZone,
    • AccessZone.LastCredentialAdded,
    • AccessZone.LastCredentialRemoved).

 

The other cross-device issue is the maintenance of the lists, e.g.

  • AccessUser.Members
  • AccessUser:Member_Of

e.g. an Access_User object refers to another device Access User object.

Substantiating Statements_0

 

Responses

Responses 

Comment Approval Date

 

Comment Status

Replied To - Resolved 

Affiliation

Siemens Building Technologies 

Last Action

 

Last Action Request Further Contact

 

Last Action Type

New Comment 

Response Status

 

Review Period

 

Start Date

 

End Date

 

AuthorSave

 

ModifiedBySave

 

Assigned Responder/SC/WG

 

Committee Response

 

Reply Status

 

Commenter Reply

OK - Resolved 

Late Comment

 

ANSI Comment

 

Committee Title

SSPC135 

Draft Comment

 

Committee Tag

 

Response Sent

 

Substantiating Statements

The easiest solution is to make all objects local and let the synchronization, if any required, be a local matter.

 

Another solution could be making all objects remote and omit the device reference, when needed. The empty or not empty device-reference will be a local matter.

Attachments
Content Type: Review Comment
Created at 5/5/2008 5:23 AM  by philippe.goetz@siemens.com 
Last modified at 6/19/2011 12:07 AM  by oldtownit