Mohammad Soleimani Chief Technology Officer and EVP

Mohammad Soleimani
Chief Technology Officer and EVP, Kastle Systems
Chairman, PSIA
11/12/2014
Copyright held by PSIA- Nov 2014
From Presentation at
ASIS last Year:
•
•
We formally launched the
PLAI initiative last year at
ASIS.
We envisioned 4 layers of
integration between
Logical and Physical
system
IT ACCESS CONTROL
SYSTEM
PHYSICAL ACCESS
CONTROL SYSTEM
(PACS)
Dynamic Attribute
Dynamic Attribute
Mobile Credentials
Mobile Credentials
Functional Role
Functional Role
Identity
Identity
Copyright held by PSIA- Nov 2014
Plan For the Demo Today
Today we show that we
have a multi-vendor
implementation of the
first level integration for
Identity
IT ACCESS CONTROL
SYSTEM
PHYSICAL ACCESS
CONTROL SYSTEM
(PACS)
Identity
Identity
Copyright held by PSIA- Nov 2014
PLAI Agent Demo
Architecture
Authoritative
Identity Source
LDAP V.3
PLAI Agent
REST
API
Access
Control
System 1
Access
Control
System 2
Copyright held by PSIA- Nov 2014
Access
Control
System 3
Actual Demo Components
Microsoft
Active Directory
LDAP V.3
PLAI Agent
REST
API
C-Cure
UNISON
Copyright held by PSIA- Nov 2014
PLAI Identity Distribution
Microsoft
Active Directory
LDAP V.3
PLAI Agent
REST
API
C-Cure
UNISON
• Identity assigned in Active Directory will be distributed
through PLAI to all PACS
Copyright held by PSIA- Nov 2014
PLAI Credential
Assignement
Microsoft
Active Directory
LDAP V.3
PLAI Agent
REST
API
123-2000
C-Cure
UNISON
• Identity assigned in Active Directory will be distributed
through PLAI to all PACS
• Credential assigned in one PACS
Copyright held by PSIA- Nov 2014
PLAI Credential Distribution
Microsoft
Active Directory
LDAP V.3
PLAI Agent
REST
API
123-2000
123-2000
123-2000
C-Cure
UNISON
• Identity assigned in Active Directory will be distributed
through PLAI to all PACS
• Credential assigned in one PACS is automatically distributed
to other PACS through PLAI
Copyright held by PSIA- Nov 2014
Personnel Can Access all
Three Systems
Microsoft
Active Directory
LDAP V.3
PLAI Agent
REST
API
123-2000
123-2000
123-2000
C-Cure
UNISON
Copyright held by PSIA- Nov 2014
Terminating the Personnel
Microsoft
Active Directory
LDAP V.3
Terminating the Personnel
from the Logical side
Automatically removes All
Access from Physical side
PLAI Agent
REST
API
C-Cure
UNISON
Copyright held by PSIA- Nov 2014
Plans for Future
Integration
We plan to demo the next two
layers of Physical-Logical
interoperability by ISC-West:
1. Functional Role(s): Roles
defined in Logical side
determine the access on
the physical side
2. Mobile Credentials: We are
launching an Open Mobile
Credential Initiative (OMCI)
where mobile credentials
typically used for Bluetooth
Low Energy (BLE) or NFC
could easily be passed from
system to system
IT ACCESS CONTROL
SYSTEM
PHYSICAL ACCESS
CONTROL SYSTEM
(PACS)
Mobile Credentials
Mobile Credentials
Functional Role(s)
Functional Role(s)
Identity
Identity
Copyright held by PSIA- Nov 2014

Download Report