Search:

 

Bandit:

• Overview
• Code, Collaboration, and Development
• FAQs
• Use Cases

Community:

• Contacts
• Planet Bandit
• Technologies we like
• Blogs we read
• Links

Toolbox:

• What links here
• Related changes
• Upload file
• Special pages
• Printable version

• Participate
• Download
• Bandit Bloggers

Personal tools

• Create an account or log in

From Bandit-project.org

• Home
• FAQ
• Architecture
• Documentation
• Todo List
• Participate
• Download
• Roadmap
• Build/Test

The Bandit Reference Application, in a way, is a demo of how the Bandit components better identity enable applications. This page explains how the reference application currently works and it will give a high level overview of what we have decided to do for the next few releases. If you wish to add something please add it to the to do list future section or send an email to the bandit-dev list. This work was done in conjunction with many others but primarily with Higgins and XMLDap.org. See the Wag server for a list of individuals who helped make this happen.

The Bandit Reference Application .3 has been finished and is available on the public Bandit servers. The servers are: https://wag.bandit-project.org, https://woof.bandit-project.org and https://muzzle.bandit-project.org.

Reference App .4

We will be showing the reference app .4 version at Novell's Brainshare in a Friday Keynote. The next stage of the reference application is focused on the following areas:

Cross Platform Identity Selector - Andy Hodgkinson with Jim Norman are focused on creating a cross platform identity selector that will is completely compatible with the Microsoft and Higgins STS and supported relying parties.
OpenId Context Provider - Duane Buss and Pat Felsted will be doing a Higgin's context provider that enables Card Generation and authentication to an OpenID IdP.
Bluetooth Infocard Store - Daniel Sanders and John Calcote are allowing Infocards to be stored on a remote device like a bluetooth enabled cell phone. The Cross Platform Identity Selector will read the cards from this device.
Credit Card STS - Tom Doman is getting a Higgins STS up that represents a possible Credit Card site. It will enable a Credit Card transaction.
Vendor Site - Pat Felsted will create a vendor site that will allow the purchase of a few items and the use of a Credit Card token for purchase. This is of course all demo ware.
Audit - John Calcote will be adding audit events to these services so you know when someone uses a credit card or authenticates with your identity.

Follow this script to walk through the demo:

1. The script is done but I do not want to completely give away what we are showing.

Reference App .3

This version emphasizes integration of open source components with proprietary software to enable different identity systems to integrate. We are showing integration of a Liberty Alliance system (Novell Access Manager) and a WS-* system (Microsoft Card Space). Using the open source STS component from Higgins we enabled Access Manager to accept Card Space authentication. We also have the Higgins STS running on top of an LDAP directory server that contains the identity data used for Access Manager. This is hosted on the Wag server. This means that you can generate a token for a user in the Access Manager liberty system and use this token in a WS-* or Card Space system. We show this by allowing a user on Wag to login into the Liberty Alliance system hosted on the Muzzle server and also authenticate to the pamelaproject wordpress site. We also allow single sign on with Card Space by associating a personal card with a managed card.

Follow this script to walk through the demo:

1. Create an identity on Wag, by clicking on the identity management tab and creating an identity.
   
2. Now click on the Info Card tab.
   
3. You can create a managed card by putting the user name that you just created in the WAG user id, then enter a card name (no spaces or special characters), then click the Higgins card. If you want to do single sign on you will need to create a personal card on your client (Vista or Windows XP with .net 3 and IE7), you create a personal card by going to the control panel and running the Windows Cards Space application. To get single sign on you must associate this personal card with an identity on wag. To do this on the same page before you click the Higgins Card button click the User personal card for authentication check box. This will pop up the Card Space identity selector, select the personal card you just made. When you get back to the Wag site now enter the password for the identity the user name represents.
   
4. Now the page gets redirected to a page that has a link at the bottom that allows you to download the card you just created. Click this and it will get installed on to your client.
   
5. Login to Novell Access Manager by going to Muzzle and using the username and password for the user you just created on Wag. If you store a link to muzzle be carefule because as soon as you hit muzzle you get redirected to muzzle-admin with some session information in the url. If you go back to this link later the session information is bad so it will fail. Muzzle is an access gateway that protect the Woof MediaWiki site used in the Ref App .2 version.
   
6. After a successful login you will be redirected to Woof and you will be logged in with your Liberty Alliance identity.
   
7. Now logout of woof. (sometimes you need to close your browser to clear your session information)
   
8. Go back to Muzzle.
   
9. Select the CardSpace link under the Federation section.
   
10. Select the managed card you created in step 3.
    
11. If you associated the managed card with your personal card it will login automatically, if not then you will need to enter the password for the user.
    
12. Then you will be logged into Woof like in step 6.
    
13. Now go to the PamelaProject.
    
14. Click the login link.
    
15. Select the Card Space login and chose your managed card.
    
16. After an email verification you will be able to login to this site.
    

Reference App .2

The .2 release of the Reference applications has a front end or Relying Party. This is the woof server. The relying party is a Media Wiki server that has been instrumented with Bandit and Higgins components to better identity enable it. We wanted to show the interactions of many different projects and products so we decided to Card Space Enable the relying party. This means authentication to the site is done via Microsoft compatible open standard WS-* protocols and using Microsoft clients (though non MS clients work as well). We have added a login with Info Card button on the login page. To do the login you must first got to Wag and create an identity (see the instructions below). After you have authenticated with a valid managed Info Card authorization is controlled by the Bandit Role Engine and uses XACML to enforce RBAC. There are different policies used to enforce policy and on the Wag server you can select policies. The default is based on the group your identity is in on the Wag Identity Provider. If you are not in a group you can read all of the public pages. If you are added to the "wikiuser" group you can edit pages. If you are in the "wikiadmin" then you can see certain special pages. We also have policies set on what your email address is. If it ends with "novell.com" then you can edit pages as well. All of your interactions on the Media Wiki relying party are audited using the Bandit ARF (openXDAS) component. You can see the audit log by going to the special link and the scrolling to the bottom and select XDAS log.

The back end identity services are hosted on the Wag server. The Wag server hosts an LDAP Server and has a front end for managing the identities located in this IdP. To be able to create an Info Card used on the Woof server you must create an account in the Idp. You can adjust your groups membership as well on these pages. Once you have an account you can create an Info Card. Click on the Info Card link and it will install into a Windows Card Space compatible client. We used Windows XP with IE7 and .Net 3 installed. We are working on Firefox (Windows and Linux) and Safari(Mac) clients as well. Wag also hosts 2 Security Toke Services that are completely open source and are compatible with Microsoft's Card Space. One is developed by the Higgins project the other by the XMLdap project. They both have the Higgins IdAS (identity abstraction layer) with a LDAP context provider to talk to the Wag IdP. All events are audited with Bandit ARF(openXDAS) and can be viewed with the Audit tab.

Follow the script to walk through the demo:

Demo Script

The next release of the Bandit Reference Application will be done by February 5, 2007. The main area of focus will be a cross platform client, integration with Libery Alliance Identity systems, other IdPs (OpenID and OpenSAML), Auditing to MySQL, Auditing Events, Auditing UI and of course enhancements to the current code. Click to see the complete To Do List.