Access Control Does Not Want ONVIF

Published Jul 27, 2016 15:41 PM

ONVIF has become a major force in video surveillance. Despite its well deserved criticisms, ONVIF is widely embraced by video surveillance manufacturers and generally useful in production deployments.

However, ONVIF has been a resounding dud in Access Control, which has continued to be insular and proprietary. Moreover, that is not changing anytime soon, and the message is clear: Access does not need nor want ONVIF.

We look at the situation deeper in this note.

Single ***** ****** ********* ******

****** ***** ************ ***** ******* *** segmented ** ****** ******* (**: ****, Sony) **** ***** ********** ****** ********* (ie: *********, *****) ***** **, ********** access ******* *** ********* **** * key **********: ********** ********* ***** *** brand.

******, ****** ******* ********* ***** ******** (in *** **** ** **** ***********) matched ** **** ********** ******** **** the **** ******.  **** **** ****** systems ********** ***** *******************, **** ********* ** ** ******* major ***** *********** ** ********, ******* simplifying ******* ** ***** *********** **** numbers ** ******* ***** **** ***** any ******************.

Major ****** ********* *** "****"

********, *** ****** ******* ** ****** show ** ********** ** ****** ****.

**** *** **** ******* (******** *************** *******) *** ******** *********** ** the ******** **** *******, ***** ***** majors ***************** *** ********* ** *** ***** hardware ******** *** ******* ********* *******, warranty, *** ****** ***** ******** **** under ***** *** ******.

Interoperability *********** *** *******

*** *** ***** ** **** ******* shunning '********', ***** ********* ****** ************ marketed ********* **** **** ** ********* of ******* *** * ********* ******* end **** ****** ********** **.

******, ****** ***** ************ ***** *************, installers, *** ***-***** ***** ******** *** interoperability, *** **** ******* ****** **** not ***** ** ****** *******.

ONVIF * ** ******

** ***** ** **************** *******, *** idea ** *** **** ** ********. Using *** **** ******* ** **** did **** *****, **** *** * handful ** ****** ********* ******* * as *** *** *** ********* '**************** between ******* *** ******* ** ******** access ******* ******* (****) *** *******-***** video *******'; ** ********* ******** *** divide ******* ******** *********** *** ********** software.

*******, ******* *** ********* ** *** effort, ***** ****** *** *** * **** years, '******** **********' ** *** ******** still ****** **** *** *******, ********* Axis **** ***** ****** **** ********** model.  ******, **** ***** **** ****** partners *********** **** *** *****, **** use ***** *, ******* ***** ****** driver *******.

*** **** ********* ** *** ****** changing, ** ** ***** ** *** ****** ****************: ***** ******* ****, **** ********* ****** *** ** majors ********** ** *** ********** ******* are ** *** *******.

ONVIF * ** ******

****, ***** ** *** ****** ** ** access ***.

******, ***** *** *** ******** ********, ONVIF *** ******* ****** ******* ** the *****.******* *, **** ** ******** ******* ***** this ****, ****** ** '********* ** interface *** ****** ******* ******* *** expands *** ************* ******* *** ***** conformant ****** ******* *******'. *******, *** effort ******* ** **** *** ******* is ******* *********** *** **** ********* useful ******* * ** *********** *** essentially ******* ** *** ******.

** ***** ********** ******* ******** *** software *** *** ************, **** *****/********* exists ** ****** ************* ** ********** systems? ***********, ** *** ** ******** members ** *** ****** ****** *** claiming ***** * ** *********** ******** yet.  * *********, ********* ****** ****** indeed.

Access ***** ******** ***** ** ***** ********

** *** ******** ** '*** ***'* ONVIF ********* *** ******?'

*** ****** ** ********* *** ************* supporting ***** *** ***** **** ****** to ** ***** ** ****** *******. Indeed, ***** ****, ****, *** ***** commanded ****** ********* **** ******** ** the **** ** * ******** ***** API, ** **** '***********' *** ****** exists ****** *****'* ****** *****.

*** ******* *** ******** ** '****** interoperability' *** *** ****** ** ********** as *** ***** ******, *** **** value ** **** ** ****** ** dubious ** ****. **** ****** ************* come ********, ***** **, *** ********** implement ***** ******** *** ******, **** is ****** ******?

** ***** ************ ****** ** **** tangible *** ********, *** *** ****** risk ****** ******** ******** ** * result ** ********.

Interoperability's ****** *******: ****

** *** **** ***** *****, *** biggest '****************' ******* ***** *** ** OSDP. **** ************ ** '******* *.*', ***** ** **** ******** **** encryption, ************* *************, *** *****-********** ********.

****** *****, ****'* ******** **** ********* a ***** **** ** *** ***** access ****** - ******** ******* *** their ********* **** ***********.  *** ***** focus, *******, ******** ** ********** *** potentially ***** ****** ** ****** ****** systems. ******* ******* *** **** ***** positive, *** *** ************ *** ******* member ***** ** * ******* *** increasing *****.

Big ******: ******* ******* & ********

***** *** ******* ****** ** ** ONVIF *** ****** *** ** ******* to ********** ******** *** *********** ** end *****, *** **** ****** *** new ****** ******* *** ******* ********* trying ** **** ****** *** ******.

****** **** **** ** ******** *** software ******* ** ************* ********* ********* or ********, *** ******* *** **** closed ********* ** ********** ****** ******* upward ******** ** *** ******** ********** tough. *** ******** **** ******* ******* is ********* ******* **, *** ********-****** *** ********* ****** ******* **** video ***** ************ *** ******** ******* ** ****.

Comments (12)
RR
Richard Ramsowr
Jul 27, 2016

Amen

All that you posted is true. Here one additional item to think about. After we have sold all the hardware and all of the software. We get so sell the other thing, the "blades", i.e., the cards and the codes which is the long term ROI that the providers are working reach.

Besides why on earth would video centric group like ONVIF have in common with the access control market?

I'm with you on this one...

(1)
Avatar
Baudouin Genouville
Jul 28, 2016
SUPREMA

"Many considerOSDP as 'Weigand 2.0', since it adds features like encryption, bidirectional communication, and smart-credential bitrates."

I completely agree on the point that Interoperability has less interest for Access Control. OSDP is where access control meets interoperability. Not only the security, less/easier wiring, but also reduced total cost of the solution. Using Wiegand, you need to have one controller for every 2~4 readers. With OSDP you can have 8~30 slave access readers on each RS485 BUS. That is partially reducing the total cost of the solution ("partially" because in most of cases you still need extension boards with door relay/sensor).

U
Undisclosed
Jul 29, 2016

more than 2 readers on an OSDP (or RS-485) wire is apparently rare. A small number of vendors seem to go up to 8 readers.

(2)
Avatar
Baudouin Genouville
Jul 31, 2016
SUPREMA

more than 2 readers on an OSDP (or RS-485) wire is apparently rare. A small number of vendors seem to go up to 8 readers.

That's completely true but I would give "more than 2x OSDP readers" a 25% share of installations. The advantage of OSDP is not only increasing security but also saving cost. I had a third one that is "convenience" because many installers do not wire the feedback from controller to the reader (often called Green/Red LED + Buzzer). So with OSDP you have to think of a 3 sides improvement: "Security/Cost/Convenience"

Our side we see more and more customer using 8x Suprema readers on a daisy chain, with a Master reader controlling the whole (storing the fingerprint templates and being installed in the secured part of the building = "no fingerprint data at the door")

http://kb.supremainc.com/knowledge/doku.php?id=en:tc_technology_rs-485_wiring_guidelines&s[]=daisy&s[]=chain

Because for some installations, TCP/IP or Wiegand cannot work:

- Either the TCP/IP number of lines is limited by the customer

- or the readers are distant from each others or from the controller (TCP-IP = 100m, RS485 = 1.2 km, Wiegand ~150m) <= average distance (this varies with cable type and other factors)

(1)
U
Undisclosed #1
Jul 28, 2016
IPVMU Certified

Indeed, unlike video surveillance where manufacturers, installers, and end-users alike clamored for interoperability, the same dynamic simply does not exist in access control.

What's your opinion on why it 'simply does not exist'?

Can it be tied to the megapixel/innovation race to some degree? Meaning that the pace of video technology was far accelerated from access control. People demanded interoperability because they invariably ended up with some new cool camera that only worked thru the web page it came with.

Also, you could tolerate the inevitable glitchyness of interoperability better, e.g. motion detection might not work. But a door can't be glitchy at all.

U
Undisclosed
Jul 29, 2016

OSDP is not just for readers. You can use it for alarm points too. It's focus is "supervised" devices that would be used under the direction of an "panel".

Avatar
Brian Rhodes
Jul 29, 2016
IPVMU Certified

That makes sense. How many alarm systems/sensors are currently using OSDP?

Avatar
Jonathan Lawry
Aug 04, 2017
Trecerdo, LLC

The core reason ONVIF faces such headwinds in access control is that the video analogy is wrong:  In the video comparison, access panels aren't the cameras, they are the VMS!  Readers are the cameras, and OSDP is doing fine there.

Most of the manufacturer's "value add" in access control is put in the panel, just as in video it's put in the VMS.  Yes, you often have ONVIF from the VMS down to the camera, but you never use ONVIF from the VMS up.  You use the VMS provider's SDK for that, because ONVIF won't have each manufacturer's VMS value-add properties.  Hence 3 years on, ONVIF C is largely just the open protocol to talk to the Axis A1001, and little else.

The other reality of the access industry is that it is more expensive to install a door than hang a camera on a wall, and nobody wants to pay for that directly.  So those costs are paid for by hardware markups.  This in turn requires stricter channel management.  Thus any attempt to commoditize access panels tends to be resisted by integrators because it is much harder to mark up, giving little no incentive to sell it.

(2)
(2)
UM
Undisclosed Manufacturer #2
Sep 21, 2019

We considered implementing ONVIF for an access control panel, and in reviewing the specification, it places very strong constraints on the implementation, to the point where it seems nearly impossible to retrofit a controller with support for this API. The only way to implement it would be to write controller firmware from scratch, with the primary goal of implementing this specification. And even this would be quite daunting, due to the complexity of the specification (and the complexity of a commercial control panel). I think the only chance of success this would have had as a standard would have been if they had provided an open-source reference implementation along with it.

(1)
(4)
U
Undisclosed #1
Sep 22, 2019
IPVMU Certified

The only way to implement it would be to write controller firmware from scratch, with the primary goal of implementing this specification.

like this?

(1)
UI
Undisclosed Integrator #3
Sep 22, 2019

Let’s look at “Why ONVIF?” and why not for access control.

ONVIF helped large and small camera manufacturers and recording devices (NVR/VMS) bring new camera products into existing recording products faster, cheaper, easier [in theory].

It didn’t address controller devices (unless you consider a multi-channel encoder/decoder) as much as edge devices.

While not perfect, the ACS industry generally accepted a 5 wire, weigand protocol. Yes, there were custom implementations, even HID readers could be configured with a programming card to output certain ways.

OMHO it’s just not necessary and will be about as beneficial as SIA was for alarm reporting formats.

That’s a whole different rant.

Avatar
Jonathan Lawry
Sep 22, 2019
Trecerdo, LLC

I agree with your points about weigand and SIA alarm formats, as they were very limited in scope. Weigand is less of a protocol and more of a physical TTL connection standard. SIA alarm formats are a better analogy, but elegantly limited in scope: They tell the Central Station/PSAP what account/partition/zone went into alarm, but not specifics on how they were wired.

Standards at the controller level face extreme headwinds. Not only have time schedules, access groupings, etc, been implemented in dozens of different ways across manufacturers, but these peculiarities manifest themselves in ways that affect how cardholder populations actually use doors. Recently I just discovered a panel that can have hundreds of intervals in a single local auto-unlock schedule (used in co-working spaces), and that obscure feature is super-important for their market. For that manufacturer to support ONVIF A and C, this feature would have to become part of the standard, or would have to be an exception to it, defeating the purpose.

Ultimately, ONVIF works well in video because it is a much bigger market with a lot more players, and the standards by which video systems exchange data are transparent to the subjects being monitored. In contrast, PACS systems actively control the flow of people, and the way those systems work is more acutely felt to those using them.

(1)