ISO/IEC 20933:2016

DRAFT INTERNATIONAL STANDARD ISO/IEC DIS 20933
Attributed to ISO/IEC JTC 1 by the Central Secretariat

Voting begins on Voting terminates on
2015-10-12 2016-01-12
INTERNATIONAL ORGANIZATION FOR STANDARDIZATION  МЕЖДУНАРОДНАЯ ОРГАНИЗАЦИЯ ПО СТАНДАРТИЗАЦИИ  ORGANISATION INTERNATIONALE DE NORMALISATION
INTERNATIONAL ELECTROTECHNICAL COMMISSION  МЕЖДУНАРОДНАЯ ЭЛЕКТРОТЕХНИЧЕСКАЯ КОММИСИЯ  COMMISSION ÉLECTROTECHNIQUE INTERNATIONALE


FAST-TRACK PROCEDURE
Information technology — Distributed application platforms and
services (DAPS) — Access systems


ICS 35.100.05
This draft International Standard is submitted for JTC 1 national body vote under the “fast-track”
procedure.
In accordance with Resolution 30 of the JTC 1 Berlin Plenary 1993, the proposer of this document
recommends assignment of ISO/IEC JTC 1 to JTC 1.
The procedures used to develop this document are described in the ISO/IEC Directives, Part 1 -
Consolidated JTC 1 Supplement.


THIS DOCUMENT IS A DRAFT CIRCULATED FOR COMMENT AND APPROVAL. IT IS THEREFORE SUBJECT TO CHANGE AND MAY NOT BE
REFERRED TO AS AN INTERNATIONAL STANDARD UNTIL PUBLISHED AS SUCH.
IN ADDITION TO THEIR EVALUATION AS BEING ACCEPTABLE FOR INDUSTRIAL, TECHNOLOGICAL, COMMERCIAL AND USER PURPOSES,
DRAFT INTERNATIONAL STANDARDS MAY ON OCCASION HAVE TO BE CONSIDERED IN THE LIGHT OF THEIR POTENTIAL TO BECOME
STANDARDS TO WHICH REFERENCE MAY BE MADE IN NATIONAL REGULATIONS.
RECIPIENTS OF THIS DRAFT ARE INVITED TO SUBMIT, WITH THEIR COMMENTS, NOTIFICATION OF ANY RELEVANT PATENT RIGHTS OF WHICH
THEY ARE AWARE AND TO PROVIDE SUPPORTING DOCUMENTATION.
International Organization for Standardization, 2015
©
International Electrotechnical Commission, 2015

---------------------- Page: 1 ----------------------
ISO/IEC DIS 20933

COPYRIGHT PROTECTED DOCUMENT


©  ISO/IEC 20##
All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized otherwise in any form or by any
means, electronic or mechanical, including photocopying, or posting on the internet or an intranet, without prior written permission.
Permission can be requested from either ISO at the address below or ISO’s member body in the country of the requester.
ISO copyright office
Case postale 56  CH-1211 Geneva 20
Tel. + 41 22 749 01 11
Fax + 41 22 749 09 47
E-mail copyright@iso.org
Web www.iso.org
Published in Switzerland

ii © ISO/IEC 2015 — All rights reserved

---------------------- Page: 2 ----------------------
ISO/IEC DIS xxxxx:2015(E)
Contents Page
Foreword . iv
Introduction . v
1  Scope . 1
2  Conformance . 1
3  Normative references . 1
4  Terms, definitions and acronyms . 1
5  Model . 1
6  Transaction . 2
7  Time stamping function . 3
8  Module . 4
8.1  Common requirements . 4
8.2  Policy module . 4
8.3  Access-point module . 4
8.4  RED module . 4
8.5  Processing module . 5
8.6  Storage module . 5
9  Message definition and Interface . 5
9.1  General . 5
9.2  Policy interface . 6
9.3  Access request . 6
9.4  Access interface . 6
9.5  Processing interface . 6
9.6  Storage interface . 8
9.7  Final result Notification. 9
9.8  Time stamp Notification . 9
Annex A (informative) Service access control system . 10
Annex B (informative) Share information between different Access Systems . 11
Annex C (informative) Usage of Time_stamping . 12

© ISO/IEC 2015 — All rights reserved iii

---------------------- Page: 3 ----------------------
ISO/IEC DIS xxxxx:2015(E)
Foreword
ISO (the International Organization for Standardization) and IEC (the International Electrotechnical
Commission) form the specialized system for worldwide standardization. National bodies that are members of
ISO or IEC participate in the development of International Standards through technical committees
established by the respective organization to deal with particular fields of technical activity. ISO and IEC
technical committees collaborate in fields of mutual interest. Other international organizations, governmental
and non-governmental, in liaison with ISO and IEC, also take part in the work. In the field of information
technology, ISO and IEC have established a joint technical committee, ISO/IEC JTC 1.
International Standards are drafted in accordance with the rules given in the ISO/IEC Directives, Part 2.
The main task of the joint technical committee is to prepare International Standards. Draft International
Standards adopted by the joint technical committee are circulated to national bodies for voting. Publication as
an International Standard requires approval by at least 75 % of the national bodies casting a vote.
Attention is drawn to the possibility that some of the elements of this document may be the subject of patent
rights. ISO and IEC shall not be held responsible for identifying any or all such patent rights.
ISO/IEC xxxxx was prepared by Ecma International (as ECMA-412) and was adopted, under a special “fast-
track procedure”, by Joint Technical Committee ISO/IEC JTC 1, Information technology, in parallel with its
approval by national bodies of ISO and IEC.

iv © ISO/IEC 2015 — All rights reserved

---------------------- Page: 4 ----------------------
ISO/IEC DIS xxxxx:2015(E)
Introduction
Technology for real-time access control is widely used for many situations such as entrance gate of facilities
and service access control systems. Membership and settlement services also benefit from real-time access
control systems connected via networks and using database information.
Sophisticated cloud, virtualisation, database, networking technology and services and the evolution of
authentication technology such as biometrics, NFC, QR codes used in distributed and modular access control
systems enable previously underserved users and operators to innovate around new use cases.
Taking into account the many technologies, this International Standard specifies the reference model and
common control functions. It gives direction for ongoing innovation and development of technology and
system integration of distributed real-time access control system.



© ISO/IEC 2015 — All rights reserved v

---------------------- Page: 5 ----------------------
INTERNATIONAL STANDARD ISO/IEC DIS xxxxx:2015(E)

Information technology — Distributed Application Platforms and
Services (DAPS) — Access Systems
1 Scope
This International Standard specifies:
1) an ID triggered modular access system, the functions of the modules and the messages they exchange,
and the sequence of messages, i.e. transitions of the transaction;
2) the system responsibility from receiving an access request until sending the result. i.e. a complete
transaction;
3) the responsibilities of the modules, including time stamping and responding to the requests they received;
and
4) the sequence and semantics of the messages and their elements.
2 Conformance
Conformant Access Systems progress transactions by evaluating the applicable rules. Conformant modules
implement the requests on their interfaces, the corresponding responses and time stamping as specified
herein.
3 Normative references
None.
4 Terms, definitions and acronyms
For the purposes of this document, the following terms, definitions and acronyms apply.
4.1
ID
Identifier
4.2
RED
Rule Evaluation and Dispatching
4.3
transaction
request for access
5 Model
Figure 1 illustrates the Access System structure.
© ISO/IEC 2015 — All rights reserved 1

---------------------- Page: 6 ----------------------
ISO/IEC DIS xxxxx:2015(E)
The Access System has 5 modules "Access-point, Policy, Processing, RED and Storage" and 4 interfaces
"Access-interface, Policy-interface, Processing-interface and Storage-interface".

Figure 1 — Access System
The Access System progresses a transaction by exchanging messages between modules and decides the
final result (grant or deny). A transaction starts when an Access-point module obtains Access_request and
completes when the RED module sends Final_Result_Notification. Each module shall have a time stamping
function. The message exchanging and the time stamping function are managed by the RED module
according to rules which are set by the Policy module.
6 Transaction
Transaction ID identifies a transaction. Transaction ID shall consist of Access ID, Access-point ID and time at
which the Access_request is obtained. Access ID is included in Access_request.
Figure 2 specifies the state machine of a transaction.
A transaction is generated at the time of Access_request acceptance by an Access-point module. After that
the transaction changes to on-going state by sending a Transaction_start_request including Transaction ID
from the Access-point module to the RED module.
At the on-going state, the RED module evaluates rules until final result is obtained. According to the result of
the evaluation, the RED module sends a request message to Processing or Storage module and receives a
response message.
When the RED module obtains the final result, it sends Final_Result_Notification and the transaction is
completed.
2 © ISO/IEC 2015 — All rights reserved

---------------------- Page: 7 ----------------------
ISO/IEC DIS xxxxx:2015(E)
Access_request
generated
Transaction_start_request
on-going
Final_Result_Notificatio
completed

Figure 2 — Transaction State Machine
7 Time stamping function
The purpose of Time stamping function is to measure the duration of transaction and request processing.
The Access-point modules shall set the Access_ID_obtained_time in the Transaction_start_request message.
For the other modules, time stamping shall be activated and deactivated through time stamping rules. Upon
evaluating of the time stamping rules, the RED module shall set the TimeStampingFlag value in the requests
to TRUE or FALSE according to the evaluation. Depending on the TimeStampingFlag value in the requests,
modules shall either time stamp the ReceivedTime and SendingTime or exclude those elements in the
corresponding response.
The RED module shall send the time stamping measurements by responding to the Time_stamp_Notification.
The RED module is able to measure following time.
1) transaction processing time
2) request processing time.
When the Time stamping function of each module is activated, the RED module shall measure the following
time.
3) module processing time.
The RED module shall measure the transaction processing time by calculating the difference between the
time that the RED module received Transaction_start_request and the time that Final_Result_Notification is
sent.
The RED module shall measure the request processing time by recording the sending time of the request and
the received time of the response, and calculating the difference between them.
Processing_response, Store_response and Retrieve_response have the information about the received time
of the corresponding request and the sending time of the response itself as long as the Time stamping
function is activated. By using them, the RED module is able to measure the module processing time. For
example, the module processing time of the Processing module for one request from the RED module is
measured by the difference between RecievedTime and SendingTime in the corresponding
Processing_response.
Annex C illustrates the usage of time stamping.
© ISO/IEC 2015 — All rights reserved 3

---------------------- Page: 8 ----------------------
ISO/IEC DIS xxxxx:2015(E)
8 Module
8.1 Common requirements
Modules shall have a time stamping function.
8.2 Policy module
The Policy module shall have the source of rules, and shall set the rules to the RED module. Each rule shall
be identified by its Rule ID. The rules shall define the progress of transactions and the edition of this
International Standard that the Access System modules conform with. And the rules shall identify the
receiver(s) of the Final_Result_Notification and the receiver(s) of the Time_stamp_Notification.
8.3 Access-point module
When an Access-point module obtains an Access_request, It shall generate a Transaction_start_request and
send it to the RED module.
The Access-point module shall have its own identifier as Access-point ID.
8.4 RED module
The RED module shall accept and hold rules that are set by the Policy module.
Rules are composed of procedure rules and branc
...