Identity is not the missing primitive in physical access

Cybersecurity solved most of the problems physical access is now trying to work through. One of them was the question of who owns identity. The answer was settled in IT a decade ago. Okta, Azure AD, Workday, and a generation of HR information systems took that ground and never gave it back. Most operators reading this already know it. They sign in to every other system at work with credentials that never originated in the security stack.

The access industry is now arguing about whether that question should be unsettled again. It shouldn’t, and the argument itself is a tell.

There is a real pattern underneath the argument, and it deserves to be named. Over the last 18 months the centre of gravity in physical access has moved from the door to the person. Manufacturers who used to sell controllers now talk about people. Integrators who used to sell readers now talk about lifecycles. The visitor management category, which lived inside security ten years ago, has migrated to the workplace experience aisle and is not coming back. The conversation at every recent show has tracked the same shift. Whoever owns the person record, the argument goes, owns the customer relationship. The access industry, the argument continues, must therefore own the person record or be reduced to the team that opens or doesn’t open doors.

The pattern is correct. The conclusion is wrong.

The pattern is correct because the centre of gravity has moved. Anyone selling cylinders, controllers, or readers in 2026 already knows the customer’s first question is about people, not parts. The conclusion is wrong because the person record was won by other people years ago, in a fight our industry never entered. Telling the access industry to go own identity now is like telling a hardware store in 2026 to go become Amazon. The advice is logically sound and operationally hopeless.

The more useful question is the one operators are actually asking. When the HR system says Anna is a contractor whose contract ends on Friday at 17:00, what happens at the door at 17:01? In Building 3, on the loading dock, with three mechanical keys still in her drawer and an electronic credential issued four months ago that nobody disabled? When her replacement starts on Monday and inherits the same access profile under a different person record, who sees that, and who proves it later?

Identity does not answer those questions. It cannot. Identity says who Anna is. It does not say where she may go, when, under which rules, or what evidence remains when an auditor asks in 18 months. The centre of gravity has moved further than the popular argument acknowledges. It moved from the door to the person, and from the person to the policy that governs the person in physical space. That second move is the one this industry should be talking about.

That layer has a name and a shape. It is the layer where schedules, zones, time bounds, role policies, and exception rules live. It is the layer that holds the mechanical and electronic inventory of a building and knows which key opens which door, which credential belongs to which person, and which of those credentials should have been recovered last week. It is the integration breadth between PACS, mechanical master key systems, electronic locks, visitor systems, and time and attendance. It is the audit trail that survives a court case, not just a quarter. None of this is on Workday’s roadmap. None of it ever will be. Workday will never schedule a cylinder.

This is the layer worth owning, and it is the layer this industry has spent forty years quietly accumulating expertise in without naming. The naming matters now because the market is finally asking the right question. The companies arguing that physical security should own identity are fighting a war that ended a decade ago. The companies arguing that physical security should own the policy and physical reality layer underneath identity are describing the work that actually exists.

That is the position portier is building toward. A person-centric, policy-driven access layer that takes identity from wherever it lives, applies the rules of a real building, and proves what happened later. We do not need to own who Anna is. We need to own what should happen when she walks toward the loading dock at 17:01 on a Friday with three keys in her drawer.

The shift from door to person was the first move. The shift from person to policy is the next one. Most of the noise in the industry is still arguing the first one. The companies that win the next decade will be the ones already working on the second.