IEC 60839-11-32:2016

IEC 60839-11-32 ®
Edition1.0 2016-11
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
colour
inside
Alarm and electronic security systems –
Part 11-32: Electronic access control systems – Access control monitoring
based on Web services
Systèmes d'alarme et de sécurité électroniques –
Partie 11-32: Systèmes de contrôle d'accès électronique – Commande de
contrôle d'accès en fonction des services Web

All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form
or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from
either IEC or IEC's member National Committee in the country of the requester. If you have any questions about IEC
copyright or have an enquiry about obtaining additional rights to this publication, please contact the address below or
your local IEC member National Committee for further information.

Droits de reproduction réservés. Sauf indication contraire, aucune partie de cette publication ne peut être reproduite
ni utilisée sous quelque forme que ce soit et par aucun procédé, électronique ou mécanique, y compris la photocopie
et les microfilms, sans l'accord écrit de l'IEC ou du Comité national de l'IEC du pays du demandeur. Si vous avez des
questions sur le copyright de l'IEC ou si vous désirez obtenir des droits supplémentaires sur cette publication, utilisez
les coordonnées ci-après ou contactez le Comité national de l'IEC de votre pays de résidence.

IEC Central Office Tel.: +41 22 919 02 11
3, rue de Varembé Fax: +41 22 919 03 00
CH-1211 Geneva 20 info@iec.ch
Switzerland www.iec.ch
About the IEC
The International Electrotechnical Commission (IEC) is the leading global organization that prepares and publishes
International Standards for all electrical, electronic and related technologies.

About IEC publications
The technical content of IEC publications is kept under constant review by the IEC. Please make sure that you have the
latest edition, a corrigenda or an amendment might have been published.

IEC Catalogue - webstore.iec.ch/catalogue Electropedia - www.electropedia.org
The stand-alone application for consulting the entire The world's leading online dictionary of electronic and
bibliographical information on IEC International Standards, electrical terms containing 20 000 terms and definitions in
Technical Specifications, Technical Reports and other English and French, with equivalent terms in 15 additional
documents. Available for PC, Mac OS, Android Tablets and languages. Also known as the International Electrotechnical
iPad. Vocabulary (IEV) online.

IEC publications search - www.iec.ch/searchpub IEC Glossary - std.iec.ch/glossary
The advanced search enables to find IEC publications by a 65 000 electrotechnical terminology entries in English and
variety of criteria (reference number, text, technical French extracted from the Terms and Definitions clause of
committee,…). It also gives information on projects, replaced IEC publications issued since 2002. Some entries have been
and withdrawn publications. collected from earlier publications of IEC TC 37, 77, 86 and

CISPR.
IEC Just Published - webstore.iec.ch/justpublished
Stay up to date on all new IEC publications. Just Published IEC Customer Service Centre - webstore.iec.ch/csc
details all new publications released. Available online and If you wish to give us your feedback on this publication or
also once a month by email. need further assistance, please contact the Customer Service
Centre: csc@iec.ch.
A propos de l'IEC
La Commission Electrotechnique Internationale (IEC) est la première organisation mondiale qui élabore et publie des
Normes internationales pour tout ce qui a trait à l'électricité, à l'électronique et aux technologies apparentées.

A propos des publications IEC
Le contenu technique des publications IEC est constamment revu. Veuillez vous assurer que vous possédez l’édition la
plus récente, un corrigendum ou amendement peut avoir été publié.

Catalogue IEC - webstore.iec.ch/catalogue Electropedia - www.electropedia.org
Application autonome pour consulter tous les renseignements
Le premier dictionnaire en ligne de termes électroniques et
bibliographiques sur les Normes internationales,
électriques. Il contient 20 000 termes et définitions en anglais
Spécifications techniques, Rapports techniques et autres
et en français, ainsi que les termes équivalents dans 15
documents de l'IEC. Disponible pour PC, Mac OS, tablettes
langues additionnelles. Egalement appelé Vocabulaire
Android et iPad.
Electrotechnique International (IEV) en ligne.

Recherche de publications IEC - www.iec.ch/searchpub
Glossaire IEC - std.iec.ch/glossary
65 000 entrées terminologiques électrotechniques, en anglais
La recherche avancée permet de trouver des publications IEC
en utilisant différents critères (numéro de référence, texte, et en français, extraites des articles Termes et Définitions des
comité d’études,…). Elle donne aussi des informations sur les publications IEC parues depuis 2002. Plus certaines entrées
projets et les publications remplacées ou retirées. antérieures extraites des publications des CE 37, 77, 86 et

CISPR de l'IEC.
IEC Just Published - webstore.iec.ch/justpublished

Service Clients - webstore.iec.ch/csc
Restez informé sur les nouvelles publications IEC. Just
Published détaille les nouvelles publications parues. Si vous désirez nous donner des commentaires sur cette
Disponible en ligne et aussi une fois par mois par email. publication ou si vous avez des questions contactez-nous:
csc@iec.ch.
IEC 60839-11-32 ®
Edition 1.0 2016-11
INTERNATIONAL
STANDARD
NORME
INTERNATIONALE
colour
inside
Alarm and electronic security systems –

Part 11-32: Electronic access control systems – Access control monitoring

based on Web services
Systèmes d'alarme et de sécurité électroniques –

Partie 11-32: Systèmes de contrôle d'accès électronique – Commande de

contrôle d'accès en fonction des services Web

INTERNATIONAL
ELECTROTECHNICAL
COMMISSION
COMMISSION
ELECTROTECHNIQUE
INTERNATIONALE
ICS 13.320 ISBN 978-2-8322-3779-3

– 2 – IEC 60839-11-32:2016  IEC 2016
CONTENTS
FOREWORD . 5
INTRODUCTION . 7
1 Scope . 8
2 Normative references . 8
3 Terms, definitions and abbreviated terms . 8
3.1 Terms and definitions . 8
3.2 Abbreviated terms . 10
4 Overview . 10
4.1 Interoperability . 10
4.2 Event handling . 10
4.3 Architecture . 10
4.4 External authorization (Overriding) . 11
4.5 Security considerations . 11
4.6 Door (access point) control . 12
4.7 Design considerations . 12
4.7.1 Instance-level capabilities . 12
4.7.2 Retrieving status . 12
4.7.3 Retrieving system configuration . 12
5 Access control . 13
5.1 General . 13
5.2 Service capabilities . 13
5.2.1 General . 13
5.2.2 Data structures: ServiceCapabilities . 13
5.2.3 GetServiceCapabilities command . 13
5.3 Access point (portal side) information . 14
5.3.1 Data structures . 14
5.3.2 GetAccessPointInfoList command . 15
5.3.3 GetAccessPointInfo command . 16
5.4 Area information . 17
5.4.1 Data structures: AreaInfo . 17
5.4.2 GetAreaInfoList command . 17
5.4.3 GetAreaInfo command . 17
5.5 Access point (portal side) status . 18
5.5.1 General . 18
5.5.2 Data structures: AccessPointState . 18
5.5.3 GetAccessPointState command . 18
5.6 Access control commands . 19
5.6.1 General . 19
5.6.2 Data structures: Decision enumeration . 19
5.6.3 EnableAccessPoint command . 19
5.6.4 DisableAccessPoint command . 20
5.6.5 ExternalAuthorization command . 20
5.7 Notification topics . 21
5.7.1 Event overview . 21
5.7.2 General transaction event layout . 21
5.7.3 Access granted . 22

5.7.4 Access taken . 23
5.7.5 Access not taken . 23
5.7.6 Access denied . 24
5.7.7 Duress . 26
5.7.8 External authorization (Override) . 26
5.7.9 Status changes . 28
5.7.10 Configuration changes . 28
6 Door (access point) control . 29
6.1 General . 29
6.2 Service capabilities . 29
6.2.1 General . 29
6.2.2 Data structures: ServiceCapabilities . 29
6.2.3 GetServiceCapabilities command . 29
6.3 Door (access point) information . 30
6.3.1 Data structures . 30
6.3.2 GetDoorInfoList command . 31
6.3.3 GetDoorInfo command . 32
6.4 Door (access point) status . 33
6.4.1 General . 33
6.4.2 Data structures . 33
6.4.3 GetDoorState command. 35
6.5 Door (access point) control commands . 36
6.5.1 General . 36
6.5.2 AccessDoor command . 36
6.5.3 LockDoor command . 37
6.5.4 UnlockDoor command . 38
6.5.5 BlockDoor command . 38
6.5.6 LockDownDoor command . 39
6.5.7 LockDownReleaseDoor command . 39
6.5.8 LockOpenDoor command . 40
6.5.9 LockOpenReleaseDoor command . 40
6.5.10 DoubleLockDoor command . 41
6.6 Notification Topics . 42
6.6.1 General . 42
6.6.2 Status changes . 42
6.6.3 Configuration changes . 43
Annex A (normative) Access control interface XML schemata . 45
A.1 Access control service WSDL . 45
A.2 Door control service WSDL . 52
A.3 Common schema . 62
Annex B (informative) Mapping of mandatory functions in IEC 60839-11-1 . 64
Bibliography . 73

Figure 1 – Schematic overview of an access controlled door . 11

Table 1 – GetServiceCapabilities command . 14
Table 2 – GetAccessPointInfoList command . 16
Table 3 – GetAccessPointInfo command . 16

– 4 – IEC 60839-11-32:2016  IEC 2016
Table 4 – GetAreaInfoList command . 17
Table 5 – GetAreaInfo command . 18
Table 6 – GetAccessPointState command . 19
Table 7 – EnableAccessPoint command. 19
Table 8 – DisableAccessPoint command . 20
Table 9 – ExternalAuthorization command . 20
Table 10 – GetServiceCapabilities command . 30
Table 11 – GetDoorInfoList command . 32
Table 12 – GetDoorInfo command. 32
Table 13 – GetDoorState command . 36
Table 14 – AccessDoor command . 37
Table 15 – LockDoor command . 37
Table 16 – UnlockDoor command . 38
Table 17 – BlockDoor command . 38
Table 18 – LockDownDoor command . 39
Table 19 – LockDownReleaseDoor command . 40
Table 20 – LockOpenDoor command . 40
Table 21 – LockOpenReleaseDoor command . 41
Table 22 – DoubleLockDoor command . 41
Table B.1 – Access point interface requirements . 64
Table B.2 – Indication and annunciation requirements . 65
Table B.3 – Recognition requirements . 69
Table B.4 – Duress signalling requirements . 71
Table B.5 – Overriding requirements . 71
Table B.6 – System self protection requirements . 72

INTERNATIONAL ELECTROTECHNICAL COMMISSION
____________
ALARM AND ELECTRONIC SECURITY SYSTEMS –

Part 11-32: Electronic access control systems –
Access control monitoring based on Web services

FOREWORD
1) The International Electrotechnical Commission (IEC) is a worldwide organization for standardization comprising
all national electrotechnical committees (IEC National Committees). The object of IEC is to promote
international co-operation on all questions concerning standardization in the electrical and electronic fields. To
this end and in addition to other activities, IEC publishes International Standards, Technical Specifications,
Technical Reports, Publicly Available Specifications (PAS) and Guides (hereafter referred to as “IEC
Publication(s)”). Their preparation is entrusted to technical committees; any IEC National Committee interested
in the subject dealt with may participate in this preparatory work. International, governmental and non-
governmental organizations liaising with the IEC also participate in this preparation. IEC collaborates closely
with the International Organization for Standardization (ISO) in accordance with conditions determined by
agreement between the two organizations.
2) The formal decisions or agreements of IEC on technical matters express, as nearly as possible, an international
consensus of opinion on the relevant subjects since each technical committee has representation from all
interested IEC National Committees.
3) IEC Publications have the form of recommendations for international use and are accepted by IEC National
Committees in that sense. While all reasonable efforts are made to ensure that the technical content of IEC
Publications is accurate, IEC cannot be held responsible for the way in which they are used or for any
misinterpretation by any end user.
4) In order to promote international uniformity, IEC National Committees undertake to apply IEC Publications
transparently to the maximum extent possible in their national and regional publications. Any divergence
between any IEC Publication and the corresponding national or regional publication shall be clearly indicated in
the latter.
5) IEC itself does not provide any attestation of conformity. Independent certification bodies provide conformity
assessment services and, in some areas, access to IEC marks of conformity. IEC is not responsible for any
services carried out by independent certification bodies.
6) All users should ensure that they have the latest edition of this publication.
7) No liability shall attach to IEC or its directors, employees, servants or agents including individual experts and
members of its technical committees and IEC National Committees for any personal injury, property damage or
other damage of any nature whatsoever, whether direct or indirect, or for costs (including legal fees) and
expenses arising out of the publication, use of, or reliance upon, this IEC Publication or any other IEC
Publications.
8) Attention is drawn to the Normative references cited in this publication. Use of the referenced publications is
indispensable for the correct application of this publication.
9) Attention is drawn to the possibility that some of the elements of this IEC Publication may be the subject of
patent rights. IEC shall not be held responsible for identifying any or all such patent rights.
International Standard IEC 60839-11-32 has been prepared by IEC technical committee 79:
Alarm and electronic security systems.
The text of this standard is based on the following documents:
CDV Report on voting
79/523/CDV 79/547/RVC
Full information on the voting for the approval of this standard can be found in the report on
voting indicated in the above table.
This publication has been drafted in accordance with the ISO/IEC Directives, Part 2.

– 6 – IEC 60839-11-32:2016  IEC 2016
A list of all parts in the IEC 60839 series, published under the general title Alarm and
electronic security systems, can be found on the IEC website.
The committee has decided that the contents of this publication will remain unchanged until
the stability date indicated on the IEC website under "http://webstore.iec.ch" in the data
related to the specific publication. At this date, the publication will be
• reconfirmed,
• withdrawn,
• replaced by a revised edition, or
• amended.
IMPORTANT – The 'colour inside' logo on the cover page of this publication indicates
that it contains colours which are considered to be useful for the correct
understanding of its contents. Users should therefore print this document using a
colour printer.
INTRODUCTION
This document makes it possible to build an alarm and electronic security system with clients,
typically a monitoring console, and devices, typically an access control unit, from different
manufacturers using common and well defined interfaces.
This document specifies only the data and control flow between a client and the services
without reference to any physical device as the services required to implement a compliant
electronic access control system (EACS) are not necessarily implemented on a single device,
i.e. all services can be run on a control panel, event aggregator software on PC, etc.
This document does not define internal communication between an access control unit and its
components if they are implemented on a single device.
This document is based upon work done by the ONVIF open industry forum. The ONVIF
Access Control specification and ONVIF Door Control specification are compatible with this
document.
This document is accompanied by a set of computer readable interface definitions:
• Access control service WSDL, see Clause A.1;
• Door control service WSDL, see Clause A.2;
• Common schema, see Clause A.3;
Due to the differences in terminology used in IEC 60839-11-1, IEC 60839-11-2 and the ONVIF
specification that this part of IEC 60839 is based on, a reader should take special notice of
the terms and definitions clause.
Additional services needed for configuration of an EACS such as definitions of schedules,
handling of access rules, readers and credentials are outside the scope of this document.
These services will be covered by other parts of the IEC 60839-11-3x family of standards.

– 8 – IEC 60839-11-32:2016  IEC 2016
ALARM AND ELECTRONIC SECURITY SYSTEMS –

Part 11-32: Electronic access control systems –
Access control monitoring based on Web services

1 Scope
This part of IEC 60839 defines the Web services interface for electronic access control
systems. This includes listing electronic access control system components, their logical
composition, monitoring their states and controlling them. It also includes a mapping of
mandatory and optional requirements as per IEC 60839-11-1.
This document applies to physical security only. Physical security prevents unauthorized
personnel, attackers or accidental intruders from physically accessing a building, room, etc.
Web services usage and device management functionality are outside of the scope of this
document. Refer to IEC 60839-11-31 for more information.
This document does not in any way limit a manufacturer to add other protocols or extend the
protocol defined here. For rules on how to accomplish this refer to IEC 60839-11-31.
2 Normative references
The following documents are referred to in the text in such a way that some or all of their
content constitutes requirements of this document. For dated references, only the edition
cited applies. For undated references, the latest edition of the referenced document (including
any amendments) applies.
IEC 60839-11-1, Alarm and electronic security systems – Part 11-1: Electronic access control
systems – System and components requirements
IEC 60839-11-2, Alarm and electronic security systems – Part 11-2: Electronic access control
systems – Application guidelines
3 Terms, definitions and abbreviated terms
3.1 Terms and definitions
For the purposes of this document the terms and definitions given in IEC 60839-11-1 and
IEC 60839-11-2, as well as the following, apply.
ISO and IEC maintain terminological databases for use in standardization at the following
addresses:
• IEC Electropedia: available at http://www.electropedia.org/
• ISO Online browsing platform: available at http://www.iso.org/obp
NOTE When the IEC term defined in IEC 60839-11-1 and IEC 60839-11-2 differs from the terms used in this
document the IEC term will be given in parentheses in the section headers.

3.1.1
access point
portal
physical entrance/exit at which access can be controlled by a door, turnstile or other secure
barrier
Note 1 to entry: For the purposes of this document the access point is considered to be a logical composition of a
physical door and reader(s) controlling access in one direction.
Note 2 to entry: In this document, the term "door" has the same meaning as "access point" or "portal".
3.1.2
access point actuator
portal actuator
part of an access control system that interfaces to an access control unit releasing and
securing a portal according to pre-set rules
Note 1 to entry: In this document, the term “door lock” is used.
3.1.3
access point mode
logical operating mode of the portal indicating whether the portal is locked, unlocked, blocked,
locked down or locked open, etc.
Note 1 to entry: In this document, the term “door mode” is used.
3.1.4
access point sensor
portal sensor
electrical component used to monitor the open or closed status of an access point, or
locked/unlocked status of a locking device, or the secure/unsecure status of an
electromagnetic lock or armature plate
Note 1 to entry: In this document, the term “door monitor” is used.
3.1.5
access point overriding
portal overriding
action of issuing a manual command to bypass the pre-configured mode of operation (i.e.
release/secure/block) of an access point
Note 1 to entry: In this document, the terms “momentary access” and “unlocked” are examples of access point
overriding.
3.1.6
alarm
condition requiring human assessment or intervention
Note 1 to entry: Often used in electronic access control system in the sense of alert.
Note 2 to entry: In this document, the term "door alarm" is used.
3.1.7
client
service requester
EXAMPLE System management, annunciation, monitoring console.
3.1.8
device
service provider
EXAMPLE: Access control unit.
– 10 – IEC 60839-11-32:2016  IEC 2016
3.1.9
portal side
logical composition of a physical door and reader (s) controlling access in one direction
3.2 Abbreviated terms
For the purposes of this document, the abbreviated terms given in IEC 60839-11-1 and
IEC 60839-11-2, as well as the following apply.
ACMS Access Control Management System
BMS Building Management System
HTTP Hypertext Transfer Protocol
PSIM Physical Security Information Management
SOAP Simple Object Access Protocol
TLS Transport Layer Security
WSDL Web Services Description Language
4 Overview
4.1 Interoperability
This document provides new interoperability opportunities by separating configuration from
control and monitoring. In traditional systems, the central management system pushes all
configurations data to devices on startup and expects that this configuration data is not
changed by other clients. Instead, a client shall expect that all information is stored on end-
devices and can be changed by others.
An EACS system defined by this document relies on service-oriented architecture principles.
This allows installations where different components can be replaced or updated
independently.
4.2 Event handling
Event handling is a crucial part of access control operations. In addition to real-time event
delivery IEC 68839-11-31 provides the means for accessing stored events on the edge to
deliver them if connection is lost.
Events are divided into 3 groups depending on their origin and purpose:
1) Configuration change events. These events are provided to achieve interoperability
between several clients that control a single device simultaneously.
2) Transaction events. The core functionality of EACS that provides daily monitoring of all
access events, including access granted events designed to notify clients about all
detailed information (who, when and probably where they passed) on every particular
access granted event, access denial events (that may or may not contain reason
information), etc.
3) Alarms and faults events. These events provide health status monitoring allowing
operators to take action in case of hardware failure, intrusion or other suspicious activity.
Refer to IEC 68839-11-31 for details on event delivery mechanism and 5.7 for the list of
events defined by this document.
4.3 Architecture
This document does not mandate any specific physical device layout. The scheme provided in
Figure 1 is not intended to be taken as a pattern but to serve as a reference for better

understanding of the given specification. Based on the definitions below, different physical
configurations of an access controlled door are possible.
IP network
Access control unit
Door monitor
Door
Reader
Door lock
IEC
Figure 1 – Schematic overview of an access controlled door
A door that is controlled by an electronic access control system is equipped with the following
devices:
• An access control unit that provides connections for reader, door sensor, door lock and
additional digital inputs and outputs. This panel enables the software to interact with the
physical devices. Sometimes these panels also contain storage and local intelligence to
provide an offline functionality, so that the door will work as expected, even if there is no
management system above available.
• A reader that is able to read a credential. In most cases a reader is only mounted at the
outer (unsecure) side of the door. If the system monitors when somebody is leaving an
area, a card reader will be mounted on both sides of the door.
• A door monitor that signals the control panel, that the door is open or closed.
• A door lock that can be engaged by the access control unit to release the door, for
example in case an authorized credential is recognized.
The access control unit will, through the IP network, be connected to a system, typically a
monitoring console, for monitoring and configuration.
4.4 External authorization (Overriding)
External authorization is a feature used to take access decisions for an access point outside
the access control unit. External authorization entails, but is not limited to, a policy within the
access control unit where the access control unit delegates the access decisions to an
outside entity such as a guard or ACMS.
4.5 Security considerations
This document assumes possibility of building EACS systems interacting on the device level.
This implies more security consideration than regular client-server interaction.

– 12 – IEC 60839-11-32:2016  IEC 2016
IEC 68839-11-31 defines several mechanisms to achieve this. They include, but are not
limited to
• TLS for transport encryption;
• HTTP digest for client authentication;
• user management and access policies for client authorization;
• IEEE 802.1X certificate management for server authentication and spoofing protection.
Refer to the respective whitepapers and specifications for more information.
4.6 Door (access point) control
The door control service provides mechanisms for controlling physical door instances and
monitoring their status.
The Door in this document can refer to such physical objects as an automatic barrier or a door
equipped with an electric lock. Turnstiles which can restrict access in either direction can be
represented with a pair of doors.
4.7 Design considerations
4.7.1 Instance-level capabilities
A single EACS device may have diverse components of the same type. For example, a
controller may operate two doors: one at the entrance to the building which has secure
locking, monitoring and alarm abilities, and the other one is internal which can be only locked
and unlocked.
Therefore, capabilities can be divided into two groups:
• overall service capabilities;
• capabilities for a particular entity in the service. It can also work in conjunction with the
GetEventProperties function to provide finer control over the system.
Refer to 5.2 and 6.2 for more information.
4.7.2 Retrieving status
This document defines two parallel mechanisms for retrieving status information for most
entities:
• GetState functions return a cumulative snapshot of the current state, operating
mode and other run-time information.
• The Event service returns up-to-date and consistent states of entities. Each entity
provides a set of events (usually one per each field in the State type) to notify a client
about status changes. As far as these events are property events, a client receives the
current state whenever a new subscription is initialized.
4.7.3 Retrieving system configuration
This document defines several Get-functions that can return data incrementally. These
functions allow the processing of a large number of entities even though resources are highly
constrained.
To return data incrementally, these functions make use of a parameter called StartReference.
StartReference is a device internal identifier used to continue fetching data from the last
position, and allows a client to iterate over a large dataset in smaller chunks. The device
handles a reasonable number of different StartReferences at the same time and they live for a
reasonable time so that clients are able to fetch complete datasets.

A client always passes the value returned from a previous request to continue fetching data.
Clients do not use the same reference more than once.
For example, the StartReference can be the incrementing start position number or the
underlying database transaction identifier.
The returned NextStartReference is used as the StartReference parameter in successive
calls, and may be changed by device in each call.
The following pseudo-code demonstrates how information about all access points can be
obtained from a device:
StartRef = null
do {
Response = GetAccessPointInfoList(StartReference = StartRef)
if (Response.AccessPointInfo != null) {
AllAccessPoints.Append(Response.AccessPointInfo)
}
StartRef = Response.NextStartReference
} while (StartRef != null)
5 Access control
5.1 General
This service offers commands to retrieve status information and to control access point
instances.
5.2 Service capabilities
5.2.1 General
A device shall provide service capabilities in two ways:
1) With the GetServices method of Device service when IncludeCapability is true. Refer to
IEC 68839-11-31 for more details.
2) With the GetServiceCapabilities method.
5.2.2 Data structures: ServiceCapabilities
The service capabilities reflect optional functionality of a service. The information is static and
does not change during device operation. The following capabilities are available:
• MaxLimit
The maximum number of entries returned by a single GetList or
Getrequest. The device shall never return more than this number of entities in a
single response.
5.2.3 GetServiceCapabilities command
This operation returns the capabilities of the access control service. A device shall support
this command as described in Table 1.

– 14 – IEC 60839-11-32:2016  IEC 2016
Table 1 – GetServiceCapabilities command
GetServiceCapabilities Access class: PRE_AUTH
Message name Description
GetServiceCapabilitiesRequest This message shall be empty
This message contains:
• "Capabilities": The capability response message contains
GetServiceCapabilitiesResponse
the requested Access Control service capabilities using a
hierarchical XML capability structure.
tac:ServiceCapabilities Capabilities [1][1]
Fault codes Description
No command specific faults
5.3 Access point (portal side) information
5.3.1 Data structures
5.3.1.1 AccessPointInfo
The AccessPointInfo structure contains basic information about an access point instance. An
access point defines an entity a credential can be granted or denied access to. The
AccessPointInfo provides basic information on how access is controlled in one direction for a
door (from which area to which area).
Multiple access points may cover the same door. A typical case is one access point for entry
and another for exit, both referencing the same door.
A device shall provide the following fields for each access point instance:
• Token
A service-unique identifier of the access point.
• Name
A user readable name. It shall be up to 64 characters.
• Entity
Reference to the entity used to control access; the entity type may be specified by the
optional EntityType field explained below but is typically a door.
• Capabilities
The capabilities for the access point.
To provide more information the device may include the following optional fields:
• Description
Optional user readable description for the access point. It shall be up to 1 024 characters.
• AreaFrom
Optional reference to the area from which access is requested.
• AreaTo
Optional reference to the area to which access is requested.
• EntityType
Optional entity type; if missing, a Door type as defined by the door control service should
be assumed. This can also be represented by the QName value “tdc:Door” – where tdc is
the namespace of the Door Control service: http://www.onvif.org/ver10/doorcontrol/wsdl.
This field is provided for future extensions; it will allow an access point being extended to
cover entity types other than doors as well.

5.3.1.2 AccessPointCapabilities
The access point capabilities reflect optional functionality of a particular physical entity.
Different access point instances may have different set of capabilities. This information may
change during device operation, for example if hardware settings are changed. The following
capabilities are available:
• DisableAccessPoint
Indicates whether or not this access point instance supports EnableAccessPoint and
DisableAccessPoint commands.
• Duress
Indicates whether or not this access point instance supports the generation of duress
events.
• AnonymousAccess
Indicates whether or not this access point has a REX or other input that allows anonymous
access.
• AccessTaken
Indicates whether or not this access point instance supports the generation of
AccessTaken and AccessNotTaken events.
If AnonymousAccess and AccessTaken are both true, it indicates that the Anonymous
versions of AccessTaken and AccessNotTaken are supported as well.
• ExternalAuthorization
Indicates whether or not this AccessPoint instance supports
...