We have created a reference Trust Network as a Service application to demonstrate the steps of converting an existing application into a “Trust Enabled” application with two factor authentication and other policies enforcement before access is allowed to parts of the application that have further restrictions. We have taken the classic Java Blueprints Pet Store application and built a modern responsive interface around it using the Twitter Bootstrap framework. The application is built using Jersey, Jackson, JQuery and JSP templating technologies and uses a MySQL database for persistence.
Application Demo
Before we go through the steps for trust enabling the application, click the link below to try out the hosted version of the application:
Before Trust Enabled Pet Store Application
We will now convert this application to require user registration before access to it. The user account is only activated if they can successfully verify the email address entered through the Email Authentication authority right after the user click the Create Account button. This streamlines the registration process and will help reduce user registration drop outs from yours application as compared to typical registration process that involves out of band activation through clicking of a link in an account activation email.
The access to the application will be through a 2 factor authentication – Password Authentication + Phone Authentication
The Password Authentication will be through Database Authentication authority against the application provider’s user database hosted on their servers and the Phone Authentication is through a Database Policy Authority that extracts the phone number from the user database also hosted on the application provider’s servers.
To demonstrate policy enforcement in areas of an application that may have additional authorization requirements, we have made the shopping cart checkout process involve the Lexis Nexis Knowledge Based Authentication authority that requires the user to answer questions about their user identity retrieved from credit histories, DMV records, mortgage records etc.
To access the hosted version of application after it is trust-enabled please click the link below:
After Trust Enabled Pet Store Application
Video of the steps for creating the trust enable version of the Pet Store application:
Click the link below for a step by step guide to trust enable the sample application on your server.
Guide to Trust Enable Pet Store App
-- Download Use Cases as PDF --