We need a door control system. Preferably one that works with the RFID fobs handed out by UR for the main door at ACTA, since otherwise we'd need two parallel fob administrations and have added cost for our own fobs.

In addition we have outlined the need for two-factor auth, so we want to add a keypad to this, where you type your PIN.

UR HID RFID Fobs

They don't seem to work with a standard reader. I believe at ACTA we tried reading a UR fob with a PC rfid reader, which did not work. Later, ultratux tried to add a borrowed UR fob to a RFID system he has http://www.conrad.nl/ce/nl/product/751242/ which also did not work.

Justa suggests studying the HID ProxkeyIII dox to find out why it might be incompatible. There may be general crypto stopping non-HID devices talking to HID devices. In that case we could solve it by acquiring a HID ProxkeyIII reader off ebay. However, there may even be a crypto key inside the UR reader that was created unique to UR, in which case all our attempts will fail.

Door access system

• Embedded hardware so it won't be bluescreening or some such. This is critical infra, people.
• Queries internal LDAP server for auth

Above requirement collides with Justa's voiced requirement that it is linked to the UR fob membership administration. So I think we should forget about the LDAP. Please comment.

• Discuss whether the lock must be normally-open or normally-closed. In the latter case the space stays secure at the time of a power failure. In the normally-open case either the space unlocks, or we need to invest in a no-break / UPS...
• Ultratux has a normally-closed electronic lock he is willing to donate.

PIN systems

Several vendors have integrated RFID + PIN systems for little money. The reason we rejected such systems (aside from a possible HID fob incompatibility) was that all logic is in one box and that box unavoidably sits on the outside of the door since it has the keypad. This is unacceptable, if you tear it off the wall you not only can power actuate the lock, but you potentially also have a data leak if they can read out which fobs are allowed in (and therefore, into UR too).

So we need a separate system where the keypad does not house the RFID data. It probably is acceptable that you can circumvent the PIN by tearing the keypad off the wall; you'd then still need a fob. The people breaking in through violence usually aren't the same people breaking in through cloning of the fobs... Or: Let's discuss this.

The case we want to avoid: a UR-independent system

If for whatever reason we cannot re-use the fobs of UR main door for our own space we might have other options like the aforementioned wish to link members to SpaceAPI / LDAP. I have looked at cheap systems but most all have a limited number of fobs (20 or 50) which is directly or in the short run insufficient. After more digging I've found a system that has no attainable limit (500), and can interface with a PC for logging. http://www.conrad.nl/ce/nl/product/750782/ This system has the obvious drawback of not being able to use the UR fobs, but if that fails anyway OR if we feel that linking to LDAP has strong advantages maybe this becomes a feasible system. In the case we go for this option we'd have to buy our own rfid fobs, which adds [amount of members] x 6 euro which is a lot. However: maybe we can add generic fobs people already own (their work, home or garage) to our reader, thereby avoiding the purchase of a fob. This could present a security risk for those people so they must make the choice.