Open Door Hackathon

From JR
Jump to: navigation, search

Contents

Schedule

Saturday, December 11, 2010 at 2:00 PM - Sunday, December 12, 2010 at 2:00 PM (PT)

Lead

Willow Brugh

Participants/Interested Parties

  • QC Co-Lab
  • Chris
  • Ishmael
  • Hive
  • MakeIt
  • BaltimoreNode
  • Arshad
  • Jacob
  • Patrick
  • Hackerspace.SG
  • Neko
  • Jigsaw
  • LVL1
  • Grace
  • BrainSilo
  • Open Space
  • Pumping Station: One

Synopsis

The OpenDoor Hackathon (ODH) is a hackathon to benefit the members of hacker/maker/artist/co-working spaces by creating a standardized, Open Source RFID access and membership management system that can be used by everyone. At the end of the hackathon, the systems (or subsystems) created by each space will be voted upon, and the best system (or combination of systems) will be chosen. Implementing the system afterwards is, of course, optional.

More Focus for Brain Meats

Prize of an Ice Tube Clock from Adafruit for the space who best implements the standardization of interface specification between custom softwares and access control. Each space will review submissions at 2 o'clock PST on Sunday and rank the systems they would most like to use (you cannot vote for your own). The runner up will receive a Minty Boost Kit. You can also vote on best hardware system, most elegant code, best independent member management software - the top three of each will receive Minty Boost Kits, also via Adafruit. Winners will be announced Sunday at 4 o'clock PST.

Systems Needed

Software for access control (reads from memory stored users and network user databases) Create a functional specification for how authentication can be done securely. Software that manages membership rights (grants rights/features to users based on conditions specified by managers Standardize an interface specification for how custom software can talk to the access control software interface. example: 3rd party space has a member visiting, presents auth token. example: someone wants to create a custom trusted UI (web, phone, etc.) for talking to the auth daemon Web, phone, etc UI for membership management and access control software Involve user interface management. See what tools people are using today to manage membership and build hooks in the software to manage access control, or build your own. Hardware for reading identity (RFID reader, USB stick, etc.) Build plug-ins to support common hardware (don't get stuck on any given vendor).

Join in the conversation at Google Group! Previous information:

Why are We Doing This?

I know, the word "standardized" sends chills down my spine too, but I assure you that this is a good thing! Deciding upon a common system would enable the following things:

  • The ability to share membership between spaces
  • Crowdsourced security enhancements and feature additions
  • Easier membership management
  • A warm fuzzy feeling of being connected with other spaces
  • What we're envisioning (and what many of you already have) is a sort of Reciprocikey or * Space Passport system. We believe that the only way to create such an awesome system is to work together on it!

Goals

Hardware

  • We can forget about door strikes, want only to control a relay. We can, however, discuss potential door strikes/strike systems to use
  • Should be able to poll an external system
  • Should enable default users (eg. directors, staff, managers, etc) and they must be stored internally
  • Should be comprised of commonly available parts
  • Should be priced reasonably
  • Should be Open Source
  • Should have ability to control multiple doors in same space

Software

  • Must interface with hardware to provide access to non-internal users
  • Ideally it would run on any OS
  • Ideally easy to have smartphone/web portal front ends
  • Manages access for users based on paid dues, hour restrictions, etc.
  • Users are stored in a database that *can be* shared between spaces
  • Either a centralized database, or a seed system like diaspora*
  • Must be Open Source
  • Must be reasonably easy for the average person to use

Get Involved

You can have boards on loan from logos-electro or Intel - send them back or pay for them by December 30th. If you want to offer more tools to work with or get a board shipped to your space, contact Willow Brugh Prizes may exist at individual spaces - ask yours for details!

Use Case

Like other spaces dealing with this issue, Workantile Exchange (a co-working space in Ann Arbor, MI, workantileexchange.com) foolishly opted to build their own system. The hardware was designed with the following goals:

  • based on an existing open platform - after several Arduino based versions, lack of processing power for encryption became an issue. Further, for custom production, the two chip setup for Arduino + ethernet was more expensive than the ARM based chip upon which the MakeController is based, that includes Ethernet by default- so, if you want you can use the existing MakeController dev environment.
  • ease of installation - was a large goal for this hardware. Power over Ethernet, by utilizing a single low voltage cable to data and power, the need for electricians for installation is removed and the ability to easily provide battery back-up for the entire system (via a PoE switch) because simple.
  • Open Source Hardware / Software & protocol - workantile isn’t interested having these systems be beholden to a single provider. as such, once the board design is finalized and the firmware is production ready, it will be made available via github, google code or other similar repository. similarly, the interface protocol is extendable and REST / JSON based, so authentication server creation is fairly simply in any modern programming language.

While Workantile’s efforts have been focused on the creation of a door control system, the hardware is equally well suited to any sort of access control scenario, and is currently being modified for tool control (lathe, etc) by several maker spaces. It is up and running (much later than desired) and providing Workantile’s main access control.

Systems Overview

The general features supported by all systems is as follows:

  • Provide a user interface for authentication. May use some or all of:
    • Magnetic swipe cards
    • EM-4000 proximity cards
    • Smart cards
    • Pin/keypads
    • Mobile phone
    • Token/2-factor authentication
    • Other
  • Check a user's credentials against a local database
  • Optionally query a remote a database
  • Log access attempts
  • Notify hackerspace users of “occupied” or “empty status
  • Control an electric door strike or other hardware for door access

Hardware Architecture

Several implementations of these features have been done. The basic categories are:

  1. PC-based systems with USB or serial readers attached to the computer.
  2. Microcontroller-based systems supporting multiple Wiegand or other readers, with or without a central database.
  3. Network-based distributed systems with a centralized database and small uC hardware at each door.

PC vs. Embedded

PC-based systems use a Linux or other platform and direct-attach readers such as USB card readers, RFID units, or keypads. A PC is best suited for running complex software, or where direct connection to the Internet and extensive use of encryption is desirable. PCs have limited numbers of ports however, and specialized hardware is often required for interfacing relays and such.

Embedded systems use a microcontroller, such as an Arduino board or PIC chip in order to run without a PC present. They can be very simple and robust, and often have numerous hardware I/O lines for easy control of doors, lighting, etc. The main disadvantage of a microcontroller approach is the lack of CPU, memory and storage.

Hybrid systems often combine the best of both approaches, with simple, robust electronics performing basic functions, and a PC-based system running the administration and logging functions.

Hackathon Codes

Hackathon codes
Name Description Implementation Contact
Doorcontroller unlock doors using a personal RFID and an associated PIN code OSAA Flemming Frandsen - YAPH
Hackerspace Open Switch Ajax on the main page of www.hive13.org shows the status of the space Hive13 Craig Smith aka zombieCraig
Open Access Control Uses the Arduino open-source hardware to build a robust access control and alarm system
[PDF]
23b Shop John Norman aka Arclight
Opendoor PS1 This is the huge interconnect system using a almost defined data standard called odCard (which are beautiful little JSON objects) that has alot of specifications and only some code.
And Tim's REST authentication server.
[Doc]
Pumping Station: One Rhys Rhaven
Email
Arduino RFID Controller super simple arduino based RFID shield
it is only about 10 parts
It is very, very simple, with an internal database and a serial communication protocol
BrainSilo Loki (Nick)
Email
Maker Access Control controls four doors across two facilities ATM. (3 at Bucketworks, one at Milwaukee Makerspace) Bucketworks Royce Pipkins
Modular OpenDoor Access Control (MODAC) System an open, vendor agnostic framework which will allow users to freely travel between associated hackerspaces while permitting each space to modify the system to meet their individual needs. This is achieved by building a modular, plugin-driven architecture based upon open, established protocols.

The Modular OpenDoor Access Control (MODAC) system presented here can be broken down into 6 primary components: the user input device(s), some form of electronic door control, a custom access controller board, a modified OpenID provider, a guest client access method, and a PC running the back-end control software.
[Doc]

Proof of Concept Videos:
[Video] [Video]
[Video] [Video]

Various photos from the event:
[Photo] [Photo]
[Photo]
QC Co-Lab
Name twitter Role
Arron Lorenz @ArronLorenz Hacker Relations
Chris Cooper @CC_DKP Integration, Documentation
Cody Wilson @Belthesar OpenID Server
David Hinkle @Drachs1978 Back end server programming, Integration
Don Kiew ACB Programming, Wiegand interface
Jeremy Borchet @JesterOnFire ACB Circuit Design, Physical wiring
Mark Kruse @Im_Just_Looking ACB Programming, Wiegand interface
Steve Hamer @SRHamer ACB Circuit Design, Physical wiring
RFID access control Homebrew implementation of Open Access Control w/flash
(loosely based on Open Access Control designed by the 23B Shop hackerspace)
Blooming Labs Nathan
Cerberus Prox an inexpensive HID Clock-And-Data to RS232 converter board Hacklab.TO Dan Fraser
Revelation Space Access Control (Doorduino) Arduino-based access control using iButton tokens
[Blog]
Revelation Space Koen Martens aka Sonologic
Email

Date

information and notes from meeting

See Also

  • Hacker Dojo Maglock
    • There will be a fishbowl of RFID tags in the Electronics Lab at Hacker Dojo. All members will be encouraged to grab an RFID tag and self-serve pair them with their user account on the hackerdojo.com domain. There will be a sign on the bowl saying something along the lines of "RFID tags are of no value until activated".
  • SSH secured door lock
    • by Chaos Computer Club Muenchen (Munich, German)
  • AnonAccess or AnonAccess (English version)
    • by The LABOR (german word for laboratory) (Bochum)
  • USB Auth
    • USB Authenticated Door Lock
    • by Makers Local 256
  • OpenDuino
    • presence notification, (un-)locking and alarm control system. (pluggable)
    • by syn2cat - an open space in Luxembourg
  • Shibboleth
    • The Shibboleth System is a standards based, open source software package for web single sign-on across or within organizational boundaries. It allows sites to make informed authorization decisions for individual access of protected online resources in a privacy-preserving manner.
  • SAML
    • Security Assertion Markup Language (SAML) is an XML-based open standard for exchanging authentication and authorization data between security domains, that is, between an identity provider (a producer of assertions) and a service provider (a consumer of assertions). SAML is a product of the OASIS Security Services Technical Committee.
  • OpenID
    • OpenID is an open standard that describes how users can be authenticated in a decentralized manner, obviating the need for services to provide their own ad hoc systems and allowing users to consolidate their digital identities.[1]
    • The OpenID protocol does not rely on a central authority to authenticate a user's identity. Moreover, neither services nor the OpenID standard may mandate a specific means by which to authenticate users, allowing for approaches ranging from the common (such as passwords) to the novel (such as smart cards or biometrics).
  • Proximity card
  • Contactless smartcard
  • Wiegand protocol
  • A Universal RFID Key

Other Ways to Participate

It takes $137 a day to run Jigsaw Renaissance

More Info

Direction

We're located at:
815 Airport Way S. STE 112, Seattle WA 98134

OpenStreetMap
Google Map
Bing Maps


In International District inside old INS building called Inscape
Personal tools
Namespaces

Variants
Actions
Puzzle Pieces
Wiki tools
Operations plan
For staff
Toolbox