Joshua Miller wrote: > Is it possible to SmartCard enable a website? I've got a customer > requiring that we support SmartCard devices - I was under the impression > SmartCard website authentication happened at the workstation level using > software to control user access to specific sites. Is this not the case?
Smartcard access control can be at any level you want. You can use it to control access to (wireless) networks (e.g. in conjunction with IEEE 802.1x), to computers (native in Windows 2000 and XP) and to websites. > Is there actual code to integrate into an application to make it > SmartCard aware? Smartcard is a rather broad description. According to some recent stats there are some 600 milion smartcards in circulation worldwide. 500 million of them are integrated in mobile phoness. Of the remaining 100 million, some 60 million are integrated into bank cards. The rest has some dedicated purpose, and is the type most people think about when they hear the word smartcard. The idea behind smartcards is that the security of just passwords depends on something what you know. And since people tend to forget that, they write it down on those little notes at the bottom of the screen. With a smartcard however, it depends on both something you know and something you have. Even if you know the password, you still can't get in without the smartcard. Eventually some biometric systems will be developed, so it will become possible to do the thing that we actually want, which is determine not what somebody knows or has, but who he is. But that will take some time. The dedicated type is probably what your customer has in mind. Typically they function by installing a client certificate on the smartcard that is then accessed by the browser (requires the user to type a password) and then the browser uses the client certificate to identify itself to the server. But I know that RSA is selling phone based systems as well, and for a ground-up rollout it is certainly worth investigating (smartcards are expensive, buying a mobile phone with one built-in is almost cheaper). I expect to have a site with smartcard authentication running by the end of next month using neither propietary hardware or propietary smartcards. It will be using mobile phones people already have and bankcards people already have (of the 60 million bank cards some 22 million are in the Netherlands, with a population of about 16 million). Jochem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Archives: http://www.houseoffusion.com/cf_lists/index.cfm?forumid=4 Subscription: http://www.houseoffusion.com/cf_lists/index.cfm?method=subscribe&forumid=4 FAQ: http://www.thenetprofits.co.uk/coldfusion/faq Structure your ColdFusion code with Fusebox. Get the official book at http://www.fusionauthority.com/bkinfo.cfm Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=89.70.4
