EN 60839-11-32:2017

SLOVENSKI STANDARD
01-junij-2017
Alarmni in elektronski varnostni sistemi - 11-32. del: Elektronski sistemi nadzora
dostopa - IP interoperabilnost na osnovi spletnih storitev - Specifikacija nadzora
dostopa
Alarm and electronic security systems - Part 11-32: Electronic access control systems -
IP interoperability implementation based on Web services - Access control specification
Ta slovenski standard je istoveten z: EN 60839-11-32:2017
ICS:
13.320 Alarmni in opozorilni sistemi Alarm and warning systems
2003-01.Slovenski inštitut za standardizacijo. Razmnoževanje celote ali delov tega standarda ni dovoljeno.

EUROPEAN STANDARD EN 60839-11-32

NORME EUROPÉENNE
EUROPÄISCHE NORM
March 2017
ICS 13.320
English Version
Alarm and electronic security systems -
Part 11-32: Electronic access control systems - Access control
monitoring based on Web services
(IEC 60839-11-32:2016)
Systèmes d'alarme et de sécurité électroniques -  Alarmanlagen - Teil 11-32: Elektronische
Partie 11-32: Systèmes de contrôle d'accès électronique - Zutrittskontrollanlagen - IP Interoperabilität auf Basis von
Commande de contrôle d'accès en fonction des services Webservices - Spezifikation der Zutrittskontrolle
Web (IEC 60839-11-32:2016)
(IEC 60839-11-32:2016)
This European Standard was approved by CENELEC on 2016-12-29. CENELEC members are bound to comply with the CEN/CENELEC
Internal Regulations which stipulate the conditions for giving this European Standard the status of a national standard without any alteration.
Up-to-date lists and bibliographical references concerning such national standards may be obtained on application to the CEN-CENELEC
Management Centre or to any CENELEC member.
This European Standard exists in three official versions (English, French, German). A version in any other language made by translation
under the responsibility of a CENELEC member into its own language and notified to the CEN-CENELEC Management Centre has the
same status as the official versions.
CENELEC members are the national electrotechnical committees of Austria, Belgium, Bulgaria, Croatia, Cyprus, the Czech Republic,
Denmark, Estonia, Finland, Former Yugoslav Republic of Macedonia, France, Germany, Greece, Hungary, Iceland, Ireland, Italy, Latvia,
Lithuania, Luxembourg, Malta, the Netherlands, Norway, Poland, Portugal, Romania, Serbia, Slovakia, Slovenia, Spain, Sweden,
Switzerland, Turkey and the United Kingdom.

European Committee for Electrotechnical Standardization
Comité Européen de Normalisation Electrotechnique
Europäisches Komitee für Elektrotechnische Normung
CEN-CENELEC Management Centre: Avenue Marnix 17, B-1000 Brussels
© 2017 CENELEC All rights of exploitation in any form and by any means reserved worldwide for CENELEC Members.
Ref. No. EN 60839-11-32:2017 E

European foreword
The text of document 79/523/CDV, future edition 1 of IEC 60839-11-32, prepared by
IEC/TC 79 "Alarm and electronic security systems" was submitted to the IEC-CENELEC parallel vote
and approved by CENELEC as EN 60839-11-32:2017.

The following dates are fixed:
(dop) 2017-09-29
• latest date by which the document has to be
implemented at national level by
publication of an identical national
standard or by endorsement
• latest date by which the national (dow) 2019-12-29
standards conflicting with the
document have to be withdrawn
Attention is drawn to the possibility that some of the elements of this document may be the subject of
patent rights. CENELEC [and/or CEN] shall not be held responsible for identifying any or all such
patent rights.
Endorsement notice
The text of the International Standard IEC 60839-11-32:2016 was approved by CENELEC as a
European Standard without any modification.
In the official version, for Bibliography, the following note has to be added for the standard indicated:

IEC 60839-11-31 NOTE Harmonized as EN 60839-11-31.
Annex ZA
(normative)
Normative references to international publications
with their corresponding European publications

The following documents, in whole or in part, are normatively referenced in this document and are
indispensable for its application. For dated references, only the edition cited applies. For undated
references, the latest edition of the referenced document (including any amendments) applies.

NOTE 1 When an International Publication has been modified by common modifications, indicated by (mod), the relevant
EN/HD applies.
NOTE 2 Up-to-date information on the latest versions of the European Standards listed in this annex is available here:
www.cenelec.eu
Publication Year Title EN/HD Year

IEC 60839-11-1 -  Alarm and electronic security systems - EN 60839-11-1 -
Part 11-1: Electronic access control
systems - System and components
requirements
IEC 60839-11-2 -  Alarm and electronic security systems - EN 60839-11-2 -
Part 11-2: Electronic access control
systems - Application guidelines

IEC 60839-11-32 ®
Edition 1.0 2016-11
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
colour
inside
Alarm and electronic security systems –

Part 11-32: Electronic access control systems – Access control monitoring

based on Web services
Systèmes d'alarme et de sécurité électroniques –

Partie 11-32: Systèmes de contrôle d'accès électronique – Commande de

contrôle d'accès en fonction des services Web

INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
COMMISSION
ELECTROTECHNIQUE
INTERNATIONALE
ICS 13.320 ISBN 978-2-8322-3779-3

– 2 – IEC 60839-11-32:2016  IEC 2016
CONTENTS
FOREWORD . 5
INTRODUCTION . 7
1 Scope . 8
2 Normative references . 8
3 Terms, definitions and abbreviated terms . 8
3.1 Terms and definitions . 8
3.2 Abbreviated terms . 10
4 Overview . 10
4.1 Interoperability . 10
4.2 Event handling . 10
4.3 Architecture . 10
4.4 External authorization (Overriding) . 11
4.5 Security considerations . 11
4.6 Door (access point) control . 12
4.7 Design considerations . 12
4.7.1 Instance-level capabilities . 12
4.7.2 Retrieving status . 12
4.7.3 Retrieving system configuration . 12
5 Access control . 13
5.1 General . 13
5.2 Service capabilities . 13
5.2.1 General . 13
5.2.2 Data structures: ServiceCapabilities . 13
5.2.3 GetServiceCapabilities command . 13
5.3 Access point (portal side) information . 14
5.3.1 Data structures . 14
5.3.2 GetAccessPointInfoList command . 15
5.3.3 GetAccessPointInfo command . 16
5.4 Area information . 17
5.4.1 Data structures: AreaInfo . 17
5.4.2 GetAreaInfoList command . 17
5.4.3 GetAreaInfo command . 17
5.5 Access point (portal side) status . 18
5.5.1 General . 18
5.5.2 Data structures: AccessPointState . 18
5.5.3 GetAccessPointState command . 18
5.6 Access control commands . 19
5.6.1 General . 19
5.6.2 Data structures: Decision enumeration . 19
5.6.3 EnableAccessPoint command . 19
5.6.4 DisableAccessPoint command . 20
5.6.5 ExternalAuthorization command . 20
5.7 Notification topics . 21
5.7.1 Event overview . 21
5.7.2 General transaction event layout . 21
5.7.3 Access granted . 22

IEC 60839-11-32:2016  IEC 2016 – 3 –
5.7.4 Access taken . 23
5.7.5 Access not taken . 23
5.7.6 Access denied . 24
5.7.7 Duress . 26
5.7.8 External authorization (Override) . 26
5.7.9 Status changes . 28
5.7.10 Configuration changes . 28
6 Door (access point) control . 29
6.1 General . 29
6.2 Service capabilities . 29
6.2.1 General . 29
6.2.2 Data structures: ServiceCapabilities . 29
6.2.3 GetServiceCapabilities command . 29
6.3 Door (access point) information . 30
6.3.1 Data structures . 30
6.3.2 GetDoorInfoList command . 31
6.3.3 GetDoorInfo command . 32
6.4 Door (access point) status . 33
6.4.1 General . 33
6.4.2 Data structures . 33
6.4.3 GetDoorState command. 35
6.5 Door (access point) control commands . 36
6.5.1 General . 36
6.5.2 AccessDoor command . 36
6.5.3 LockDoor command . 37
6.5.4 UnlockDoor command . 38
6.5.5 BlockDoor command . 38
6.5.6 LockDownDoor command . 39
6.5.7 LockDownReleaseDoor command . 39
6.5.8 LockOpenDoor command . 40
6.5.9 LockOpenReleaseDoor command . 40
6.5.10 DoubleLockDoor command . 41
6.6 Notification Topics . 42
6.6.1 General . 42
6.6.2 Status changes . 42
6.6.3 Configuration changes . 43
Annex A (normative) Access control interface XML schemata . 45
A.1 Access control service WSDL . 45
A.2 Door control service WSDL . 52
A.3 Common schema . 62
Annex B (informative) Mapping of mandatory functions in IEC 60839-11-1 . 64
Bibliography . 73

Figure 1 – Schematic overview of an access controlled door . 11

Table 1 – GetServiceCapabilities command . 14
Table 2 – GetAccessPointInfoList command . 16
Table 3 – GetAccessPointInfo command . 16

– 4 – IEC 60839-11-32:2016  IEC 2016
Table 4 – GetAreaInfoList command . 17
Table 5 – GetAreaInfo command . 18
Table 6 – GetAccessPointState command . 19
Table 7 – EnableAccessPoint command. 19
Table 8 – DisableAccessPoint command . 20
Table 9 – ExternalAuthorization command . 20
Table 10 – GetServiceCapabilities command . 30
Table 11 – GetDoorInfoList command . 32
Table 12 – GetDoorInfo command. 32
Table 13 – GetDoorState command . 36
Table 14 – AccessDoor command . 37
Table 15 – LockDoor command . 37
Table 16 – UnlockDoor command . 38
Table 17 – BlockDoor command . 38
Table 18 – LockDownDoor command . 39
Table 19 – LockDownReleaseDoor command . 40
Table 20 – LockOpenDoor command . 40
Table 21 – LockOpenReleaseDoor command . 41
Table 22 – DoubleLockDoor command . 41
Table B.1 – Access point interface requirements . 64
Table B.2 – Indication and annunciation requirements . 65
Table B.3 – Recognition requirements . 69
Table B.4 – Duress signalling requirements . 71
Table B.5 – Overriding requirements . 71
Table B.6 – System self protection requirements . 72

IEC 60839-11-32:2016  IEC 2016 – 5 –
INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
ALARM AND ELECTRONIC SECURITY SYSTEMS –

Part 11-32: Electronic access control systems –
Access control monitoring based on Web services

FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote
international co-operation on all questions concerning standardization in the electrical and electronic fields. To
this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,
Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC
Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested
in the subject dealt with may participate in this preparatory work. International, governmental and non-
governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely
with the International Organization for Standardization (ISO) in accordance with conditions determined by
agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence
between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in
the latter.
5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any
services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of
patent rights. IEC shall not be held responsible for identifying any or all such patent rights.
International Standard IEC 60839-11-32 has been prepared by IEC technical committee 79:
Alarm and electronic security systems.
The text of this standard is based on the following documents:
CDV Report on voting
79/523/CDV 79/547/RVC
Full information on the voting for the approval of this standard can be found in the report on
voting indicated in the above table.
This publication has been drafted in accordance with the ISO/IEC Directives, Part 2.

– 6 – IEC 60839-11-32:2016  IEC 2016
A list of all parts in the IEC 60839 series, published under the general title Alarm and
electronic security systems, can be found on the IEC website.
The committee has decided that the contents of this publication will remain unchanged until
the stability date indicated on the IEC website under "http://webstore.iec.ch" in the data
related to the specific publication. At this date, the publication will be
• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.
IMPORTANT – The 'colour inside' logo on the cover page of this publication indicates
that it contains colours which are considered to be useful for the correct
understanding of its contents. Users should therefore print this document using a
colour printer.
IEC 60839-11-32:2016  IEC 2016 – 7 –
INTRODUCTION
This document makes it possible to build an alarm and electronic security system with clients,
typically a monitoring console, and devices, typically an access control unit, from different
manufacturers using common and well defined interfaces.
This document specifies only the data and control flow between a client and the services
without reference to any physical device as the services required to implement a compliant
electronic access control system (EACS) are not necessarily implemented on a single device,
i.e. all services can be run on a control panel, event aggregator software on PC, etc.
This document does not define internal communication between an access control unit and its
components if they are implemented on a single device.
This document is based upon work done by the ONVIF open industry forum. The ONVIF
Access Control specification and ONVIF Door Control specification are compatible with this
document.
This document is accompanied by a set of computer readable interface definitions:
• Access control service WSDL, see Clause A.1;
• Door control service WSDL, see Clause A.2;
• Common schema, see Clause A.3;
Due to the differences in terminology used in IEC 60839-11-1, IEC 60839-11-2 and the ONVIF
specification that this part of IEC 60839 is based on, a reader should take special notice of
the terms and definitions clause.
Additional services needed for configuration of an EACS such as definitions of schedules,
handling of access rules, readers and credentials are outside the scope of this document.
These services will be covered by other parts of the IEC 60839-11-3x family of standards.

– 8 – IEC 60839-11-32:2016  IEC 2016
ALARM AND ELECTRONIC SECURITY SYSTEMS –

Part 11-32: Electronic access control systems –
Access control monitoring based on Web services

1 Scope
This part of IEC 60839 defines the Web services interface for electronic access control
systems. This includes listing electronic access control system components, their logical
composition, monitoring their states and controlling them. It also includes a mapping of
mandatory and optional requirements as per IEC 60839-11-1.
This document applies to physical security only. Physical security prevents unauthorized
personnel, attackers or accidental intruders from physically accessing a building, room, etc.
Web services usage and device management functionality are outside of the scope of this
document. Refer to IEC 60839-11-31 for more information.
This document does not in any way limit a manufacturer to add other protocols or extend the
protocol defined here. For rules on how to accomplish this refer to IEC 60839-11-31.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their
content constitutes requirements of this document. For dated references, only the edition
cited applies. For undated references, the latest edition of the referenced document (including
any amendments) applies.
IEC 60839-11-1, Alarm and electronic security systems – Part 11-1: Electronic access control
systems – System and components requirements
IEC 60839-11-2, Alarm and electronic security systems – Part 11-2: Electronic access control
systems – Application guidelines
3 Terms, definitions and abbreviated terms
3.1 Terms and definitions
For the purposes of this document the terms and definitions given in IEC 60839-11-1 and
IEC 60839-11-2, as well as the following, apply.
ISO and IEC maintain terminological databases for use in standardization at the following
addresses:
• IEC Electropedia: available at http://www.electropedia.org/
• ISO Online browsing platform: available at http://www.iso.org/obp
NOTE When the IEC term defined in IEC 60839-11-1 and IEC 60839-11-2 differs from the terms used in this
document the IEC term will be given in parentheses in the section headers.

IEC 60839-11-32:2016  IEC 2016 – 9 –
3.1.1
access point
portal
physical entrance/exit at which access can be controlled by a door, turnstile or other secure
barrier
Note 1 to entry: For the purposes of this document the access point is considered to be a logical composition of a
physical door and reader(s) controlling access in one direction.
Note 2 to entry: In this document, the term "door" has the same meaning as "access point" or "portal".
3.1.2
access point actuator
portal actuator
part of an access control system that interfaces to an access control unit releasing and
securing a portal according to pre-set rules
Note 1 to entry: In this document, the term “door lock” is used.
3.1.3
access point mode
logical operating mode of the portal indicating whether the portal is locked, unlocked, blocked,
locked down or locked open, etc.
Note 1 to entry: In this document, the term “door mode” is used.
3.1.4
access point sensor
portal sensor
electrical component used to monitor the open or closed status of an access point, or
locked/unlocked status of a locking device, or the secure/unsecure status of an
electromagnetic lock or armature plate
Note 1 to entry: In this document, the term “door monitor” is used.
3.1.5
access point overriding
portal overriding
action of issuing a manual command to bypass the pre-configured mode of operation (i.e.
release/secure/block) of an access point
Note 1 to entry: In this document, the terms “momentary access” and “unlocked” are examples of access point
overriding.
3.1.6
alarm
condition requiring human assessment or intervention
Note 1 to entry: Often used in electronic access control system in the sense of alert.
Note 2 to entry: In this document, the term "door alarm" is used.
3.1.7
client
service requester
EXAMPLE System management, annunciation, monitoring console.
3.1.8
device
service provider
EXAMPLE: Access control unit.
– 10 – IEC 60839-11-32:2016  IEC 2016
3.1.9
portal side
logical composition of a physical door and reader (s) controlling access in one direction
3.2 Abbreviated terms
For the purposes of this document, the abbreviated terms given in IEC 60839-11-1 and
IEC 60839-11-2, as well as the following apply.
ACMS Access Control Management System
BMS Building Management System
HTTP Hypertext Transfer Protocol
PSIM Physical Security Information Management
SOAP Simple Object Access Protocol
TLS Transport Layer Security
WSDL Web Services Description Language
4 Overview
4.1 Interoperability
This document provides new interoperability opportunities by separating configuration from
control and monitoring. In traditional systems, the central management system pushes all
configurations data to devices on startup and expects that this configuration data is not
changed by other clients. Instead, a client shall expect that all information is stored on end-
devices and can be changed by others.
An EACS system defined by this document relies on service-oriented architecture principles.
This allows installations where different components can be replaced or updated
independently.
4.2 Event handling
Event handling is a crucial part of access control operations. In addition to real-time event
delivery IEC 68839-11-31 provides the means for accessing stored events on the edge to
deliver them if connection is lost.
Events are divided into 3 groups depending on their origin and purpose:
1) Configuration change events. These events are provided to achieve interoperability
between several clients that control a single device simultaneously.
2) Transaction events. The core functionality of EACS that provides daily monitoring of all
access events, including access granted events designed to notify clients about all
detailed information (who, when and probably where they passed) on every particular
access granted event, access denial events (that may or may not contain reason
information), etc.
3) Alarms and faults events. These events provide health status monitoring allowing
operators to take action in case of hardware failure, intrusion or other suspicious activity.
Refer to IEC 68839-11-31 for details on event delivery mechanism and 5.7 for the list of
events defined by this document.
4.3 Architecture
This document does not mandate any specific physical device layout. The scheme provided in
Figure 1 is not intended to be taken as a pattern but to serve as a reference for better

IEC 60839-11-32:2016  IEC 2016 – 11 –
understanding of the given specification. Based on the definitions below, different physical
configurations of an access controlled door are possible.
IP network
Access control unit
Door monitor
Door
Reader
Door lock
IEC
Figure 1 – Schematic overview of an access controlled door
A door that is controlled by an electronic access control system is equipped with the following
devices:
• An access control unit that provides connections for reader, door sensor, door lock and
additional digital inputs and outputs. This panel enables the software to interact with the
physical devices. Sometimes these panels also contain storage and local intelligence to
provide an offline functionality, so that the door will work as expected, even if there is no
management system above available.
• A reader that is able to read a credential. In most cases a reader is only mounted at the
outer (unsecure) side of the door. If the system monitors when somebody is leaving an
area, a card reader will be mounted on both sides of the door.
• A door monitor that signals the control panel, that the door is open or closed.
• A door lock that can be engaged by the access control unit to release the door, for
example in case an authorized credential is recognized.
The access control unit will, through the IP network, be connected to a system, typically a
monitoring console, for monitoring and configuration.
4.4 External authorization (Overriding)
External authorization is a feature used to take access decisions for an access point outside
the access control unit. External authorization entails, but is not limited to, a policy within the
access control unit where the access control unit delegates the access decisions to an
outside entity such as a guard or ACMS.
4.5 Security considerations
This document assumes possibility of building EACS systems interacting on the device level.
This implies more security consideration than regular client-server interaction.

– 12 – IEC 60839-11-32:2016  IEC 2016
IEC 68839-11-31 defines several mechanisms to achieve this. They include, but are not
limited to
• TLS for transport encryption;
• HTTP digest for client authentication;
• user management and access policies for client authorization;
• IEEE 802.1X certificate management for server authentication and spoofing protection.
Refer to the respective whitepapers and specifications for more information.
4.6 Door (access point) control
The door control service provides mechanisms for controlling physical door instances and
monitoring their status.
The Door in this document can refer to such physical objects as an automatic barrier or a door
equipped with an electric lock. Turnstiles which can restrict access in either direction can be
represented with a pair of doors.
4.7 Design considerations
4.7.1 Instance-level capabilities
A single EACS device may have diverse components of the same type. For example, a
controller may operate two doors: one at the entrance to the building which has secure
locking, monitoring and alarm abilities, and the other one is internal which can be only locked
and unlocked.
Therefore, capabilities can be divided into two groups:
• overall service capabilities;
• capabilities for a particular entity in the service. It can also work in conjunction with the
GetEventProperties function to provide finer control over the system.
Refer to 5.2 and 6.2 for more information.
4.7.2 Retrieving status
This document defines two parallel mechanisms for retrieving status information for most
entities:
• GetState functions return a cumulative snapshot of the current state, operating
mode and other run-time information.
• The Event service returns up-to-date and consistent states of entities. Each entity
provides a set of events (usually one per each field in the State type) to notify a client
about status changes. As far as these events are property events, a client receives the
current state whenever a new subscription is initialized.
4.7.3 Retrieving system configuration
This document defines several Get-functions that can return data incrementally. These
functions allow the processing of a large number of entities even though resources are highly
constrained.
To return data incrementally, these functions make use of a parameter called StartReference.
StartReference is a device internal identifier used to continue fetching data from the last
position, and allows a client to iterate over a large dataset in smaller chunks. The device
handles a reasonable number of different StartReferences at the same time and they live for a
reasonable time so that clients are able to fetch complete datasets.

IEC 60839-11-32:2016  IEC 2016 – 13 –
A client always passes the value returned from a previous request to continue fetching data.
Clients do not use the same reference more than once.
For example, the StartReference can be the incrementing start position number or the
underlying database transaction identifier.
The returned NextStartReference is used as the StartReference parameter in successive
calls, and may be changed by device in each call.
The following pseudo-code demonstrates how information about all access points can be
obtained from a device:
StartRef = null
do {
Response = GetAccessPointInfoList(StartReference = StartRef)
if (Response.AccessPointInfo != null) {
AllAccessPoints.Append(Response.AccessPointInfo)
}
StartRef = Response.NextStartReference
} while (StartRef != null)
5 Access control
5.1 General
This service offers commands to retrieve status information and to control access point
instances.
5.2 Service capabilities
5.2.1 General
A device shall provide service capabilities in two ways:
1) With the GetServices method of Device service when IncludeCapability is true. Refer to
IEC 68839-11-31 for more details.
2) With the GetServiceCapabilities method.
5.2.2 Data structures: ServiceCapabilities
The service capabilities reflect optional functionality of a service. The information is static and
does not change during device operation. The following capabilities are available:
• MaxLimit
The maximum number of entries returned by a single GetList or
Getrequest. The device shall never return more than this number of entities in a
single response.
5.2.3 GetServiceCapabilities command
This operation returns the capabilities of the access control service. A device shall support
this command as described in Table 1.

– 14 – IEC 60839-11-32:2016  IEC 2016
Table 1 – GetServiceCapabilities command
GetServiceCapabilities Access class: PRE_AUTH
Message name Description
GetServiceCapabilitiesRequest This message shall be empty
This message contains:
• "Capabilities": The capability response message contains
GetServiceCapabilitiesResponse
the requested Access Control service capabilities using a
hierarchical XML capability structure.
tac:ServiceCapabilities Capabilities [1][1]
Fault codes Description
No command specific faults
5.3 Access point (portal side) information
5.3.1 Data structures
5.3.1.1 AccessPointInfo
The AccessPointInfo structure contains basic information about an access point instance. An
access point defines an entity a credential can be granted or denied access to. The
AccessPointInfo provides basic information on how access is controlled in one direction for a
door (from which area to which area).
Multiple access points may cover the same door. A typical case is one access point for entry
and another for exit, both referencing the same door.
A device shall provide the following fields for each access point instance:
• Token
A service-unique identifier of the access point.
• Name
A user readable name. It shall be up to 64 characters.
• Entity
Reference to the entity used to control access; the entity type may be specified by the
optional EntityType field explained below but is typically a door.
• Capabilities
The capabilities for the access point.
To provide more information the device may include the following optional fields:
• Description
Optional user readable description for the access point. It shall be up to 1 024 characters.
• AreaFrom
Optional reference to the area from which access is requested.
• AreaTo
Optional reference to the area to which access is requested.
• EntityType
Optional entity type; if missing, a Door type as defined by the door control service should
be assumed. This can also be represented by the QName value “tdc:Door” – where tdc is
the namespace of the Door Control service: http://www.onvif.org/ver10/doorcontrol/wsdl.
This field is provided for future extensions; it will allow an access point being extended to
cover entity types other than doors as well.

IEC 60839-11-32:2016  IEC 2016 – 15 –
5.3.1.2 AccessPointCapabilities
The access point capabilities reflect optional functionality of a particular physical entity.
Different access point instances may have different set of capabilities. This information may
change during device operation, for example if hardware settings are changed. The following
capabilities are available:
• DisableAccessPoint
Indicates whether or not this access point instance supports EnableAccessPoint and
DisableAccessPoint commands.
• Duress
Indicates whether or not this access point instance supports the generation of duress
events.
• AnonymousAccess
Indicates whether or not this access point has a REX or other input that allows anonymous
access.
• AccessTaken
Indicates whether or not this access point instance supports the generation of
AccessTaken and AccessNotTaken events.
If AnonymousAccess and AccessTaken are both true, it indicates that the Anonymous
versions of AccessTaken and AccessNotTaken are supported as well.
• ExternalAuthorization
I
...