Information technology — Distributed application platforms and services (DAPS) — Framework for distributed real-time access systems

This document specifies a framework for a distributed real-time Access system. It includes: 1) an ID triggered modular system architecture, the functions of the modules, the semantics of messages those modules exchange, and elements of messages; 2) the system behaviour from the time it receives an access request until the time it sends the result along with the sequence; 3) performance measurement mechanisms using a time stamping function that can be employed for the evaluation of the system.

Technologies de l'information — Services et plate-formes d'application distribuées — Structure pour les contrôles d'accès diffusés en temps réel

General Information

Status
Published
Publication Date
29-Jan-2019
Current Stage
6060 - International Standard published
Start Date
30-Jan-2019
Completion Date
30-Jan-2019
Ref Project

RELATIONS

Buy Standard

Standard
ISO/IEC 20933:2019 - Information technology -- Distributed application platforms and services (DAPS) -- Framework for distributed real-time access systems
English language
27 pages
sale 15% off
Preview
sale 15% off
Preview

Standards Content (sample)

INTERNATIONAL ISO/IEC
STANDARD 20933
Second edition
2019-01
Information technology — Distributed
application platforms and services
(DAPS) — Framework for distributed
real-time access systems
Technologies de l'information — Services et plate-formes
d'application distribuées — Structure pour les contrôles d'accès
diffusés en temps réel
Reference number
ISO/IEC 20933:2019(E)
ISO/IEC 2019
---------------------- Page: 1 ----------------------
ISO/IEC 20933:2019(E)
COPYRIGHT PROTECTED DOCUMENT
© ISO/IEC 2019

All rights reserved. Unless otherwise specified, or required in the context of its implementation, no part of this publication may

be reproduced or utilized otherwise in any form or by any means, electronic or mechanical, including photocopying, or posting

on the internet or an intranet, without prior written permission. Permission can be requested from either ISO at the address

below or ISO’s member body in the country of the requester.
ISO copyright office
CP 401 • Ch. de Blandonnet 8
CH-1214 Vernier, Geneva
Phone: +41 22 749 01 11
Fax: +41 22 749 09 47
Email: copyright@iso.org
Website: www.iso.org
Published in Switzerland
ii © ISO/IEC 2019 – All rights reserved
---------------------- Page: 2 ----------------------
ISO/IEC 20933:2019(E)
Contents Page

Foreword ........................................................................................................................................................................................................................................iv

Introduction ..................................................................................................................................................................................................................................v

1 Scope ................................................................................................................................................................................................................................. 1

2 Normative references ...................................................................................................................................................................................... 1

3 Terms and definitions and acronyms.............................................................................................................................................. 1

4 Conformance ............................................................................................................................................................................................................. 3

5 Overview ....................................................................................................................................................................................................................... 3

6 Transaction ................................................................................................................................................................................................................ 4

7 Time stamping function ................................................................................................................................................................................ 6

8 Module ............................................................................................................................................................................................................................. 6

8.1 Policy module ........................................................................................................................................................................................... 6

8.2 Access-point module .......................................................................................................................................................................... 7

8.3 RED module ............................................................................................................................................................................................... 7

8.4 Processing module ............................................................................................................................................................................... 7

8.5 Storage module ....................................................................................................................................................................................... 7

9 Messages of each interface ......................................................................................................................................................................... 7

9.1 Messages of Policy interface ........................................................................................................................................................ 8

9.2 Message of Access interface ......................................................................................................................................................... 8

9.3 Messages of Processing interface ............................................................................................................................................ 9

9.4 Messages of Storage interface .................................................................................................................................................11

10 Messages of external interfaces .........................................................................................................................................................13

10.1 Access request from external interface (In) ...............................................................................................................13

10.2 Final result notification to external interface (Out) .............................................................................................13

10.3 Time stamp notification ...............................................................................................................................................................14

11 Access system performance management ..............................................................................................................................14

11.1 Transaction processing time ....................................................................................................................................................15

11.2 Request performance time ........................................................................................................................................................15

11.3 Module processing time ...............................................................................................................................................................16

11.4 Data transmission time .................................................................................................................................................................17

11.5 Request performance time for retrieve ..........................................................................................................................17

11.6 Module processing time for retrieve .................................................................................................................................17

11.7 Data transmission time for retrieve ...................................................................................................................................18

11.8 Request performance time for store .................................................................................................................................18

11.9 Module processing time for store ........................................................................................................................................19

11.10 Data transmission time for store ..........................................................................................................................................19

11.11 Access point processing time ..................................................................................................................................................19

Annex A (informative) Service access control system .....................................................................................................................21

Annex B (informative) Share information between different Access systems .......................................................22

Annex C (informative) Usage of time stamping ......................................................................................................................................23

Annex D (informative) List of messages .........................................................................................................................................................26

© ISO/IEC 2019 – All rights reserved iii
---------------------- Page: 3 ----------------------
ISO/IEC 20933:2019(E)
Foreword

ISO (the International Organization for Standardization) and IEC (the International Electrotechnical

Commission) form the specialized system for worldwide standardization. National bodies that

are members of ISO or IEC participate in the development of International Standards through

technical committees established by the respective organization to deal with particular fields of

technical activity. ISO and IEC technical committees collaborate in fields of mutual interest. Other

international organizations, governmental and non-governmental, in liaison with ISO and IEC, also

take part in the work.

The procedures used to develop this document and those intended for its further maintenance are

described in the ISO/IEC Directives, Part 1. In particular, the different approval criteria needed for the

different types of document should be noted (see www .iso .org/directives).

Attention is drawn to the possibility that some of the elements of this document may be the subject

of patent rights. ISO and IEC shall not be held responsible for identifying any or all such patent

rights. Details of any patent rights identified during the development of the document will be in the

Introduction and/or on the ISO list of patent declarations received (see www .iso .org/patents) or the IEC

list of patent declarations received (see http: //patents .iec .ch).

Any trade name used in this document is information given for the convenience of users and does not

constitute an endorsement.

For an explanation of the voluntary nature of standards, the meaning of ISO specific terms and

expressions related to conformity assessment, as well as information about ISO's adherence to the

World Trade Organization (WTO) principles in the Technical Barriers to Trade (TBT) see www .iso

.org/iso/foreword .html.

This document was prepared by Ecma International (as ECMA-412) and drafted in accordance with its

editorial rules. It was assigned to Joint Technical Committee ISO/IEC JTC 1, Information technology, and

adopted under the “fast-track procedure”.

This second edition cancels and replaces the first edition (ISO/IEC 20933:2016), which has been

technically revised.
The main changes compared to the previous edition are as follows:
— added new functionalities on performance management mechanisms;
— editorial improvements and clarifications to the text of the document.

Any feedback or questions on this document should be directed to the user’s national standards body. A

complete listing of these bodies can be found at www .iso .org/members .html.
iv © ISO/IEC 2019 – All rights reserved
---------------------- Page: 4 ----------------------
ISO/IEC 20933:2019(E)
Introduction

Technology for real-time access control is widely used in many situations such as entrance gates of

facilities and service access control systems. Membership and settlement services also benefit from

real-time access control systems connected via networks and using database information.

Sophisticated cloud, virtualisation, database, networking technology and services and the evolution of

authentication technology such as biometrics, NFC, QR codes used in distributed and modular access

control systems enable previously underserved users and operators to innovate around new use cases.

Taking into account the many technologies, this document specifies the reference model and common

control functions. It gives direction for ongoing innovation and development of technology and system

integration of distributed real-time access control system.

This 2 edition of the Standard introduces new functionalities on performance management

mechanisms. Performance management mechanisms allow an Access system to be evaluated for

performance by using specific elements and metrics. This edition also provides a number of editorial

improvements and clarifications to the text of the Standard.
NOTE In the 1 edition the title of the Standard was Access systems.
© ISO/IEC 2019 – All rights reserved v
---------------------- Page: 5 ----------------------
INTERNATIONAL STANDARD ISO/IEC 20933:2019(E)
Information technology — Distributed application
platforms and services (DAPS) — Framework for
distributed real-time access systems
1 Scope

This document specifies a framework for a distributed real-time Access system. It includes:

1) an ID triggered modular system architecture, the functions of the modules, the semantics of

messages those modules exchange, and elements of messages;

2) the system behaviour from the time it receives an access request until the time it sends the result

along with the sequence;

3) performance measurement mechanisms using a time stamping function that can be employed for

the evaluation of the system.
2 Normative references
There are no normative references in this document.
3 Terms and definitions and acronyms

For the purposes of this document, the following terms, definitions and acronyms apply.

ISO and IEC maintain terminological databases for use in standardization at the following addresses:

— IEC Electropedia: available at http: //www .electropedia .org/
— ISO Online browsing platform: available at https: //www .iso .org/obp
3.1
Accessor
someone or something that interacts with the Access system
3.2
access-ID
identifier in an Access request
3.3
access-ID-obtained-time
time when an Access-point module obtains an access-ID
3.4
access-point-ID
identifier of an Access-point module
3.5
Access-request
request trigger of processing for access system
© ISO/IEC 2019 – All rights reserved 1
---------------------- Page: 6 ----------------------
ISO/IEC 20933:2019(E)
3.6
Distributed real-time access system

data processing system distributed in the network which is activated by an access request and

completed when the processing result accepts or denies that request within a reasonable period of time

3.7
Final-Result-Notification
notification of the final result of a transaction
3.8
function-ID
identifier of function
3.9
Policy-getter
message to request the Policy module to set the rules
3.10
Policy-setter
message to set the rules to the RED module
3.11
Processing-request
request to execute a function
3.12
Processing-response
response to a Processing-request
3.13
RED
Rule Evaluation and Dispatching
3.14
receivedTime
time when a module receives a request from another module
3.15
Retrieve-request
request to retrieve data from storage
3.16
Retrieve-response
response to a Retrieve-request
3.17
rule-ID
identifier of rules
3.18
sendingTime

time when a module sends a response or a Transaction-start-request to another module

3.19
Store-request
request to store data to storage
3.20
Store-response
response to a Store-request
2 © ISO/IEC 2019 – All rights reserved
---------------------- Page: 7 ----------------------
ISO/IEC 20933:2019(E)
3.21
Time-stamp-Notification
notification to provide time stamp information
3.22
transaction-ID
identifier of a transaction
3.23
Transaction-start-request
request to initiate a transaction
4 Conformance

Conformant Access systems progress transactions by interpreting the applicable rules. Conformant

modules implement the requests on their interfaces, the corresponding responses and time stamping

as specified herein.
5 Overview

This clause is an overview of the system model and the functions of a distributed real-time Access system.

The Access system consists of 5 modules "Access-point, Policy, Processing, RED and Storage" and

4 interfaces "Access-interface, Policy-interface, Processing-interface and Storage-interface”. There are

also 2 external interfaces “In” and “Out”.
The Access system model is shown in Figure 1.
Figure 1 — Access system model

The Access system starts a transaction triggered by an Access ID which is included in Access request

from the Accessor through the external interface (In). After the necessary process, the Access system

completes the transaction by sending the final result to the receiver through the other external

interface (Out).

The Access system has a mechanism, the time stamp function, to measure processing time for the

evaluation of the Access system performance.
© ISO/IEC 2019 – All rights reserved 3
---------------------- Page: 8 ----------------------
ISO/IEC 20933:2019(E)
6 Transaction

A transaction is a suite of functions and message exchanges to generate a final result and send it to a

receiver. A transaction starts from the time an Access system receives an access request and completes

after it sends the result.

When an Access-request is received by the Access-point module, a transaction proceeds to a generated

state. In the generated state, the Access-point module generates a transaction-ID which identifies a

transaction. The transaction_ID is created based on an activated access-ID. The Access-point module

sends Transaction-start-request with the transaction-ID to the RED module.

After sending a Transaction-start-request, a transaction proceeds to an on-going state. At the on-

going state, the RED module interprets the rules set by the Policy module. According to the result

of the interpretation, the RED module sends request messages to the Processing or Storage module.

Upon receiving a request message, the Processing module and the Storage module send response

messages to the RED module. The RED module interprets the rules again. The RED module repeats the

above procedure until the final result is decided based on rules and sends a final result (Final-Result-

Notification) to the receiver through the external interface (Out).

After sending the final result, the transaction proceeds to a completed state. When a transaction is

completed, the usage of the access-ID is also completed. An example of message sequence is shown in

Annex A.
The state machine of a transaction is shown in Figure 2.

NOTE 1 access-ID is not defined in this document and is usually managed by a service provider. The life cycle

and generation of an access-ID is not in the scope of this document.

NOTE 2 This behaviour of a transaction described above is for a transaction under stable condition when a

response based on a request during a transaction is received within a reasonable period of time.

In the case of a system fault, such as power loss, network failure, or module malfunction when no

response is received within a reasonable period of time, this document does not define any exceptional

system management rules. However, the rules for providing such system failure, such as stopping a

transaction, resetting the system, or making a re-access request to the Accessor, should be provided in

the actual system.
4 © ISO/IEC 2019 – All rights reserved
---------------------- Page: 9 ----------------------
ISO/IEC 20933:2019(E)
Figure 2 — Transaction State Machine

The rules are composed of procedural steps and branch steps to determine exchanges of messages.

Figure 3 illustrates a procedural step and Figure 4 illustrates a branch step. A procedural step

determines the next execution. A branch step selects the next rule depending on the branch condition.

Figure 3 — Procedural step
© ISO/IEC 2019 – All rights reserved 5
---------------------- Page: 10 ----------------------
ISO/IEC 20933:2019(E)
Figure 4 — Branch step
The rules shall define:
— the sequence of exchanging messages;
— the conditions of granting or denying access;

— the function-ID which specifies a request function for the Processing module and identifies the

sender function of the Processing module in messages of the storage interface;
— the destination of Final-Result-Notification.
The rules should define:
— the destination and the timing of Time-stamp-Notification.
At least one rule is linked to Access ID.
7 Time stamping function

Each module except the Policy module has a time stamping function. The time stamping function is

used to measure the duration of a transaction, request performance time and the processing time at

each module. Usage of time stamping functions are shown in Annex C.

The time stamping function of each module records receivedTime and sendingTime in each response

message. The time stamping function of the RED module also logs the time when it sends and receives

messages.
8 Module

This clause describes the modules that are shown in the Access system model (Figure 1).

8.1 Policy module
The Policy module is a module that defines the behaviour of an Access system.
The Policy module shall keep the source of the rules.
The Policy module shall set the rules identified by rule-ID to the RED module.
6 © ISO/IEC 2019 – All rights reserved
---------------------- Page: 11 ----------------------
ISO/IEC 20933:2019(E)
8.2 Access-point module

The Access-point module is an interface module between an Access system and Accessors.

The Access-point module receives an access request and generates a transaction.

When an Access-point module receives an Access-request including an access-ID, it shall generate a

transaction-ID and Transaction-start-request and shall send it to the RED module.

The Access-point module shall have its own identifier as access-point-ID.
8.3 RED module

The RED module is a module for the rule evaluation and dispatching (RED) functions of a distributed

real-time access system.

The RED module shall process a transaction and manage time stamping function (logging, notifications).

These functions shall be controlled by the rules that are set by the Policy module.

To manage time stamping information, the RED module shall log receivedTime and sendingTime in each

message. The RED module also shall log the time when it sends and receives messages. The RED module

shall send Time-stamp-Notification to the receiver(s) through the external interface (Out).

8.4 Processing module

The Processing module is a module that executes various functions related to transactions.

The Processing module shall execute functions requested by the RED module.

When the Processing module receives a Processing-request from the RED module, it shall execute the

function identified by function-ID in the Processing-request. After that it shall generate a Processing-

response that includes the execution result and shall send it to the RED module.

The Processing module shall be able to send Store-request and Retrieve-request to the RED module for

accessing data in the Storage module.
8.5 Storage module
The Storage module is a module that stores data related to transactions.
The Storage module shall store and retrieve data by requests from RED module.

When the Storage module receives a Store-request, the Storage module shall store the data, shall

generate a Store-response and shall send it to the RED module. When the Storage module receives a

Retrieve-request, the Storage module shall retrieve the data, shall generate a Retrieve-response that

includes the retrieved data and shall send it to the RED module.

The Storage module may be used for sharing information between different transactions in the same

Access system or a different Access system as shown in Annex B.
9 Messages of each interface

This clause specifies the messages which each module shall exchange via interfaces. Each message shall

contain a number of elements specified in Clause 9. In this document, the messages are specified by an

ASN.1 expression. Encoding rules are not specified.
Messages exchanged in the Access system are shown in Annex D.1.
© ISO/IEC 2019 – All rights reserved 7
---------------------- Page: 12 ----------------------
ISO/IEC 20933:2019(E)
9.1 Messages of Policy interface

The Policy interface is the interface between the Policy module and the RED module. Policy-setter and

Policy-getter messages are exchanged though the Policy interface.

The Policy module uses Policy-setter to set the rules for the RED module and may send Policy-setter at

any time. The RED module may use Policy-getter to request the Policy module to set the rules at any

time. Policy-getter is an optional message.
(1) Policy-setter
Policy-setter contains rule-ID and rule at least.
The structure of Policy-setter is as follows.
Policy-setter ::= SEQUENCE
rule-ID OCTET STRING,
rule OCTET STRING,
(2) Policy-getter
Policy-getter contains rule-ID at least.
The structure of Policy-getter is as follows.
Policy-getter ::= SET
rule-ID OCTET STRING,
9.2 Message of Access interface

The Access interface is the interface between the Access point module and the RED module, and

Transaction-start-request is sent through the access interface.

Transaction-start-request contains transaction-ID, access-point-ID and sendingTime at least.

The structure of Transaction-start-request is as follows.
Transaction-start-request ::= SET
transaction-ID SEQUENCE {
access-ID OCTET STRING,
access-point-ID OCTET STRING,
access-ID-obtained-time GeneralizedTime,

},
sendingTime GeneralizedTime,
8 © ISO/IEC 2019 – All rights reserved
---------------------- Page: 13 ----------------------
ISO/IEC 20933:2019(E)
9.3 Messages of Processing interface

The processing interface is the interface between the RED module and the Processing module, and-

Processing-request, Processing-response, Store-request, Store-response, Retrieve-request, Retrieve-

response are exchanged though the processing interface.
(1) Processing-request

Processing-request contains transaction-ID, function-ID and set-of-parameter at least.

The structure of Processing-request is as follows.
Processing-request ::= SEQUENCE
transaction-ID SEQUENCE {
access-ID OCTET STRING,
access-point-ID OCTET STRING,
access-ID-obtained-time GeneralizedTime,

}
function-ID OCTET STRING,
set-of-parameter SET {
parameter OCTET STRING
}
(2) Processing-response

Processing-response is the response message sent from the Processing module in response to a

Processing-request sent from the RED module to the Processing Module.

Processing-response contains transaction-ID, function-ID, receivedTime, sendingTime and result at least.

The structure of Processing-response is as follows.
Processing-response ::= SEQUENCE
transaction-ID SEQUENCE {
access-ID OCTET STRING,
access-point-ID OCTET STRING,
access-ID-obtained-time GeneralizedTime,

}
function-ID OCTET STRING,
receivedTime GeneralizedTime,
sendingTime GeneralizedTime,
result OCTET STRING,

receivedTime indicates the time at which the Processing module received the corresponding Processing-

request from the RED module.
sendingTime indicates the time at which this response is sent.
result includes the result of executing the function.
(3) Store-request
© ISO/IEC 2019 – All rights reserved 9
---------------------- Page: 14 ----------------------
ISO/IEC 20933:2019(E)

Store-request is a request message for storing data sent from the Proccessing module to the Storage

module through the RED module. Store-request contains Transaction ID, function-ID, data-type and

data at least.
The structure of Store-request is as follows.
Store-request ::= SEQUENCE
transaction-ID SEQUENCE {
access-ID OCTET STRING,
access-point-ID OCTET STRING,
access-ID-obtained-time GeneralizedTime,

},
function-ID OCTET STRING,
data-type OCTET STRING,
data OCTET STRING
(4) Retrieve-request

Retrieve-request is a message for retrieving data for execution of processing. It is sent from the

Processing module to the Storage module through the RED module. Retrieve-request contains

transaction-ID, function-ID and data-type at least.
The structure of Retrieve-request is as follows.
Retrieve-request ::= SEQUENCE
transaction-ID SEQUENCE {
access-ID OCTET STRING,
access-point-ID OCTET STRING,
access-ID-obtained-time GeneralizedTime,

},
function-ID OCTET STRING,
data-type OCTET STRING,
(5) Store-response

The RED module sends Store-response to the Processing module in response to a Store-request. Store-

response contains transaction-ID, function-ID, receivedTime, sendingTime and result at least.

The structure of Store-response is as follows.
Store-response ::= SEQUENCE
transaction-ID SEQUENCE {
access-ID OCTET STRING,
access-point-ID OCTET STRING,
access-ID-obtained-time GeneralizedTime,

}
function-ID OCTET STRING,
receivedTime GeneralizedTime,
10 © ISO/IEC 2019 – All rights reserved
---------------------- Page: 15 ----------------------
ISO/IEC 20933:2019(E)
sendingTime GeneralizedTime,
result OCTET STRING,
function-ID is the same as the function-ID in the corresponding Store-request.

receivedTime indicates the time at which the Storage module received the corresponding Store-request

from the RED module.
sendingTime indicates the time at which this response is sent.
result indicates whether data in the correspondi
...

Questions, Comments and Discussion

Ask us and Technical Secretary will try to provide an answer. You can facilitate discussion about the standard in here.