By Mohammad Soleimani
Chairman, PLAI Working Group, the PSIA
CTO, Kastle Systems
A standardized means of synchronizing physical and logical identities, privileges and even credentials is close to reality. The PSIA’s Physical-Logical Access Interoperability (PLAI) Working Group, which includes Allegion, Inovonics, Kastle, Mercury Systems, Microsoft Global Security, Stanley Security and UTC, is very close to releasing a draft proposal for the PLAI specification.
The PLAI specification ensures the logical and physical access privileges associated with an employee’s role are always synchronized. Further, the PSIA’s PLAI will enable automated inter-PACS interoperability in the market for the first time. End users and integrators have been requesting all of this functionality but until we developed the PLAI specification, the only “solutions” have been highly manual; error-prone; time consuming to implement; and expensive.
The PLAI specification builds on standards already used in the logical identity and access management world, including Role-Based Access Control (RBAC-RPE) and Lightweight Directory Access Protocol (LDAP). These will enable vendors and users to more easily map logical identities and their role-based privileges to physical identities. In turn, that enables enterprises to cost effectively:
- Ensure persons are physically present before allowing them to log into applications and databases to shore up cyber-security defense.
- Streamline privilege management and reduce security administrative costs.
- Reduce multiple access cards because PLAI’s inter-PACS interoperability automates the process of enabling an access card associated in one vendor’s PACS to be used at entry points associated with a different PACS system as long as the card readers are the same.