Access control service

The initial configuration data structures for the AccessControl service are an access controller and default authentication profiles. These are provided to make it easier to configure the system, as the device UUID will be set in the access controller, and commonly used authentication profiles are already available.

The access controller is represented by two data types: AccessController and AccessControllerConfiguration. These are the most basic representations of the device in the Access- Control service and the default data is retrieved by calling API functions pacsaxis:GetAccessControllerList and pacsaxis:GetAccessControllerConfigurationList. The following example shows the default configuration:

{"AccessController": [ {
    "token": "Axis-00408c184bdb AccessController",
    "Name": "Axis-00408c184bdb AccessController",
    "Description": "",
    "AccessPoint": []
  } ]
}
{"AccessControllerConfiguration": [ {
    "token": "Axis-00408c184bdb AccessController",
    "DeviceUUID": "5581ad80-95b0-11e0-b883-00408c184bdb",
    "Configuration": []
  } ]
}

<AccessController token="Axis-00408c184bdb AccessController">
  <AccessPoint></AccessPoint>
  <Description></Description>
  <Name>Axis-00408c184bdb AccessController</Name>
</AccessController>
<AccessControllerConfiguration token="Axis-00408c184bdb AccessController">
  <DeviceUUID>5581ad80-95b0-11e0-b883-00408c184bdb</DeviceUUID>
</AccessControllerConfiguration>

The access controller contains an AccessPoint that links to the access points of this door controller. This is described further in section Setting the access point. The authentication profiles are represented by AuthenticationProfile and are used to set up the type of credential data that must be provided in order to be granted access. The default authentication profiles are for access using only access card, using only PIN, using access card with PIN and using a REX device. The default profiles can be retrieved by calling the API function pacsaxis:GetAuthenticationProfileList. The following data is returned:

{"AuthenticationProfile" : [ {
    "token": "CardOnly",
    "Name": "CardOnly",
    "Description": "Card only",
    "IdFactor": [ { "IdDataName": "Card",
            "IdMatchOperatorName": "IdDataEqual",
            "OperatorValue": ""} ],
    "Schedule": [ "standard_always" ]
  }, {
    "token": "PINOnly",
    "Name": "PINOnly",
    "Description": "PIN only",
    "IdFactor": [ {"IdDataName": "PIN",
            "IdMatchOperatorName": "IdDataEqual",
            "OperatorValue": ""} ],
    "Schedule": [ "standard_always" ]
  }, {
    "token": "CardPlusPin",
    "Name": "CardPlusPin",
    "Description": "Card + PIN",
    "IdFactor": [ {"IdDataName": "Card",
            "IdMatchOperatorName": "IdDataEqual",
            "OperatorValue": ""},
            {"IdDataName": "PIN",
            "IdMatchOperatorName": "IdDataEqual",
            "OperatorValue": ""} ],
    "Schedule": ["standard_always"]
  }, {
    "token": "REXOnly",
    "Name": "REXOnly",
    "Description": "REX only",
    "IdFactor": [{"IdDataName": "REX",
            "IdMatchOperatorName": "OperatorValueEqual",
            "OperatorValue": "Active"}],
    "Schedule": ["standard_always"]
  } ]
}

<AuthenticationProfile token="CardOnly">
  <Description>Card only</Description>
  <IdFactor>
    <IdDataName>Card</IdDataName>
    <IdMatchOperatorName>IdDataEqual</IdMatchOperatorName>
    <OperatorValue></OperatorValue>
  </IdFactor>
  <Name>CardOnly</Name>
  <Schedule>standard_always</Schedule>
</AuthenticationProfile>
<AuthenticationProfile token="PINOnly">
  <Description>PIN only</Description>
  <IdFactor>
    <IdDataName>PIN</IdDataName>
    <IdMatchOperatorName>IdDataEqual</IdMatchOperatorName>
    <OperatorValue></OperatorValue>
  </IdFactor>
  <Name>PINOnly</Name>
  <Schedule>standard_always</Schedule>
</AuthenticationProfile>
<AuthenticationProfile token="CardPlusPin">
  <Description>Card + PIN</Description>
  <IdFactor>
    <IdDataName>Card</IdDataName>
    <IdMatchOperatorName>IdDataEqual</IdMatchOperatorName>
    <OperatorValue></OperatorValue>
  </IdFactor>
  <IdFactor>
    <IdDataName>PIN</IdDataName>
    <IdMatchOperatorName>IdDataEqual</IdMatchOperatorName>
    <OperatorValue></OperatorValue>
  </IdFactor>
  <Name>CardPlusPin</Name>
  <Schedule>standard_always</Schedule>
</AuthenticationProfile>
<AuthenticationProfile token="REXOnly">
  <Description>REX only</Description>
  <IdFactor>
    <IdDataName>REX</IdDataName>
    <IdMatchOperatorName>OperatorValueEqual</IdMatchOperatorName>
    <OperatorValue>Active</OperatorValue>
  </IdFactor>
  <Name>REXOnly</Name>
  <Schedule>standard_always</Schedule>
</AuthenticationProfile>

The IdFactor fields describe the data used by the profile to validate if a request should be granted or denied. If the profile has more than one required IdFactor, then all must be available and added in the same order as in the IdFactor array, and if fewer are provided then the AccessControl service asks the user for additional ones, or deny the request if no credential can be linked to the initial IdFactor. For example, if only the valid card number is provided for the CardPlusPinprofile, then the AccessControl service asks for the PIN as well. This is done by flashing LEDs, if available, on the card reader to notify the user that further credentials are needed.

The default data is not constant and can be removed or replaced if necessary. The data is restored when resetting the door controller to factory default settings.

When adding, deleting or changing an AuthenticationProfile, the internal representation of data types in the system must be updated. During the update, access requests are not be handled. For systems with a large number of credentials, an update can take several minutes and it is recommended to only change AuthenticationProfile:s at times when immediate system response is not required.

The AccessPoint represents the entity a user can access and is the link between the AccessControl Service and the Door Control and IdPoint Services. A door can have more than one AccessPoint, for example when using a card reader at one side of the door and a REX device on the other side.

The AccessPoint data structure is set to the AccessControl Service by calling the API function pacsaxis:SetAccessPoint. The following is an example of an AccessPoint:

{
  "pacsaxis:SetAccessPoint" : {
    "AccessPoint" : [ {
      "token" : "Axis-00408c184bdb:1351589192.102223000",
      "Name" : "Entry 1",
      "Description" : "Entry 1 main door",
      "AreaFrom" : "",
      "AreaTo" : "",
      "EntityType" : "axtdc:Door",
      "Entity" : "Door0",
      "DoorDeviceUUID" : "",
      "Enabled" : true,
      "IdPointDevice" : [ { "IdPoint" : "idpoint_token",
              "DeviceUUID": "" } ],
      "AuthenticationProfile" : [ "CardOnly" ],
      "Attribute" : [],
      "ActionArgument" : [],
      "Action" : "Access"
    } ]
  }
}

<pacsaxis:SetAccessPoint>
  <pacsaxis:AccessPoint token="Axis-00408c184bdb:1351589192.102223000">
    <Action>Access</Action>
    <AreaFrom></AreaFrom>
    <AreaTo></AreaTo>
    <AuthenticationProfile>CardOnly</AuthenticationProfile>
    <Description>Entry 1 main door</Description>
    <DoorDeviceUUID></DoorDeviceUUID>
    <Enabled>true</Enabled>
    <Entity>Door0</Entity>
    <IdPointDevice>
      <DeviceUUID></DeviceUUID>
      <IdPoint>idpoint_token</IdPoint>
    </IdPointDevice>
    <Name>Entry 1</Name>
    <EntityType>axtdc:Door</EntityType>
  </pacsaxis:AccessPoint>
</pacsaxis:SetAccessPoint>

The example shows the Door entity and the IdPoint entities that are connected to this AccessPoint.

To connect a Door to the AccessPoint, the type of connected entity should be specified by setting the EntityType field to axtdc:Door. axtdc:Door is also the default value and is used if EntityType is empty. In the Door data structure, the token should be set to Entity.

To connect one or more IdPoint:s, specify the token for each IdPoint in the IdPointDevice array.

The two UUID fields DoorDeviceUUID and DeviceUUID are left empty as the IdPoint and Door are connected to the same door controller as the AccessPoint.

The AuthenticationProfile list specifies which authentication profiles to use with the IdPoint when allowing access to the connected Door. The authentication profiles can be overridden by other authentication profiles as described in section Override the authentication of an access point.

The Action field specifies the action associated with the AccessPoint. Typical actions are Access, AccessDoor and AccessDoorWithoutUnlock. If no action is specified, the default action Access is used. Access requests must have an action that matches the action in the AccessPoint, see section Send access request.

The ActionArgument field specifies arguments to be used together with the action. Each argument has a Name, a Value and, optionally, a Type that specifies the type of action.

After setting a new AccessPoint to the AccessControl service, it is necessary to refer to it in the AccessController. For example, with the AccessController from section Retrieve default configuration, it would be necessary to replace it with the following that now includes the token of the AccessPoint (bold marks the new addition). Setting AccessController is done by calling pacsaxis:SetAccessController:

{
  "pacsaxis:SetAccessController" : {
    "AccessController" : [ {
      "token" : "Axis-00408c184bdb AccessController",
      "Name" : "Axis-00408c184bdb AccessController",
      "Description" : "",
      "AccessPoint" : [ "Axis-00408c184bdb:1351589192.102223000" ]
    } ]
  }
}

<pacsaxis:SetAccessController>
  <AccessController token="Axis-00408c184bdb AccessController">
    <AccessPoint>Axis-00408c184bdb:1351589192.102223000</AccessPoint>
    <Description></Description>
    <Name>Axis-00408c184bdb AccessController</Name>
  </AccessController>
</pacsaxis:SetAccessController>

The access profile describes which entities can be accessed, and when this is allowed. This means that the access profile groups different access points together, and describes certain rules for them. In a way, the access profile can be seen as a group bundling users to a set of access points.

The AccessProfile data structure is as follows, and is set to the AccessControl service by calling the API function pacsaxis:SetAccessProfile:

{
  "pacsaxis:SetAccessProfile" : {
    "AccessProfile": [ {
      "token" : "Axis-00408c184bdb:1351591416.539133000",
      "Name" : "AccessProfile1",
      "Description" : "AccessProfile description",
      "Enabled" : true,
      "Schedule" : [ "standard_always" ],
      "ValidFrom": "1997-01-01T00:00:00Z",
      "ValidTo": "2038-01-01T00:00:00Z",
      "AuthenticationProfile" : [],
      "AccessPolicy": [ {
        "AccessPoint" : "Axis-00408c184bdb:1351589192.102223000",
        "AuthorizationProfile" : [],
        "Attribute" : [],
        "Schedule" : [ "standard_always" ]
      } ]
    } ]
  }
}

<pacsaxis:SetAccessProfile>
  <AccessProfile token="Axis-00408c184bdb:1351591416.539133000">
    <AccessPolicy>
      <AccessPoint>Axis-00408c184bdb:1351589192.102223000</AccessPoint>
      <Schedule>standard_always</Schedule>
    </AccessPolicy>
    <Description>AccessProfile description</Description>
    <Enabled>true</Enabled>
    <Name>AccessProfile1</Name>
    <Schedule>standard_always</Schedule>
    <ValidFrom>1997-01-01T00:00:00Z</ValidFrom>
    <ValidTo>2038-01-01T00:00:00Z</ValidTo>
  </AccessProfile>
</pacsaxis:SetAccessProfile>

The AccessPoints that should be affected by this AccessProfile are listed by their tokens in AccessPolicy. This is illustrated above, as the AccessPoint’s token from the example in section Setting the access point is set here (marked in bold). For this example, the AccessProfile is always active by setting the schedule to standard_always (schedules are further discussed in section Specify time-dependent access behavior).

The AuthenticationProfile, Schedule, and ValidFrom/ValidTo fields is described in later sections.

The Credential contains the credentials that a user (credential holder) must provide to get access to the door, for example card and PIN code. The Credential also specifies the access profiles where the credentials can be used. A single Credential can represent a unique user with a unique card and PIN, or it can represent a group of users with the same credentials.

The Credential data structure is set to the access control service using the API function pacsaxis:SetCredential as shown in the following example:

{
  "pacsaxis:SetCredential" : {
    "Credential": [ {
      "token" : "Axis-00408c184bdb:1351593020.016190000",
      "UserToken" : "user_token1",
      "Description" : "Credential description",
      "ValidFrom" : "1997-01-01T00:00:00Z",
      "ValidTo" : "2038-01-01T00:00:00Z",
      "Enabled" : true,
      "Status" : "Enabled",
      "IdData" : [ {
        "Name" : "Card",
        "Value" : "12345678"
      }, {
        "Name" : "PIN",
        "Value" : "1234" } ],
      "Attribute" : [],
      "AuthenticationProfile" : [],
      "CredentialAccessProfile": [ {
        "ValidFrom" : "1997-01-01T00:00:00Z",
        "ValidTo" : "2038-01-01T00:00:00Z",
        "AccessProfile" : "Axis-00408c184bdb:1351591416.539133000"
      } ]
    } ]
  }
}

<pacsaxis:SetCredential>
  <Credential token="Axis-00408c184bdb:1351593020.016190000">
    <CredentialAccessProfile>
      <AccessProfile>Axis-00408c184bdb:1351591416.539133000</AccessProfile>
      <ValidFrom>1997-01-01T00:00:00Z</ValidFrom>
      <ValidTo>2038-01-01T00:00:00Z</ValidTo>
    </CredentialAccessProfile>
    <Description>Credential description</Description>
    <Enabled>true</Enabled>
    <IdData Name="Card" Value="12345678"/>
    <IdData Name="PIN" Value="1234"/>
    <Status>Enabled</Status>
    <UserToken>user_token1</UserToken>
    <ValidFrom>1997-01-01T00:00:00Z</ValidFrom>
    <ValidTo>2038-01-01T00:00:00Z</ValidTo>
  </Credential>
</pacsaxis:SetCredential>

As can be seen in the example above, the credential has a link to each access profile that applies. The CredentialAccessProfile field contains all AccessProfiles the Credential may use.

This example includes the AccessProfile from Setting the access profile (marked in bold). This gives the Credential access to the AccessPoints specified in the AccessProfile.

The IdData contains valid identification data for this Credential, which in this example is both Card and PIN. This data is used to identify and validate the user, depending on necessary authorization requirements of the current AuthenticationProfile.

If an IdData-field with the name “CardNr” is supplied, an extra validation is performed when adding the credential to make sure that no other IdData-field with the name “CardNr” has the same value. This is a special case added to support the use case of having unique card numbers.

Note that no validation is performed on any other IdData-field except for “CardNr” to ensure that the value is unique to the system.

Further note that the IdData-name is unique on the credential; There is no support for having two, for example, PIN IdData-fields on one credential.

The AuthenticationProfile and ValidFrom/ValidTo fields are described in later sections. The UserToken is an optional field of the credential, and is used to link the Credential to a User as described in User service guide.

The Attribute field can be used if the Credential should use the ExtendedAccessTime defined in the Door, see Extend access time for a credential.

Use pacsaxis:GetCredentialStatistics to list the total number of credentials in the system and the number of disabled credentials. If there are 1000 credentials and 5 credentials are disabled, the call returns:

{
  "CredentialStatistics": {
    "NumberOfCredentials": 1000,
    "NumberOfDisabledCredentials": 5
  }
}

<CredentialStatistics>
  <NumberOfCredentials>1000</NumberOfCredentials>
  <NumberOfDisabledCredentials>5</NumberOfDisabledCredentials>
</CredentialStatistics>

The diagram shows the initial system as described previously in section Set up the initial system.

To disable a credential, use pacsaxis:DisableCredential:

{
  "pacsaxis:DisableCredential" : {
    "Token" : "Axis-00408c184bdb:1351593020.016190000",
    "Status" : "Disabled"
  }
}

<pacsaxis:DisableCredential>
  <Status>Disabled</Status>
  <Token>Axis-00408c184bdb:1351593020.016190000</Token>
</pacsaxis:DisableCredential>

The Status field is optional but is submitted here to help human readers to note that the credential is disabled. To enable the credential, call pacsaxis:EnableCredential without the Status field, which then defaults to “Enabled”.

A disabled Credential has the following data structure (with the changes marked in bold):

{
  "Credential" : {
    "token" : "Axis-00408c184bdb:1351593020.016190000",
    "UserToken" : "user_token1",
    "Description" : "Credential description",
    "ValidFrom" : "",
    "ValidTo" : "",
    "Enabled" : false,
    "Status" : "Disabled",
    "IdData" : [ {
      "Name" : "Card",
      "Value" : "12345678"
    }, {
      "Name" : "PIN",
      "Value" : "1234" } ],
    "Attribute" : [],
    "AuthenticationProfile" : [],
    "CredentialAccessProfile" : [ {
      "ValidFrom" : "",
      "ValidTo" : "",
      "AccessProfile" : "Axis-00408c184bdb:1351591416.539133000"
    } ]
  }
}

<Credential token="Axis-00408c184bdb:1351593020.016190000">
  <CredentialAccessProfile>
    <AccessProfile>Axis-00408c184bdb:1351591416.539133000</AccessProfile>
    <ValidFrom></ValidFrom>
    <ValidTo></ValidTo>
  </CredentialAccessProfile>
  <Description>Credential description</Description>
  <Enabled>false</Enabled>
  <IdData Name="Card" Value="12345678"/>
  <IdData Name="PIN" Value="1234"/>
  <Status>Disabled</Status>
  <UserToken>user_token1</UserToken>
  <ValidFrom></ValidFrom>
  <ValidTo></ValidTo>
</Credential>

The Access Control Service returns CredentialNotEnabled in response to an access request with a disabled Credential. The service also generates the event AccessControl/Denied/Credential with Reason set to CredentialNotEnabled:

{
  "rowid": 336,
  "token": "Axis-00408c185451:1383232272.025462002",
  "UUID": "5581ad80-95b0-11e0-b883-00408c185451",
  "UtcTime": "2013-10-31T15:11:11.955788Z",
  "KeyValues":
    [
      {
        "Key": "CredentialHolderName",
        "Value": "user_token1",
        "Tags": [ "onvif-data"]
      },
      {
        "Key": "Reason",
        "Value": "CredentialNotEnabled",
        "Tags": [ "onvif-data"]
      },
      {
        "Key": "AccessPointToken",
        "Value": "Axis-00408c185451:1383040794.997528000",
        "Tags":
          [
            "wstype:pt:ReferenceToken",
            "onvif-source"
          ]
      },
      {
        "Key": "topic2",
        "Value": "Credential",
        "Tags": []
      },
      {
        "Key": "topic1",
        "Value": "Denied",
        "Tags": []
      },
      {
        "Key": "topic0",
        "Value": "AccessControl",
        "Tags": []
      },
      {
        "Key": "CredentialToken",
        "Value": "Axis-00408c184bdb:1351593020.016190000",
        "Tags":
          [
            "wstype:pt:ReferenceToken",
            "onvif-data"
          ]
      }
    ],
  "Tags": []
}

<axlog:Event>
  <axlog:rowid>183</axlog:rowid>
  <axlog:token>Axis-00408c185451:1383214246.055026000</axlog:token>
  <axlog:UUID>5581ad80-95b0-11e0-b883-00408c185451</axlog:UUID>
  <axlog:UtcTime>2013-10-31T10:10:45Z</axlog:UtcTime>
  <axlog:KeyValues>
    <axlog:Key>CredentialHolderName</axlog:Key>
    <axlog:Value>user_token1</axlog:Value>
    <axlog:Tags>onvif-data</axlog:Tags>
  </axlog:KeyValues>
  <axlog:KeyValues>
    <axlog:Key>Reason</axlog:Key>
    <axlog:Value>CredentialNotEnabled</axlog:Value>
    <axlog:Tags>onvif-data</axlog:Tags>
  </axlog:KeyValues>
  <axlog:KeyValues>
    <axlog:Key>AccessPointToken</axlog:Key>
    <axlog:Value>Axis-00408c185451:1383040794.997528000</axlog:Value>
    <axlog:Tags>wstype:pt:ReferenceToken</axlog:Tags>
    <axlog:Tags>onvif-source</axlog:Tags>
  </axlog:KeyValues>
  <axlog:KeyValues>
    <axlog:Key>topic2</axlog:Key>
    <axlog:Value>Credential</axlog:Value>
  </axlog:KeyValues>
  <axlog:KeyValues>
    <axlog:Key>topic1</axlog:Key>
    <axlog:Value>Denied</axlog:Value>
  </axlog:KeyValues>
  <axlog:KeyValues>
    <axlog:Key>topic0</axlog:Key>
    <axlog:Value>AccessControl</axlog:Value>
  </axlog:KeyValues>
  <axlog:KeyValues>
    <axlog:Key>CredentialToken</axlog:Key>
    <axlog:Value>Axis-00408c185451:1383040823.666869000</axlog:Value>
    <axlog:Tags>wstype:pt:ReferenceToken</axlog:Tags>
    <axlog:Tags>onvif-data</axlog:Tags>
  </axlog:KeyValues>
</axlog:Event>

To disable and enabled access points, use tac:DisableAccessPoint and tac:EnableAccessPoint. The requests are similar to the corresponding credential requests but do not have any status field. The example below shows DisableAccessPoint:

{
  "tac:DisableAccessPoint" : {
    "Token" : "Axis-00408c184bdb:1351589192.102223000",
  }
}

<tac:DisableAccessPoint>
  <Token>Axis-00408c184bdb:1351589192.102223000</Token>
</tac:DisableAccessPoint>

A disabled AccessPoint has the following data structure (with the changes marked in bold):

{
  "AccessPoint" : {
    "token" : "Axis-00408c184bdb:1351589192.102223000",
    "Name" : "Entry 1",
    "Description" : "Entry 1 main door",
    "AreaFrom" : "",
    "AreaTo" : "",
    "Type" : "tdc:Door",
    "Entity" : "Door0",
    "DoorDeviceUUID" : "",
    "Enabled" : false,
    "IdPointDevice" : [ {
      "IdPoint" : "idpoint_token",
      "DeviceUUID" : "" } ],
    "AuthenticationProfile" : [ "CardOnly" ],
    "Attribute" : [],
    "ActionArgument" : [],
    "Action" : "Access"
  }
}

<AccessPoint token="Axis-00408c184bdb:1351589192.102223000">
  <Action>Access</Action>
  <AreaFrom></AreaFrom>
  <AreaTo></AreaTo>
  <AuthenticationProfile>CardOnly</AuthenticationProfile>
  <Description>Entry 1 main door</Description>
  <DoorDeviceUUID></DoorDeviceUUID>
  <Enabled>false</Enabled>
  <Entity>Door0</Entity>
  <IdPointDevice>
    <DeviceUUID></DeviceUUID>
    <IdPoint>idpoint_token</IdPoint>
  </IdPointDevice>
  <Name>Entry 1</Name>
  <Type>tdc:Door</Type>
</AccessPoint>

The AccessControl Service returns Unauthorized in response to an access request with a disabled AccessPoint. The service also generates the event AccessControl/Denied/Credential:

{
  "Data" : { "CredentialHolderName" : "user_token1",
        "CredentialToken" : "Axis-00408c184bdb:1351593020.016190000",
        "Reason" : "Unauthorized" },
  "Source" : { "AccessPointToken" : "Axis-00408c184bdb:1351589192.102223000" },
  "Topic" : "tns1:AccessControl/Denied/Credential",
  "UtcTime": "2012-10-31T08:25:32Z"
}

<Data>
<CredentialHolderName>user_token1</CredentialHolderName>
<CredentialToken>Axis-00408c184bdb:1351593020.016190000</CredentialToken>
<Reason>Unauthorized</Reason>
</Data>
<Source>
<AccessPointToken>Axis-00408c184bdb:1351589192.102223000</AccessPointToken>
</Source>
<Topic>tns1:AccessControl/Denied/Credential</Topic>
<UtcTime>2012-10-31T08:25:32Z</UtcTime>

For AccessProfile:s, there are no enable and disable API functions. Instead, call pacsaxis:SetAccessProfile to set the Enabled field to false.

{
  "pacsaxis:SetAccessProfile" : {
    "AccessProfile" : [ {
      "token" : "Axis-00408c184bdb:1351591416.539133000",
      "Name" : "AccessProfile1",
      "Description" : "AccessProfile description",
      "ValidFrom" : "",
      "ValidTo" : "",
      "Enabled" : false,
      "Schedule" : ["standard_always"],
      "AuthenticationProfile" : [],
      "Attribute" : [],
      "AccessPolicy" : [ {
        "AccessPoint" : "Axis-00408c184bdb:1351589192.102223000",
        "AuthorizationProfile" : [],
        "Attribute" : [],
        "Schedule" : [ "standard_always" ]
      } ]
    } ]
  }
}

<AccessProfile token="Axis-00408c184bdb:1351591416.539133000">
  <AccessPolicy>
    <AccessPoint>Axis-00408c184bdb:1351589192.102223000</AccessPoint>
    <Schedule>standard_always</Schedule>
  </AccessPolicy>
  <Description>AccessProfile description</Description>
  <Enabled>false</Enabled>
  <Name>AccessProfile1</Name>
  <Schedule>standard_always</Schedule>
  <ValidFrom></ValidFrom>
  <ValidTo></ValidTo>
</AccessProfile>

The AccessControl Service returns InvalidAccessProfile in response to an access request with a disabled AccessProfile. The service also generates the event AccessControl/Denied/Credential:

{
  "rowid": 339,
  "token": "Axis-00408c185451:1383232539.745263001",
  "UUID": "5581ad80-95b0-11e0-b883-00408c185451",
  "UtcTime": "2013-10-31T15:15:39.249125Z",
  "KeyValues":
    [
      {
        "Key": "CredentialHolderName",
        "Value": "user_token1",
        "Tags": [ "onvif-data"]
      },
      {
        "Key": "Reason",
        "Value": "InvalidAccessProfile",
        "Tags": [ "onvif-data"]
      },
      {
        "Key": "AccessPointToken",
        "Value": "Axis-00408c184bdb:1351589192.102223000",
        "Tags":
          [
            "wstype:pt:ReferenceToken",
            "onvif-source"
          ]
      },
      {
        "Key": "topic2",
        "Value": "Credential",
        "Tags": []
      },
      {
        "Key": "topic1",
        "Value": "Denied",
        "Tags": []
      },
      {
        "Key": "topic0",
        "Value": "AccessControl",
        "Tags": []
      },
      {
        "Key": "CredentialToken",
        "Value": "Axis-00408c184bdb:1351593020.016190000",
        "Tags":
          [
            "wstype:pt:ReferenceToken",
            "onvif-data"
          ]
      }
    ],
  "Tags": []
}

<axlog:Event
  <axlog:rowid>301</axlog:rowid>
  <axlog:token>Axis-00408c185451:1383221383.572782000</axlog:token>
  <axlog:UUID>5581ad80-95b0-11e0-b883-00408c185451</axlog:UUID>
  <axlog:UtcTime>2013-10-31T12:09:42Z</axlog:UtcTime>
  <axlog:KeyValues>
    <axlog:Key>CredentialHolderName</axlog:Key>
    <axlog:Value>user_token1</axlog:Value>
    <axlog:Tags>onvif-data</axlog:Tags>
  </axlog:KeyValues>
  <axlog:KeyValues>
    <axlog:Key>Reason</axlog:Key>
    <axlog:Value>InvalidAccessProfile</axlog:Value>
    <axlog:Tags>onvif-data</axlog:Tags>
  </axlog:KeyValues>
  <axlog:KeyValues>
    <axlog:Key>AccessPointToken</axlog:Key>
    <axlog:Value>Axis-00408c184bdb:1351589192.102223000</axlog:Value>
    <axlog:Tags>wstype:pt:ReferenceToken</axlog:Tags>
    <axlog:Tags>onvif-source</axlog:Tags>
  </axlog:KeyValues>
  <axlog:KeyValues>
    <axlog:Key>topic2</axlog:Key>
    <axlog:Value>Credential</axlog:Value>
  </axlog:KeyValues>
  <axlog:KeyValues>
    <axlog:Key>topic1</axlog:Key>
    <axlog:Value>Denied</axlog:Value>
  </axlog:KeyValues>
  <axlog:KeyValues>
    <axlog:Key>topic0</axlog:Key>
    <axlog:Value>AccessControl</axlog:Value>
  </axlog:KeyValues>
  <axlog:KeyValues>
    <axlog:Key>CredentialToken</axlog:Key>
    <axlog:Value>Axis-00408c184bdb:1351593020.016190000</axlog:Value>
    <axlog:Tags>wstype:pt:ReferenceToken</axlog:Tags>
    <axlog:Tags>onvif-data</axlog:Tags>
  </axlog:KeyValues>
</axlog:Event>

The Credential has a general time frame which determines when this Credential is active. Outside of this period, the Credential is disabled.

It is also possible to specify a time period for each CredentialAccessProfile of an Credential. Using this, the administrator can set up specific time frames for when a user is allowed to use different access profiles.

For example, a user may have access to some access profiles, but one access profile should only be available for a certain period. When that time frame has passed, it is now off limits to the user. The AccessProfile itself still has a valid time period, it is only this particular user who has restricted access to it.

An example of a Credential with valid time frames:

{
  "Credential" : {
    "token" : "Axis-00408c184bdb:1351593020.016190000",
    "UserToken" : "user_token1",
    "Description" : "Credential description",
    "ValidFrom" : "2011-06-30T10:11:12Z",
    "ValidTo" : "2027-06-30T10:11:12Z",
    "Enabled" : true,
    "Status" : "Enabled",
    "IdData": [ {
      "Name" : "Card",
      "Value" : "12345678"
    }, {
      "Name" : "PIN",
      "Value" : "1234" } ],
    "Attribute" : [],
    "AuthenticationProfile" : [],
    "CredentialAccessProfile": [ {
      "ValidFrom" : "2011-06-30T10:11:12Z",
      "ValidTo" : "2013-06-30T10:11:12Z",
      "AccessProfile" : "Axis-00408c184bdb:1351591416.539133000"
    } ]
  }
}

<Credential token="Axis-00408c184bdb:1351593020.016190000">
  <CredentialAccessProfile>
    <AccessProfile>Axis-00408c184bdb:1351591416.539133000</AccessProfile>
    <ValidFrom>2011-06-30T10:11:12Z</ValidFrom>
    <ValidTo>2013-06-30T10:11:12Z</ValidTo>
  </CredentialAccessProfile>
  <Description>Credential description</Description>
  <Enabled>true</Enabled>
  <IdData Name="Card" Value="12345678"/>
  <IdData Name="PIN" Value="1234"/>
  <Status>Enabled</Status>
  <UserToken>user_token1</UserToken>
  <ValidFrom>2011-06-30T10:11:12Z</ValidFrom>
  <ValidTo>2027-06-30T10:11:12Z</ValidTo>
</Credential>

The access control service returns an access denied if outside the valid time frame. Depending on whether ValidFrom or ValidTo is violated, the Reason field is either CredentialNotActive or CredentialExpired.

Events issued are AccessControl/Denied/Credential and AccessControl/Denied/Credential as in the following examples:

{
  "rowid": 342,
  "token": "Axis-00408c185451:1383232840.672639000",
  "UUID": "5581ad80-95b0-11e0-b883-00408c185451",
  "UtcTime": "2013-10-31T15:20:39.933137Z",
  "KeyValues":
    [
      {
        "Key": "CredentialHolderName",
        "Value": "user_token1",
        "Tags": [ "onvif-data"]
      },
      {
        "Key": "Reason",
        "Value": "CredentialNotActive",
        "Tags": [ "onvif-data"]
      },
      {
        "Key": "AccessPointToken",
        "Value": "Axis-00408c184bdb:1351589192.102223000",
        "Tags":
          [
            "wstype:pt:ReferenceToken",
            "onvif-source"
          ]
      },
      {
        "Key": "topic2",
        "Value": "Credential",
        "Tags": []
      },
      {
        "Key": "topic1",
        "Value": "Denied",
        "Tags": []
      },
      {
        "Key": "topic0",
        "Value": "AccessControl",
        "Tags": []
      },
      {
        "Key": "CredentialToken",
        "Value": "Axis-00408c184bdb:1351593020.016190000",
        "Tags":
          [
            "wstype:pt:ReferenceToken",
            "onvif-data"
          ]
      }
    ],
  "Tags": []
}

<axlog:Event>
  <axlog:rowid>304</axlog:rowid>
  <axlog:token>Axis-00408c185451:1383221797.885109000</axlog:token>A
  <axlog:UUID>5581ad80-95b0-11e0-b883-00408c185451</axlog:UUID>
  <axlog:UtcTime>2013-10-31T12:16:37Z</axlog:UtcTime>
  <axlog:KeyValues>
    <axlog:Key>CredentialHolderName</axlog:Key>
    <axlog:Value>user_token1</axlog:Value>
    <axlog:Tags>onvif-data</axlog:Tags>
  </axlog:KeyValues>
  <axlog:KeyValues>
    <axlog:Key>Reason</axlog:Key>
    <axlog:Value>CredentialNotActive</axlog:Value>
    <axlog:Tags>onvif-data</axlog:Tags>
  </axlog:KeyValues>
  <axlog:KeyValues>
    <axlog:Key>AccessPointToken</axlog:Key>
    <axlog:Value>Axis-00408c184bdb:1351589192.102223000</axlog:Value>
    <axlog:Tags>wstype:pt:ReferenceToken</axlog:Tags>
    <axlog:Tags>onvif-source</axlog:Tags>
  </axlog:KeyValues>
  <axlog:KeyValues>
    <axlog:Key>topic2</axlog:Key>
    <axlog:Value>Credential</axlog:Value>
  </axlog:KeyValues>
  <axlog:KeyValues>
    <axlog:Key>topic1axlog:Key>topic1>
    <axlog:Value>Denied</axlog:Value>
  </axlog:KeyValues>
  <axlog:KeyValues>
    <axlog:Key>topic0</axlog:Key>
    <axlog:Value>AccessControl</axlog:Value>
  </axlog:KeyValues>
  <axlog:KeyValues>
    <axlog:Key>CredentialToken</axlog:Key>
    <axlog:Value>Axis-00408c184bdb:1351593020.016190000</axlog:Value>
    <axlog:Tags>wstype:pt:ReferenceToken</axlog:Tags>
    <axlog:Tags>onvif-data</axlog:Tags>
  </axlog:KeyValues>
</axlog:Event>

{
  "rowid": 345,
  "token": "Axis-00408c185451:1383232972.722756000",
  "UUID": "5581ad80-95b0-11e0-b883-00408c185451",
  "UtcTime": "2013-10-31T15:22:51.973900Z",
  "KeyValues":
    [
      {
        "Key": "CredentialHolderName",
        "Value": "user_token1",
        "Tags": [ "onvif-data"]
      },
      {
        "Key": "Reason",
        "Value": "CredentialExpired",
        "Tags": [ "onvif-data"]
      },
      {
        "Key": "AccessPointToken",
        "Value": "Axis-00408c184bdb:1351589192.102223000",
        "Tags":
          [
            "wstype:pt:ReferenceToken",
            "onvif-source"
          ]
      },
      {
        "Key": "topic2",
        "Value": "Credential",
        "Tags": []
      },
      {
        "Key": "topic1",
        "Value": "Denied",
        "Tags": []
      },
      {
        "Key": "topic0",
        "Value": "AccessControl",
        "Tags": []
      },
      {
        "Key": "CredentialToken",
        "Value": "Axis-00408c184bdb:1351593020.016190000",
        "Tags":
          [
            "wstype:pt:ReferenceToken",
            "onvif-data"
          ]
      }
    ],
  "Tags": []
}

<axlog:Event>
  <axlog:rowid>307</axlog:rowid>
  <axlog:token>Axis-00408c185451:1383222889.795332002</axlog:token>
  <axlog:UUID>5581ad80-95b0-11e0-b883-00408c185451</axlog:UUID>
  <axlog:UtcTime>2013-10-31T12:34:49Z</axlog:UtcTime>
  <axlog:KeyValues>
    <axlog:Key>CredentialHolderName</axlog:Key>
    <axlog:Value>user_token1</axlog:Value>
    <axlog:Tags>onvif-data</axlog:Tags>
  </axlog:KeyValues>
  <axlog:KeyValues>
    <axlog:Key>Reason</axlog:Key>
    <axlog:Value>CredentialExpired</axlog:Value>
    <axlog:Tags>onvif-data</axlog:Tags>
  </axlog:KeyValues>
  <axlog:KeyValues>
    <axlog:Key>AccessPointToken</axlog:Key>
    <axlog:Value>Axis-00408c184bdb:1351589192.102223000</axlog:Value>
    <axlog:Tags>wstype:pt:ReferenceToken</axlog:Tags>
    <axlog:Tags>onvif-source</axlog:Tags>
  </axlog:KeyValues>
  <axlog:KeyValues>
    <axlog:Key>topic2</axlog:Key>
    <axlog:Value>Credential</axlog:Value>
  </axlog:KeyValues>
  <axlog:KeyValues>
    <axlog:Key>topic1</axlog:Key>
    <axlog:Value>Denied</axlog:Value>
  </axlog:KeyValues>
  <axlog:KeyValues>
    <axlog:Key>topic0</axlog:Key>
    <axlog:Value>AccessControl</axlog:Value>
  </axlog:KeyValues>
  <axlog:KeyValues>
    <axlog:Key>CredentialToken</axlog:Key>
    <axlog:Value>Axis-00408c184bdb:1351593020.016190000</axlog:Value>
    <axlog:Tags>wstype:pt:ReferenceToken</axlog:Tags>
    <axlog:Tags>onvif-data</axlog:Tags>
  </axlog:KeyValues>
</axlog:Event>

Analogously to the case with Credential, the AccessProfile may have a time frame set for when the profile is valid. Outside this time frame, any access requests involving it are denied. See the example below:

{
  "AccessProfile" : {
    "token" : "Axis-00408c184bdb:1351591416.539133000",
    "Name" : "AccessProfile1",
    "Description" : "AccessProfile description",
    "ValidFrom" : "2011-06-30T10:11:12Z",
    "ValidTo" : "2027-06-30T10:11:12Z",
    "Enabled" : true,
    "Schedule" : ["standard_always"],
    "AuthenticationProfile" : [],
    "Attribute" : [],
    "AccessPolicy" : [ {
      "AccessPoint" : "Axis-00408c184bdb:1351589192.102223000",
      "AuthorizationProfile" : [],
      "Attribute" : [],,
      "Schedule" : [ "standard_always" ]
    } ]
  }
}

<AccessProfile token="Axis-00408c184bdb:1351591416.539133000">
  <AccessPolicy>
    <AccessPoint>Axis-00408c184bdb:1351589192.102223000</AccessPoint>
    <Schedule>standard_always</Schedule>
  </AccessPolicy>
  <Description>AccessProfile description</Description>
  <Enabled>true</Enabled>
  <Name>AccessProfile1</Name>
  <Schedule>standard_always</Schedule>
  <ValidFrom>2011-06-30T10:11:12Z</ValidFrom>
  <ValidTo>2027-06-30T10:11:12Z</ValidTo>
</AccessProfile>

The response of an access request and dispatched events are the same as if the AccessProfile was disabled, see section Disable an access profile.

The AuthenticationProfiles can be configured with schedules which tells when an AuthenticationProfile is available. An AccessPoint using scheduled AuthenticationProfiles will have changing access requirements over time.

The example below shows how to set CardOnly to be scheduled as valid during office hours and CardPlusPin as valid outside of office hours. Additionally, an exception is set saying that during public holidays CardPlusPin is required. The example assumes the three schedules, office_hours, not_public_holidays and the default standard_always, already exists (and is being active when the name implies). The setup of the AuthenticationProfiles follows:

{"AuthenticationProfile" : [ {
    "token": "CardOnly",
    "Name": "CardOnly",
    "Description": "Card only",
    "IdFactor": [ { "IdDataName": "Card",
          "IdMatchOperatorName": "IdDataEqual",
          "OperatorValue": ""} ],
    "Schedule": ["office_hours", "not_public_holidays"]
  }, {
    "token": "CardPlusPin",
    "Name": "CardPlusPin",
    "Description": "Card + PIN",
    "IdFactor": [ {"IdDataName": "Card",
          "IdMatchOperatorName": "IdDataEqual",
          "OperatorValue": ""},
          {"IdDataName": "PIN",
          "IdMatchOperatorName": "IdDataEqual",
          "OperatorValue": ""} ],
    "Schedule": ["standard_always"]
  } ]
}

<AuthenticationProfile token="CardOnly">
  <Description>Card only</Description>
  <IdFactor>
    <IdDataName>Card</IdDataName>
    <IdMatchOperatorName>IdDataEqual</IdMatchOperatorName>
    <OperatorValue></OperatorValue>
  </IdFactor>
  <Name>CardOnly</Name>
  <Schedule>office_hours</Schedule>
  <Schedule>not_public_holidays</Schedule>
</AuthenticationProfile>
<AuthenticationProfile token="CardPlusPin">
  <Description>Card + PIN</Description>
  <IdFactor>
    <IdDataName>Card</IdDataName>
    <IdMatchOperatorName>IdDataEqual</IdMatchOperatorName>
    <OperatorValue></OperatorValue>
  </IdFactor>
  <IdFactor>
    <IdDataName>PIN</IdDataName>
    <IdMatchOperatorName>IdDataEqual</IdMatchOperatorName>
    <OperatorValue></OperatorValue>
  </IdFactor>
  <Name>CardPlusPin</Name>
  <Schedule>standard_always</Schedule>
</AuthenticationProfile>

The setup of the AccessPoint, showing the list of AuthenticationProfiles that applies:

{
  "AccessPoint" : [ {
    "token" : "Axis-00408c184bdb:1351589192.102223000",
    "Name" : "Entry 1",
    "Description" : "Entry 1 main door",
    "AreaFrom" : "",
    "AreaTo" : "",
    "EntityType" : "tdc:Door",
    "Entity" : "Door0",
    "DoorDeviceUUID" : "",
    "Enabled" : true,
    "IdPointDevice" : [ { "IdPoint" : "idpoint_token",
          "DeviceUUID" : "" } ],
    "AuthenticationProfile" : [ "CardOnly", "CardPlusPin" ],
    "Attribute" : [],
    "ActionArgument" : [],
    "Action" : "Access"
  } ]
}

<AccessPoint token="Axis-00408c184bdb:1351589192.102223000">
  <Action>Access</Action>
  <AreaFrom></AreaFrom>
  <AreaTo></AreaTo>
  <AuthenticationProfile>CardOnly</AuthenticationProfile>
  <AuthenticationProfile>CardPlusPin</AuthenticationProfile>
  <Description>Entry 1 main door</Description>
  <DoorDeviceUUID></DoorDeviceUUID>
  <Enabled>true</Enabled>
  <Entity>Door0</Entity>
  <IdPointDevice>
    <DeviceUUID></DeviceUUID>
    <IdPoint>idpoint_token</IdPoint>
  </IdPointDevice>
  <Name>Entry 1</Name>
  <Type>tdc:Door</Type>tdc:Door
</AccessPoint>

The AccessProfile has two configuration options that are possible to set specific schedules to. One main schedule which determines when the AccessProfile is available, making it possible to administrate time limits for a group of users. The other is for each attached AccessPoint, which makes it possible to have separate doors accessible to the users at different times.

In the following example, the schedules from the example in the previous section are recalled. An advanced setup has been made to the AccessProfile saying that the group of users linked to this access profile has access all the time, except for public holidays. In addition, access is always granted through the secondary access point called “employee-door”, but the main access point (“main-door”) is restricted to office hours.

{
  "AccessProfile" : [{
    "token" : "Axis-00408c184bdb:1351591416.539133000",
    "Name" : "AccessProfile1",
    "Description" : "AccessProfile description",
    "ValidFrom" : "",
    "ValidTo" : "",
    "Enabled" : true,
    "Schedule" : ["standard_always", "not_public_holidays"],
    "AuthenticationProfile" : [],
    "Attribute" : [],
    "AccessPolicy" : [ {
      "AccessPoint" : "main-door",
      "AuthorizationProfile" : [],
      "Attribute" : [],,
      "Schedule" : [ "office_hours" ]
    }, {
      "AccessPoint" : "employee-door",
      "AuthorizationProfile" : [],
      "Attribute" : [],,
      "Schedule" : [ "standard_always" ]
    } ]
  } ]
}

<AccessProfile token="Axis-00408c184bdb:1351591416.539133000">
  <AccessPolicy>
    <AccessPoint>main-door</AccessPoint>
    <AuthorizationProfile></AuthorizationProfile>
    <Schedule>office_hours</Schedule>
  </AccessPolicy>
  <AccessPolicy>
    <AccessPoint>employee-door</AccessPoint>
    <AuthorizationProfile></AuthorizationProfile>
    <Schedule>standard_always</Schedule>
  </AccessPolicy>
  <AuthenticationProfile></AuthenticationProfile>
  <Description>AccessProfile description</Description>
  <Enabled>true</Enabled>
  <Name>AccessProfile1</Name>
  <Schedule>standard_always</Schedule>
  <Schedule>not_public_holidays</Schedule>
  <ValidFrom></ValidFrom>
  <ValidTo></ValidTo>
</AccessProfile>

Anti-passback is configured by adding attributes to an AccessPoint. The following configuration attributes are available:

Note: AntiPassbackMode is mandatory to enable the feature. The other two attributes will use default values if not entered.

AntiPassbackMode:

• Logical - Two card readers attached to the door. The user cannot access the area twice without exiting in between. The timer is not used.

• TimedLogical - Same as Logical, but the user can access the area again when the AntiPassbackTimeout timer has expired.

AntiPassbackEnforcementMode:

• Soft - Anti-passback is not enforced, but violations still produce anti-passback events.

• Hard - Anti-passback is enforced and violations produce anti-passback events.

AntiPassbackTimeout:

• Number of seconds the user will be locked out when anti-passback occurs.

Note 1: AntiPassbackTimeout is only used in TimedLogical mode. Timer is not restarted on consecutive card swipes.

Note 2: Even if all configuration attributes are entered in the AccessPoint, Areas (SetArea) will also need to be created, and specified in the AccessPoint (AreaTo and AreaFrom).

Anti-passback may be overridden for a credential by adding a credential attribute. When set to True, anti-passback is disabled entirely for that credential.

The anti-passback feature is enforced based on the anti-passback monitoring data stored locally in the access controller. Anti-passback monitoring data is updated once the anti-passback feature is enabled, with a list of credentials and related information. The following data types for anti-passback monitoring data are valid:

• pt:ReferenceToken CredentialToken
  Credential token number

• xs:long PassOkThreshold
  Anti-passback timer value (in microseconds)

• xs:string CurrentArea
  The current area token

• xs:boolean ByTime
  Used to indicate AntiPassbackMode. False denotes Logical, True denotes TimedLogical.

Anti-passback monitoring data of the access controller can be configured by the client, directly through the function SetAntipassbackData. The client can list the anti-passback database of the controller through GetAntipassbackDataList. A typical use case for this feature is to synchronize anti-passback database in multiple controllers in the same area, to achieve area-based anti-passback. The recommended way to configure the anti-passback monitoring data is to first employGetAntipassbackDataList and then send this same data to the controller directly. In most cases, there is no need to modify the data from GetAntipassbackDataList before using it for SetAntipassbackData.

The clearing of anti-passback data for specific or all credentials stored in the controller is supported. If the credential is currently not in anti-passback violation, then nothing happens. For further details, refer to the Access Control Service API Enable anti-passback.

• Clear anti-passback data for all credentials
  Function: ResetAllAntipassbackViolations

• Clear anti-passback monitoring data for a specific credential
  Function: ResetAntipassbackViolation

When access is denied because of anti-passback, the existing event AccessControl/Denied/Credential is sent with AntiPassbackViolation as the reason.
A new event is also sent, Credential/State/ApbViolation, as shown below:

[CredentialToken = 'Axis-accc8e25445a:1480425881.133982000'] {onvif-source} {wstype:pt:ReferenceToken}
[tns1:topic2 = 'ApbViolation'] {evvnn:Anti Passback Violation}
[tns1:topic1 = 'State'] {evvnn:State}
[tns1:topic0 = 'Credential']
[CredentialHolderName = 'Axis-accc8e25445a:1480425880.628047000'] {onvif-source} {wstype:pt:ReferenceToken}
[Device Source = '5581ad80-95b0-11e0-b883-accc8e25445a'] {onvif-source}
[Reason = 'AntiPassbackViolation'] {onvif-data}
[ApbViolation = '1'] {onvif-data}
[ClientUpdated = '0'] {onvif-data}

The event Credential/State/ApbViolation, can also be sent in the following scenarios:

• If the anti-passback violation is reset by an API call, i.e. ResetAntipassbackViolation (ApbViolation 0, ClientUpdated 1).

[CredentialToken = 'Axis-accc8e25445a:1480425881.133982000'] {onvif-source} {wstype:pt:ReferenceToken}
[tns1:topic2 = 'ApbViolation'] {evvnn:Anti Passback Violation}
[tns1:topic1 = 'State'] {evvnn:State}
[tns1:topic0 = 'Credential']
[CredentialHolderName = 'Axis-accc8e25445a:1480425880.628047000'] {onvif-source} {wstype:pt:ReferenceToken}
[Device Source = '5581ad80-95b0-11e0-b883-accc8e25445a'] {onvif-source}
[Reason = 'AntiPassbackViolation'] {onvif-data}
[ApbViolation = '0'] {onvif-data}
[ClientUpdated = '1'] {onvif-data}

• If the internal anti-passback cleanup timer (currently running every 10 minutes) finds any credentials where the violation should be removed (ApbViolation 0, ClientUpdated 0). This is only applicable if TimedLogical is used as the anti-passback mode.

[CredentialToken = 'Axis-accc8e25445a:1480425881.133982000'] {onvif-source} {wstype:pt:ReferenceToken}
[tns1:topic2 = 'ApbViolation'] {evvnn:Anti Passback Violation}
[tns1:topic1 = 'State'] {evvnn:State}
[tns1:topic0 = 'Credential']
[CredentialHolderName = 'Axis-accc8e25445a:1480425880.628047000'] {onvif-source} {wstype:pt:ReferenceToken}
[Device Source = '5581ad80-95b0-11e0-b883-accc8e25445a'] {onvif-source}
[Reason = 'AntiPassbackViolation'] {onvif-data}
[ApbViolation = '0'] {onvif-data}
[ClientUpdated = '0'] {onvif-data}

• If the credential in violation is removed by the API call RemoveCredential (ApbViolation 0, ClientUpdated 1).

[CredentialToken = 'Axis-accc8e25445a:1480425881.133982000'] {onvif-source} {wstype:pt:ReferenceToken}
[tns1:topic2 = 'ApbViolation'] {evvnn:Anti Passback Violation}
[tns1:topic1 = 'State'] {evvnn:State}
[tns1:topic0 = 'Credential']
[CredentialHolderName = 'Axis-accc8e25445a:1480425880.628047000'] {onvif-source} {wstype:pt:ReferenceToken}
[Device Source = '5581ad80-95b0-11e0-b883-accc8e25445a'] {onvif-source}
[Reason = 'AntiPassbackViolation'] {onvif-data}
[ApbViolation = '0'] {onvif-data}
[ClientUpdated = '1'] {onvif-data}

Note that due to load considerations, the Credential/State/ApbViolation event is not sent in the following scenarios:

• ResetAllAntipassbackViolations

• SetAntipassbackData

A single PACS device may have diverse components of the same type. For example, a controller may operate two doors: one at the entrance to the building which has secure locking, monitoring and alarm abilities, and the other one is internal which can be only locked and unlocked.

Therefore, capabilities can be divided into 2 groups:

• Overall service capabilities;

• Capabilities for a particular entity in the service. It can also work in conjunction with GetEventProperties function to provide finer control over system.

Please refer to section [Service capabilities] for more information.

The PACS family of ONVIF services defines 2 parallel mechanisms for retrieving status information for most entities:

• Get<Entity>State functions return a cumulative snapshot of the current state, operating mode and other run-time information.

• The Event Service returns up-to-date and consistent states of entities. Each entity provides a set of events (usually one per each field in the State type) to notify a client about status changes. As far as these events are property events, a client receives the current state whenever a new subscription is initialized.

The PACS family of ONVIF services defines several Get-functions that can return data incrementally. These functions allow the processing of a large number of entities even though resources are highly constrained.

To return data incrementally, these functions make use of a parameter called StartReference. StartReference is a device internal identifier used to continue fetching data from the last position, and allows a client to iterate over a large dataset in smaller chunks. The device handles a reasonable number of different StartReferences at the same time and they live for a reasonable time so that clients are able to fetch complete datasets.

An ONVIF compliant client always passes the value returned from a previous request to continue fetching data. Client do not use the same reference more than once.

For example, the StartReference can be incrementing start position number or underlying database transaction identifier.

The returned NextStartReference is used as the StartReference parameter in successive calls, and may be changed by device in each call.

The following pseudo-code demonstrates how information about all Access Points can be obtained from a device:

StartRef = null
do {
  Response = GetAccessPointInfoList(StartReference = StartRef)
  if (Response.AccessPointInfo != null) {
    AllAccessPoints.Append(Response.AccessPointInfo)
  }
  StartRef = Response.NextStartReference
} while (StartRef != null)

The service capabilities reflect optional functionality of a service. The information is static and does not change during device operation. The following capabilities are available:

MaxLimit

The maximum number of entries returned by a single GetList request. The device shall never return more than this number of entities in a single response.

DisableCredential

True if EnableCredential and DisableCredential operations is supported.

GetAccessPoint

True if GetAccessPointList and GetAccessPoint operations are supported.

SetAccessPoint

True if SetAccessPoint operations is supported.

RemoveAccessPoint

True if RemoveAccessPoint operation is supported.

GetArea

True if GetAreaList and GetArea operations are supported.

SetArea

True if SetArea operation is supported.

RemoveArea

True if RemoveArea operation is supported.

GetCredential

True if GetCredentialList and GetCredential operations are supported

SetCredential

True if SetCredential operation is supported.

RemoveCredential

True if RemoveCredential operation is supported.

StandardAttributesSupported

True if the GetStandardAttributes operation is supported.

VendorAttributesSupported

True if the GetVendorAttributes operation is supported.

This operation returns the capabilities of the Access Control service.

An ONVIF compliant device which provides the Access Control service shall implement this method.

The AccessPointInfo structure contains basic information about an AccessPoint instance. An AccessPoint defines an entity a Credential can be granted or denied access to. The AccessPointInfo provides basic information on how access is controlled in one direction for a door (from which area to which area).

Door is the typical device involved, but other type of devices may be supported as well. Multiple AccessPoint items may cover the same Door and/or IdPoint items. A typical case is one AccessPoint for entry and another for exit, both referencing the same Door.

If an AccessPoint is disabled, it shall not be considered in the decision making process and no commands (e.g. AccessDoor requests) will be issued from that AccessPoint to the door (or other type of Entity) configured for that AccessPoint.

An ONVIF compliant device shall provide the following fields for each AccessPoint instance:

token

A service-unique identifier of the AccessPoint.

Name

A user readable name. It shall be up to 64 characters.

Entity

Reference to the entity used to control access; the entity type may be specified by the optional EntityType field explained below but is typically a Door.

Capabilities

The capabilities for the AccessPoint.

To provide more information, the device may include the following optional fields:

Description

Optional user readable description for the AccessPoint. It shall be up to 1024 characters.

AreaFrom

Optional reference to the Area from which access is requested.

AreaTo

Optional reference to the Area to which access is requested.

EntityType

Optional entity type; if missing, a Door type as defined by the ONVIF DoorControl service should be assumed. This can also be represented by the QName value "tdc:Door". This field is provided for future extensions; it will allow an AccessPoint being extended to cover entity types other than Door items as well.

The AccessPoint capabilities reflect optional functionality of a particular physical entity. Different AccessPoint instances may have different set of capabilities. This information may change during device operation, e.g. if hardware settings are changed. The following capabilities are available:

DisableAccessPoint

Indicates whether or not this AccessPoint instance supports EnableAccessPoint and DisableAccessPoint commands.

Duress

Indicates whether or not this AccessPoint instance supports generation of duress events.

AnonymousAccess

Indicates whether or not this AccessPoint has a REX switch or other input that allows anonymous access.

AccessTaken

Indicates whether or not this AccessPoint instance supports generation of AccessTaken and AccessNotTaken events. If AnonymousAccess and AccessTaken are both true, it indicates that the Anonymous versions of AccessTaken and AccessNotTaken are supported.

ExternalAuthorization

Indicates whether or not this AccessPoint instance supports the ExternalAuthorization operation and the generation of Request events. If AnonymousAccess and ExternalAuthorization are both true, it indicates that the Anonymous version is supported as well.

This operation requests a list of all AccessPointInfo items provided by the device. An ONVIF compliant device which provides the Access Control service shall implement this method.

A call to this method shall return a StartReference when not all data is returned and more data is available. The reference shall be valid for retrieving the next set of data. See section Retrieving system configuration.

The number of items returned shall not be greater than Limit parameter.

This operation requests a list of AccessPointInfo items matching the given tokens.

An ONVIF compliant device which provides Access Control service shall implement this method.

The device shall ignore tokens it cannot resolve and shall return an empty list if there are no items matching specified tokens. The device shall not return a fault in this case.

If the number of requested items is greater than MaxLimit, a TooManyItems fault shall be returned.

The AreaInfo structure contains basic information about an Area. An ONVIF compliant device shall provide the following fields for each Area:

token

A service-unique identifier of the Area.

Name

User readable name. It shall be up to 64 characters.

To provide more information, the device may include the following optional field:

Description

User readable description for the Area. It shall be up to 1024 characters.

This operation requests a list of all AreaInfo items provided by the device. An ONVIF compliant device which provides the Access Control service shall implement this method.

A call to this method shall return a StartReference when not all data is returned and more data is available. The reference shall be valid for retrieving the next set of data. See section Retrieving system configuration.

The number of items returned shall not be greater than Limit parameter.

This operation requests a list of AreaInfo items matching the given tokens.

An ONVIF compliant device which provides Access Control service shall implement this method.

The device shall ignore tokens it cannot resolve and shall return an empty list if there are no items matching specified tokens. The device shall not return a fault in this case.

If the number of requested items is greater than MaxLimit, a TooManyItems fault shall be returned.

The AccessPointState contains state information for an AccessPoint. An ONVIF compliant device shall provide the following fields for each AccessPoint instance:

Enabled

Indicates that the AccessPoint is enabled. By default this field value shall be True, if the DisableAccessPoint capabilities is not supported.

This operation requests the AccessPointState for the AccessPoint instance specified by token.

An ONVIF compliant device that provides Access Control service shall implement this method.

The Decision enumeration represents a choice of two available options for an access request:

Granted

The decision is to grant access.

Denied

The decision is to deny access.

This operation allows enabling an access point.

A device that signals support for DisableAccessPoint capability for a particular AccessPoint instance shall implement this command.

This operation allows disabling an access point.

A device that signals support for DisableAccessPoint capability for a particular AccessPoint instance shall implement this command.

This operation allows to deny or grant decision at an AccessPoint instance.

A device that signals support for ExternalAuthorization capability for a particular AccessPoint instance shall implement this method.

The AccessPoint structure provides the full configuration for an AccessPoint. The AccessPoint structure defines a mapping between one or multiple axtid:IdPoints and some Entity (typically of the EntityType tdc:Door) used to control access. Multiple mappings covering the same IdPoint and the same Door may exist.

The IdPointDevice list may contain multiple IdPoint items in cases where request can or must come from more than one IdPoint - e.g. one fingerprint reader and one card reader.

The following fields are available:

token

A service-unique identifier of the AccessPoint.

Name

A user readable name. It shall be up to 64 characters.

Entity

Reference to the entity used to control access; the entity type may be specified by the optional EntityType field explained below but is typically a Door.

Enabled

Whether this AccessPoint is enabled or not.

IdPointDevice

List of IdPoint items and their device info.

AuthenticationProfile

List of AuthenticationProfile items that apply for this AccessPoint.

Attribute

Optional attributes associated with this AccessPoint.

ActionArgument

Optional arguments to action associated with this AccessPoint.

Action

Action associated with this AccessPoint, typically "AccessDoor".

To provide more information, the device may include the following optional fields:

Description

Optional user readable description for the AccessPoint. It shall be up to 1024 characters.

AreaFrom

Optional reference to the Area from which access is requested.

AreaTo

Optional reference to the Area to which access is requested.

EntityType

Optional entity type; if missing, a Door type as defined by the ONVIF DoorControl service should be assumed. This can also be represented by the QName value "tdc:Door". This field is provided for future extensions; it will allow an AccessPoint being extended to cover entity types other than door as well.

DoorDeviceUUID

DeviceUUID, if empty or not specified, the Door token refers to this device and may be filled in by the device.

The following fields are available:

IdPoint

Reference to a axtid:IdPoint.

To provide more information, the device may include the following optional field:

DeviceUUID

DeviceUUID of the device where IdPoint is located. if empty or not specified, the IdPoint token refers to this device and may be filled in by the device.

Argument to be used in Action items.

The following fields are available:

Name

Name of argument.

Value

Value of argument.

To provide more information, the device may include the following optional field:

type

Type of argument.

This operation requests a list of all of AccessPoint items provided by the device. This function shall be implemented if the GetAccessPoint service capability is true.

A call to this method shall return a StartReference when not all data is returned and more data is available. The reference shall be valid for retrieving the next set of data. See section Retrieving system configuration.

The number of items returned shall not be greater than Limit parameter.

This operation requests a list of AccessPoint items matching the given tokens.

This method shall be supported if the GetAccessPoint service capability is true. At least one token shall be specified.

The device shall ignore tokens it cannot resolve and may return an empty list if there are no items matching specified tokens.

If the number of requested items is greater than MaxLimit, a TooManyItems fault shall be returned.

Add/update a list of AccessPoint items.

If AccessPoint items with the specified tokens already exist, they shall be updated. If not, they shall be added.

If the token field of any AccessPoint is empty, the service shall allocate a token for the AccessPoint.

All tokens shall be returned in the response.

This function must be available if the SetAccessPoint service capability is true.

Remove the specified AccessPoint items.

This function must be available if the RemoveAccessPoint service capability is true.

An area is configured using the Area data structure which contains information and settings about an area.

The following fields are available:

token

A service-unique identifier of the Area.

Name

User readable name. It shall be up to 64 characters.

Attribute

Attribute list for the Area.

To provide more information, the device may include the following optional fields:

Description

User readable description for the Area. It shall be up to 1024 characters.

Extension

Future extension .

This operation requests a list of all of Area items provided by the device. This function shall be implemented if the GetArea service capability is true.

A call to this method shall return a StartReference when not all data is returned and more data is available. The reference shall be valid for retrieving the next set of data. See section Retrieving system configuration.

The number of items returned shall not be greater than Limit parameter.

This operation requests a list of Area items matching the given tokens.

This method shall be supported if the GetArea service capability is true. At least one token shall be specified.

The device shall ignore tokens it cannot resolve and may return an empty list if there are no items matching specified tokens.

If the number of requested items is greater than MaxLimit, a TooManyItems fault shall be returned.

Add/update a list of Area items.

If Area with the specified tokens already exist, they shall be updated. If not, they shall be added.

If the token field of any Area is empty, the service shall allocate a token for the Area.

All tokens shall be returned in the response.

This function must be available if the SetArea service capability is true.

Remove the specified Area items.

This function must be available if the RemoveArea service capability is true.

Information for an AccessController.

Provides a list of the available AccessPoint items controlled by the AccessController so that a topological view can be generated for systems consisting of multiple AccessController items exposed thru one device.

The following fields are available:

token

A service-unique identifier of the AccessController.

Name

Short name of AccessController.

AccessPoint

List of AccessPoint items the AccessController manages.

To provide more information, the device may include the following optional field:

Description

Description of the AccessController.

This operation requests a list of all AccessControllerInfo items provided by the device. An ONVIF compliant device which provides the Access Control service shall implement this method.

A call to this method shall return a StartReference when not all data is returned and more data is available. The reference shall be valid for retrieving the next set of data. See section Retrieving system configuration.

The number of items returned shall not be greater than Limit parameter.

This operation requests a list of AccessControllerInfo items matching the given tokens.

An ONVIF compliant device which provides Access Control service shall implement this method.

The device shall ignore tokens it cannot resolve and shall return an empty list if there are no items matching specified tokens. The device shall not return a fault in this case.

If the number of requested items is greater than MaxLimit, a TooManyItems fault shall be returned.

The AccessController structure contains the full configuration from an access controller.

The AccessController receives request for access from IDP:s - Identification Points, by some internal means, using the ONVIF Event mechanism or API call and controls Doors and other resources/targets.

You can do get/set/remove on AccessController items depending on capabilities.

The following fields are available:

token

A service-unique identifier of the AccessController.

Name

Short name of AccessController.

AccessPoint

List of AccessPoint items the AccessController manages.

To provide more information, the device may include the following optional field:

Description

Description of the AccessController.

This operation requests a list of all AccessController items provided by the device. An ONVIF compliant device which provides the Access Control service shall implement this method.

A call to this method shall return a StartReference when not all data is returned and more data is available. The reference shall be valid for retrieving the next set of data. See section Retrieving system configuration.

The number of items returned shall not be greater than Limit parameter.

This operation requests a list of AccessController items matching the given tokens.

An ONVIF compliant device which provides Access Control service shall implement this method.

The device shall ignore tokens it cannot resolve and shall return an empty list if there are no items matching specified tokens.

The device shall not return a fault in this case.

If the number of requested items is greater than MaxLimit, a TooManyItems fault shall be returned.

Add/update a list of AccessController items.

If AccessController items with the specified tokens already exist, they shall be updated. If not, they shall be added.

If the Token field of any AccessController is empty, the service shall allocate a token for the AccessController.

All tokens shall be returned in the response.

Remove the specified AccessController items.

A Credential contains a number of IdData items that represent the credential data such as card number, PIN etc.

The Credential is assigned a number of AccessProfile items using the CredentialAccessProfile where ValidFrom and ValidTo can be individually assigned.

Information about a Credential.

The following fields are available:

token

A service-unique identifier of the Credential.

Enabled

Whether Credential is enabled or not.

Status

Information regarding status of the Credential, e.g. the reason for being disabled. Should normally be one of the defined values in the CredentialStatusEnum type.

To provide more information, the device may include the following optional fields:

UserToken

Identifies the User of the Credential. For security, privacy and possibly other reasons this is optional.

Description

Description of the Credential.

ValidFrom

When Credential starts to be valid. If null, the credential has no restriction on when it starts to be valid (valid from whenever).

ValidTo

When Credential stops to be valid. If null, the credential has no restriction on when it stops to be valid (valid forever).

The status of the credential, e.g. reason for being disabled etc. This value should be used as the Reason field in certain events.

The following values are available:

NotActivated

Credential is not activated yet (BACNET has Unassigned and not_provisioned).

Enabled

Credential is enabled, this is the only state in which access can be granted.

Disabled

Credential is disabled for unknown reason.

LockedOut

Credential is locked out.

Lost

Credential is reported as lost.

Stolen

Credential is reported as stolen.

Damaged

Credential is reported as damaged.

Destroyed

Credential is reported as destroyed.

Inactive

Credential is disabled due to inactivity.

MaxDays

Credential is disabled due to being used maximum number of days.

MaxUses

Credential is disabled due to being used maximum number of times.

Expired

Credential has expired.

The Credential data structure for the AccessController items.

The Credential contains information needed to authenticate a user and a list of references to AccessProfile that determines what this credential is authorized to do.

AttributeList is a list of names or name=value pairs. The following standard Attributes exist: ExtendedTime

A number of these datastructures is stored within the servce and managed using the set/get/remove credential API functions.

The following fields are available:

token

A service-unique identifier of the Credential.

Enabled

Whether Credential is enabled or not.

Status

Information regarding status of the Credential, e.g. the reason for being disabled. Should normally be one of the defined values in the CredentialStatusEnum type.

IdData

The identification data for the credential.

Attribute

Attributes associated with the credential.

AuthenticationProfile

Overrides AuthenticationProfile items specified in an AccessProfile or AccessPolicy if it is set.

CredentialAccessProfile

AccessProfile items associated with the credential.

To provide more information, the device may include the following optional fields:

UserToken

Identifies the User of the Credential. For security, privacy and possibly other reasons this is optional.

Description

Description of the Credential

ValidFrom

When Credential starts to be valid. If null, the credential has no restriction on when it starts to be valid (valid from whenever).

ValidTo

When Credential stops to be valid. If null, the credential has no restriction on when it stops to be valid (valid forever).

IdData contains a single identification/authentication name and the value. A list of these are stored in each Credential. The IdPoint service sends a number of these as SimpleItem name/nalue pairs in the Data section.

The following fields are available:

Name

Name of the field (called IdField in other types.)

Value

The value to match against.

Used by the Credential to reference one AccessProfile, and allowing ValidFrom and ValidTo to be further restricted compared to what is in the AccessProfile.

The following fields are available:

AccessProfile

Reference to AccessProfile.

To provide more information, the device may include the following optional fields:

ValidFrom

Optional ValidFrom that may limit the time period for the AccessProfile, if null no additional restriction.

ValidTo

Optional ValidTo that may limit the time period for the AccessProfile, if null no additional restriction.

The AuthenticationProfile data structure defines what IdFactor items are required at certain schedules.

AuthenticationProfile items are referenced by the AccessPoint but can be overridden in the AccessProfile and in the Credential.

Information about an AuthenticationProfile.

The following fields are available:

token

A service-unique identifier of the AuthenticationProfile.

Name

Name of the AuthenticationProfile.

Description

Description of the AuthenticationProfile.

The AuthenticationProfile holds the authentication requirements.

A number of these data structures is stored within the service and managed using the set, get and remove AuthenticationProfile API functions.

By default the device MUST have at least the following predefined authentication profiles, although they can be modified using the API:

CardOnly

Requiring only the IdDataName "Card".

PINOnly

Requiring only the IdDataName "PIN".

CardPlusPIN

Requiring the IdDataName items "Card" and "PIN".

The following fields are available:

token

A service-unique identifier of the AuthenticationProfile.

Name

Name of the AuthenticationProfile.

Description

Description of the AuthenticationProfile

Schedule

The Schedule items that determine when the AuthenticationProfile is applicable.

IdFactor

The IdFactor items needed to authenticate.

To provide more information, the device may include the following optional field:

Extension

Extension

An IdMatchOperator determines the way a Request IdData Value field in Request and other conditions should be evaluated/treated. ONVIF defines a number of mandatory operators, some optional and device vendors may create new ones. The available IdMatchOperator items are returned in the ServiceCapabilities.

The following fields are available:

Name

Name of the IdMatchOperator.

Description

Description of the operator.

An IdFactor contains the Name of a the IdData and the IdMatchOperator to use. The available IdMatchOperator items are available in the ServiceCapabilities. The following fields are available:

IdDataName

The Name of an IdData field to check.

IdMatchOperatorName

A Name of an existing IdMatchOperator.

OperatorValue

Info/config for certain operators, typically empty.

Attributes is a generic structure that can be added to various data structures, and can be used by clients/management systems for various reasons.

Some standardised attributes exists, which have a defined meaning. The supported attributes that has a special meaning shall be returned by the GetStandardAttributeList and GetVendorAttributeList methods.

Attribute contains a Name and an optional Value and type.

The following fields are available:

Name

Name of attribute

To provide more information, the device may include the following optional fields:

type

Type of the Attribute. int, bool or string.

Value

Value of attribute.

An AccessProfile contains a number of AccessPolicy items that reference AccessPoint items and contains the authorization conditions such as schedules.

Information about an AccessProfile.

The following fields are available:

token

A service-unique identifier of the AccessProfile.

Name

Name of the AccessProfile.

Description

Description of the AccessProfile.

The AccessProfile data structure for the AccessController.

The AccessProfile determine what resources that can be accessed and when by containing references to AccessPolicy items. It also contains information on what AuthenticationProfile items that apply.

A number of these data structures is stored within the service and managed using set, get and remove AccessProfile API functions.

The following fields are available:

token

A service-unique identifier of the AccessProfile.

Name

Name of the AccessProfile.

Description

Description of the AccessProfile.

Schedule

The Schedule items that determine when the AccessProfile is applicable and access to the resources is allowed if the requirements in the AuthenticationProfile items etc. are fulfilled.

AuthenticationProfile

The authentication profiles for this AccessProfile. This list overrides the list in the AccessPoint, so it is typically empty. If one of the authentication profiles in the list is fulfilled access is granted to the resources.

Attribute

Attributes associated with the AccessProfile.

AccessPolicy

List of AccessPolicy that are allowed.

Enabled

If this AccessProfile is enabled or not.

To provide more information, the device may include the following optional fields:

ValidFrom

When AccessProfile starts to be valid. If null, no restriction on start time.

ValidTo

When AccessProfile stops to be valid. If null, no restriction on stop time.

The AccessPolicy data structure defines the authentication and authorization requirements for a Resource and is a used by the AccessProfile data structure. Multiple AccessPolicy items may reference the same Resource and have different authentication and authorization requirements.

The following fields are available:

AuthorizationProfile

List of AuthorizationProfile items that apply to this policy.

Attribute

Optional Attribute list that is applicable for the AccessPolicy.

Schedule

Schedule items when authorized by this AccessPolicy if the other conditions is met.

AccessPoint

Reference to the AccessPoint this AccessPolicy is applicable for.

AuthorizationProfile is a placeholder for future extensions where additional authorizations rules and conditions can be specified.

Information about an AuthorizationProfile.

The following fields are available:

token

A service-unique identifier of the AuthorizationProfile.

Name

Name of the AuthorizationProfile.

Description

Description of the AuthorizationProfile.

A RuleOperator determines the way a Request IdData Value field in Request and other conditions should be evaluated/treated.

ONVIF defines a number of mandatory operators, some optional and device vendors may create new ones.

The available RuleOperator items are returned by the GetRuleOperators method.

The following fields are available:

Name

Name of the RuleOperator.

Description

Description of the operator.

An Rule contains the Name of the Rule which should be the same as the IdData in a Request (and in the Credential) and the RuleOperator to use.

The available RuleOperator items are returned by the GetRuleOperators method.

The following fields are available:

Name

The name of the Rule.

OperatorValue

Values for certain operators.

OperatorName

A Name of an existing RuleOperator.

The AuthorizationProfile holds the authorization requirements.

A number of these data structures is stored within the service and managed using the set, get and remove AuthorizationProfile API functions.

The following fields are available:

token

A service-unique identifier of the AuthorizationProfile.

Name

Name of the AuthorizationProfile.

Description

Description of the AuthorizationProfile.

Schedule

The Schedule items that determine when the AuthorizationProfile is applicable.

Rule

Additional rules needed to authorize.

To provide more information, the device may include the following optional field:

Extension

Future extension.

Returns a list of attributes and their value type supported by the service. ONVIF mandates the following attributes:

ExtendedTimeFlag

If extended times should be used in AccessDoor.

IdFactorOverride=string

overrides AuthenticationProfile.IdFactor, string should be in the form IdDataName=RuleOperatorName E.g. IdFactorOverride=PIN=DontCare

Other attributes that perhaps should be standardized (but not mandatory):

EscortRequired

If the holder of the Credential requires escort, or if a Resource referenced by an AccessProfile requires escort.

EscortNotRequired

If the holder of the Credential does not require escort.

Escort

The holder of the credential is an escort.

This function shall return the vendor specific attributes supported.

Perform a validation of the request, and return the result, but does not perform any action.

Generic structure containing a name/value pair.

The following fields are available:

Name

Name

Value

Value

Request access to the specified Resource with the given IdField items.

This operation requests a list of all CredentialInfo items provided by the device. An ONVIF compliant device which provides the Access Control service shall implement this method.

A call to this method shall return a StartReference when not all data is returned and more data is available. The reference shall be valid for retrieving the next set of data. See section Retrieving system configuration.

The number of items returned shall not be greater than Limit parameter.

This function must be available if the GetCredentialListSupported service capability is true.

This operation requests a list of CredentialInfo items matching the given tokens.

This method shall be supported if the GetCredential service capability is true. At least one token shall be specified.

The device shall ignore tokens it cannot resolve and may return an empty list if there are no items matching specified tokens.

If the number of requested items is greater than MaxLimit, a TooManyItems fault shall be returned.

This operation shall enable a credential.

This function must be available if the DisableCredential service capability is true.

This operation shall disable a credential.

This function must be available if the DisableCredential service capability is true.

This operation requests a list of all Credential items provided by the device. An ONVIF compliant device which provides the Access Control service shall implement this method.

A call to this method shall return a StartReference when not all data is returned and more data is available. The reference shall be valid for retrieving the next set of data. See section Retrieving system configuration.

The number of items returned shall not be greater than Limit parameter.

This function must be available if the GetCredential service capability is true.

This could be a security risk.

This operation requests a list of Credential items matching the given tokens.

This method shall be supported if the GetCredential service capability is true. At least one token shall be specified.

The device shall ignore tokens it cannot resolve and may return an empty list if there are no items matching specified tokens.

If the number of requested items is greater than MaxLimit, a TooManyItems fault shall be returned.

This could be a security risk.

Add/update a list of Credential items.

If Credential items with the specified tokens already exist, they shall be updated. If not, they shall be added.

If the Token field of any Credential item is empty, the service shall allocate a token for the Credential.

All tokens shall be returned in the response.

Remove the specified Credential items.

This operation requests a list of all AccessProfileInfo items provided by the device. An ONVIF compliant device which provides the Access Control service shall implement this method.

A call to this method shall return a StartReference when not all data is returned and more data is available. The reference shall be valid for retrieving the next set of data. See section Retrieving system configuration.

The number of items returned shall not be greater than Limit parameter.

This function is mandatory.

This operation requests a list of AccessProfileInfo items matching the given tokens.

This method shall be supported if the GetAccessProfile service capability is true. At least one token shall be specified.

The device shall ignore tokens it cannot resolve and may return an empty list if there are no items matching specified tokens.

If the number of requested items is greater than MaxLimit, a TooManyItems fault shall be returned.

This operation requests a list of all of AccessProfile items provided by the device. This function shall be implemented if the GetAccessProfile service capability is true.

A call to this method shall return a StartReference when not all data is returned and more data is available. The reference shall be valid for retrieving the next set of data. See section Retrieving system configuration.

The number of items returned shall not be greater than Limit parameter.

This operation requests a list of AccessProfile items matching the given tokens.

This method shall be supported if the GetAccessProfile service capability is true. At least one token shall be specified.

The device shall ignore tokens it cannot resolve and may return an empty list if there are no items matching specified tokens.

If the number of requested items is greater than MaxLimit, a TooManyItems fault shall be returned.

Add/update a list of AccessProfile items.

If AccessProfile items with the specified tokens already exist, they will be updated. If not, they shall be added.

If the Token field of any AccessProfile is empty, the service shall allocate a token for the AccessProfile.

All tokens shall be returned in the response.

Remove the specified AccessProfile items.

This operation requests a list of all AuthenticationProfileInfo items provided by the device. An ONVIF compliant device which provides the Access Control service shall implement this method.

A call to this method shall return a StartReference when not all data is returned and more data is available. The reference shall be valid for retrieving the next set of data. See section Retrieving system configuration.

The number of items returned shall not be greater than Limit parameter.

This operation requests a list of AuthenticationProfileInfo items matching the given tokens.

An ONVIF compliant device which provides Access Control service shall implement this method.

The device shall ignore tokens it cannot resolve and shall return an empty list if there are no items matching specified tokens. The device shall not return a fault in this case.

If the number of requested items is greater than MaxLimit, a TooManyItems fault shall be returned.

This operation requests a list of all AuthenticationProfile items provided by the device. An ONVIF compliant device which provides the Access Control service shall implement this method.

A call to this method shall return a StartReference when not all data is returned and more data is available. The reference shall be valid for retrieving the next set of data. See section Retrieving system configuration.

The number of items returned shall not be greater than Limit parameter.

This operation requests a list of AuthenticationProfile items matching the given tokens.

An ONVIF compliant device which provides Access Control service shall implement this method.

The device shall ignore tokens it cannot resolve and shall return an empty list if there are no items matching specified tokens. The device shall not return a fault in this case.

If the number of requested items is greater than MaxLimit, a TooManyItems fault shall be returned.

Set (adds or modifies) the supplied list of AuthenticationProfile items to the internal storage/database. If the token attribute is empty, a new unique token will be generated by the service. All supplied and generated tokens are returned.

Remove the specified AuthenticationProfile items.

Returns the IdMatchOperator items supported by the service.

ONVIF mandates the following IdMatchOperators: IdDataEqual, OperatorValueEqual, RemoteValidationEvent .

IdDataEqual

The IdData value in the request should be equal to the one in the Credential.IdFields. result = (Request[IdDataName] == Credential.IdFields[IdDataName])

OperatorValueEqual

The IdData value in the request must have the same value as the OperatorValue result = (Request[IdDataName] == OperatorValue). The OperatorValueEqual operator is typically used for REX requests, and OperatorValue = "Active" and IdDataName = "REX"

RemoteValidationEvent

An AccessControl/Request/ExternalConfirmation event is sent and an external entity will do what ever action is needed.

ONVIF recommends the following IdMatchOperators: RemoteValidationRequest (if ServiceCapabilities.RemoteService is true) .

ONVIF reserves the following IdMatchOperators for future use: MatchPhoto, MatchFingerprint, MatchIris, MatchVoice, VerifySignature.

Returns the RuleOperator items supported by the service.

ONVIF mandates the following RuleOperators: Authenticate, RequestEqual, OperatorValueEqual, RemoteValidationEvent.

ONVIF recommends the following RuleOperators: CredentialAttributeEqual, AccessProfileAttributeEqual, RemoteValidationRequest (if ServiceCapabilities.RemoteService is true).

Authenticate

Perform positive authentication according to what the AuthenticationProfileList specifies.

RequestActionEqual

The RequestAction must match OperatorValue[0] result = (Request.Action == Operatorvalue[0])

OperatorValueEqual

The IdData value in the request with the name OperatorValue[0] must have the same value as the OperatorValue[1] result = (Request[[OperatorValue[0]] == OperatorValue[1]). The OperatorValueEqual operator is typically used for REX requests, and OperatorValue = "Active" and IdDataName = "REX".

CredentialAttributeEqual

There must be one Attribute in the Credential that have the same Name as OperatorValue[0] and Value as OperatorValue[1] if that is specified.

RemoteValidationEvent

An AccessControl/Request/Authorization/Credential event is sent and an external entity will do what ever action is needed.

If ServiceCapabilities.RemoteService is true the following must be supported:

RemoteValidationRequest

The RemoteService referenced by the OperatorValue is queried with a tac:ValidateRequest(Request, ..) call. [result, Reason] = RemoteService[OperatorValue].ValidateRequest(Request) Request = Event notification Source, and Data fields.

The device and hardware configuration for an AccessController.

The following fields are available:

token

AccessController Id to use for set, remove and usage.

DeviceUUID

What device the AccessController is on.

Configuration

Configuration for the AccessController.

Enum that specifies matching comparison operators. Subset and Intersection are for matching lists. Subset requires that all the items in the specified list must exist in the list in the matching object. Intersection requires that at least one of the items in the specified list must exist in the list of the matching object.

The following values are available:

Equal

NotEqual

Subset

Intersection

A single rule for matching entity instances, specifying field name and operator to use when matching field value to existing entities in the system.

The following fields are available:

Field

Operator

Statistics related to Credential items.

The following fields are available:

NumberOfCredentials

Number of Credential items in the system.

NumberOfDisabledCredentials

Number of disabled Credential items in the system.

This operation requests a list of all of AccessControllerConfiguration items provided by the device. An ONVIF compliant device which provides the Door Control service shall implement this method.

The returned list shall start with the item specified by a StartReference parameter. If it is not specified by the client, the device shall return items starting from the beginning of the dataset.

StartReference is a device internal identifier used to continue fetching data from the last position, and shall allow a client to iterate over a large dataset in smaller chunks. The device shall be able to handle a reasonable number of different StartReference parameters at the same time and they must live for a reasonable time so that clients are able to fetch complete datasets.

An ONVIF compliant client shall not make any assumptions on StartReference contents and shall always pass the value returned from a previous request to continue fetching data. Client shall not use the same reference more than once.

For example, the StartReference can be incrementing start position number or underlying database transaction identifier.

The returned NextStartReference shall be used as the StartReference parameter in successive calls, and may be changed by device in each call.

The number of items returned shall not be greater than Limit parameter. If Limit parameter is not specified by the client, the device shall assume it unbounded. The number of returned elements is determined by the device and may be less than requested if the device is limited in its resources.

This operation request a list of AccessControllerConfiguration items matching the given tokens.

The device shall ignore tokens it cannot resolve and may return an empty list if there are no items matching specified tokens.

If the number of requested items is greater than the max limit supported, a TooManyItems fault shall be returned

Add/update a list of AccessControllerConfiguration items.

If AccessController items with the specified tokens already exist, they will be updated. If not, they will be added.

If the Token field of any AccessController is empty, the service will allocate a token for the AccessController. All tokens are returned in the response.

Remove the specified AccessControllerConfiguration items.

Get statistics related to the Credential items in the system.

Returns the current state of the MasterDB.

Reopens the MasterDB, optionally: * deleting the current database * opening the new one in a specified path and * enabling encryption with a specific key.

Reset anti-passback for the specified credential(s). If the credential is currently not in anti-passback violation, nothing happens.

Reset anti-passback for all credentials.

AntipassbackData

Anti-passback data describing one entry for GetAntipassbackData and SetAntipassbackData.

The following fields are available:

• CredentialToken: Credential

• PassOkThreshold: Anti-passback timer value (in seconds)

• CurrentArea: Current area token

• ByTime: Used to indicate AntiPassbackMode. False means Logical, True means TimedLogical.

• Violation: Used to indicate whether monitoring has resulted in one or more violations.

This operation requests a list of all of AntipassbackData items provided by the device. An ONVIF Profile A compliant device which provides the DoorControl service shall implement this method.

The returned list shall start with the item specified by a StartReference parameter. If not specified by the client, the device shall return items starting from the beginning of the dataset.

StartReference is a device-internal identifier used to continue fetching data from the last position, and shall allow a client to iterate over a large dataset in smaller chunks. The device shall be able to handle a reasonable number of different StartReferences at the same time, and these must live for a reasonable time so that clients are able to fetch complete datasets. An ONVIF-compliant client shall not make any assumptions on StartReference contents and shall always pass the value returned from a previous request to continue fetching data. Client shall not use the same reference more than once.

For example, the StartReference can be incrementing start position number or underlying database transaction identifier.

The returned NextStartReference shall be used as the StartReference parameter in successive calls, and may be changed by the device in each call.

The number of items returned shall not be greater than the Limit parameter. If Limit is not specified by the client, the device shall assume it to be unbounded. The number of returned elements is determined by the device and may be less than requested if the device has limited resources.