The service capabilities reflect optional functionality of a service. The information is static and does not change during device operation. The following capabilities are available: The maximum number of entries returned by a single GetList request. The device shall never return more than this number of entities in a single response. Used as extension base for AccessPointInfo. A user readable name. It shall be up to 64 characters. Optional user readable description for the AccessPoint. It shall be up to 1024 characters. Optional reference to the Area from which access is requested. Optional reference to the Area to which access is requested. Optional entity type; if missing, a Door type as defined by the ONVIF DoorControl service should be assumed. This can also be represented by the QName value "tdc:Door" - where tdc is the namespace of the Door Control service: "http://www.onvif.org/ver10/doorcontrol/wsdl". This field is provided for future extensions; it will allow an AccessPoint being extended to cover entity types other than Doors as well. Reference to the entity used to control access; the entity type may be specified by the optional EntityType field explained below but is typically a Door. The AccessPointInfo structure contains basic information about an AccessPoint instance. An AccessPoint defines an entity a Credential can be granted or denied access to. The AccessPointInfo provides basic information on how access is controlled in one direction for a door (from which area to which area). </p><p> door is the typical device involved, but other type of devices may be supported as well. Multiple AccessPoints may cover the same Door. A typical case is one AccessPoint for entry and another for exit, both referencing the same Door. </p><p> An ONVIF compliant device shall provide the following fields for each AccessPoint instance: The capabilities for the AccessPoint. The AccessPoint capabilities reflect optional functionality of a particular physical entity. Different AccessPoint instances may have different set of capabilities. This information may change during device operation, e.g. if hardware settings are changed. The following capabilities are available: Indicates whether or not this AccessPoint instance supports EnableAccessPoint and DisableAccessPoint commands. Indicates whether or not this AccessPoint instance supports generation of duress events. Indicates whether or not this AccessPoint has a REX switch or other input that allows anonymous access. Indicates whether or not this AccessPoint instance supports generation of AccessTaken and AccessNotTaken events. If AnonymousAccess and AccessTaken are both true, it indicates that the Anonymous versions of AccessTaken and AccessNotTaken are supported. Indicates whether or not this AccessPoint instance supports the ExternalAuthorization operation and the generation of Request events. If AnonymousAccess and ExternalAuthorization are both true, it indicates that the Anonymous version is supported as well. Basic information about an Area. Used as extension base. User readable name. It shall be up to 64 characters. User readable description for the Area. It shall be up to 1024 characters. The AreaInfo structure contains basic information about an Area. An ONVIF compliant device shall provide the following fields for each Area: The AccessPointState contains state information for an AccessPoint. An ONVIF compliant device shall provide the following fields for each AccessPoint instance: Indicates that the AccessPoint is enabled. By default this field value shall be True, if the DisableAccessPoint capabilities is not supported. The Decision enumeration represents a choice of two available options for an access request: The decision is to grant access. The decision is to deny access. Non-normative enum that describes the various reasons for denying access. The following strings shall be used for the reason field: The device shall provide the following event, whenever a valid credential is not enabled or has been disabled (e.g., due to credential being lost etc.) to prevent unauthorized entry. The device shall provide the following event, whenever a valid credential is presented though it is not active yet;: e.g, the credential was presented before the start date. The device shall provide the following event, whenever a valid credential was presented after its expiry date. The device shall provide the following event, whenever an entered PIN code does not match the credential. The device shall provide the following event, whenever a valid credential is denied access to the requested AccessPoint because the credential is not permitted at the moment. The device shall provide the following event, whenever the presented credential is not authorized. The device shall provide the following event, whenever the request is denied and no other specific event matches it or is supported by the service. The capability response message contains the requested Access Control service capabilities using a hierarchical XML capability structure. Maximum number of entries to return. If not specified, less than one or higher than what the device supports, the number of items is determined by the device. Start returning entries from this start reference. If not specified, entries shall start from the beginning of the dataset. StartReference to use in next call to get the following items. If absent, no more items to get. List of AccessPointInfo items. Tokens of AccessPointInfo items to get. List of AccessPointInfo items. Maximum number of entries to return. If not specified, less than one or higher than what the device supports, the number of items is determined by the device. Start returning entries from this start reference. If not specified, entries shall start from the beginning of the dataset. StartReference to use in next call to get the following items. If absent, no more items to get. List of AreaInfo items. Tokens of AreaInfo items to get. List of AreaInfo items. Token of AccessPoint instance to get AccessPointState for. AccessPointState item. Token of the AccessPoint instance to enable. Token of the AccessPoint instance to disable. Token of the Access Point instance. Optional token of the Credential involved. Optional reason for decision. Decision - Granted or Denied. This operation returns the capabilities of the Access Control service. </p><p> An ONVIF compliant device which provides the Access Control service shall implement this method. This operation requests a list of all AccessPointInfo items provided by the device. An ONVIF compliant device which provides the Access Control service shall implement this method. </p><p> A call to this method shall return a StartReference when not all data is returned and more data is available. The reference shall be valid for retrieving the next set of data. Please refer section [Retrieving system configuration] for more details. </p><p> The number of items returned shall not be greater than Limit parameter. </p><p> This operation requests a list of AccessPointInfo items matching the given tokens. </p><p> An ONVIF compliant device which provides Access Control service shall implement this method. </p><p> The device shall ignore tokens it cannot resolve and shall return an empty list if there are no items matching specified tokens. The device shall not return a fault in this case. </p><p> If the number of requested items is greater than MaxLimit, a TooManyItems fault shall be returned. </p><p> This operation requests a list of all AreaInfo items provided by the device. An ONVIF compliant device which provides the Access Control service shall implement this method. </p><p> A call to this method shall return a StartReference when not all data is returned and more data is available. The reference shall be valid for retrieving the next set of data. Please refer section [Retrieving system configuration] for more details. </p><p> The number of items returned shall not be greater than Limit parameter. </p><p> This operation requests a list of AreaInfo items matching the given tokens. </p><p> An ONVIF compliant device which provides Access Control service shall implement this method. </p><p> The device shall ignore tokens it cannot resolve and shall return an empty list if there are no items matching specified tokens. The device shall not return a fault in this case. </p><p> If the number of requested items is greater than MaxLimit, a TooManyItems fault shall be returned. </p><p> This operation requests the AccessPointState for the AccessPoint instance specified by Token. </p><p> An ONVIF compliant device that provides Access Control service shall implement this method. This operation allows enabling an access point. </p><p> A device that signals support for DisableAccessPoint capability for a particular AccessPoint instance shall implement this command. </p><p> This operation allows disabling an access point. </p><p> A device that signals support for DisableAccessPoint capability for a particular AccessPoint instance shall implement this command. </p><p> This operation allows to Deny or Grant decision at an AccessPoint instance. </p><p> A device that signals support for ExternalAuthorization capability for a particular AccessPoint instance shall implement this method. Copyright (c) 2010-2013 by ONVIF: Open Network Video Interface Forum. All rights reserved.
This is the initial minimized version of the Access Control service aimed at the first PACS Profile C.
The AccessControl service implements the Authentication and Authorization functionality and controls the actions to get access to various Access Points controlling access to Doors and Areas.
The basic data structures used by the service are: * CredentialInfo holding basic information of a credential.
* AccessPointInfo holding basic information on how access is controlled in one direction for a door (from which area to which area) defined in the DoorControl service.