Robert Relyea wrote: > No, the API does not give you direct information about how many or > which tokens are installed. Typically that information is gleened by > doing a 'request/not require' client auth. I obviously know what client auth is, but what is "'request/not require' client auth"?
> The certificate would indicate the presence of the correct smart card > (this presumes the server and the card issuer are related). Not necessary, since a certificate can be also installed directly into the browser and doesn't have to be on the smart card. The only way to know this would be to ship the smart card with a certificate pre-installed. Not very convenient.... But perhaps we can make some improvements, if you allow me to explain what I'm looking for: I'd like to have a few functions which would do the following: 1.) Most important provide a function with information if a smart card is inserted already (when entering a page). I guess this is the most obvious one, because currently we can know when a smart card is inserted and removed. If it's inserted I know there *is* one there, if it's removed I know there *was* one there and it's gone now, but if it has been already there I'm clueless... 2.) A function which would force a certain provider (smart card) when creating a private key and installing a certificate. I guess this would mimic activeX somehow from what I know. 3.) A function which would provide information if the certificate used to authenticate against the site is installed on a smart card. How stupid if I logout a user because he has removed the smart card, but the certificate in question wasn't coming from the card at all... (I don't have an idea yet how this should/could work ,since the information about the certificate are coming from the server env. Perhaps we could introduce a new authentication request function via Javascript ;-) ) Would anything into this directions be acceptable? Or perhaps would there be some alternative approaches and ideas? -- Regards Signer: Eddy Nigg, StartCom Ltd. <http://www.startcom.org> Jabber: [EMAIL PROTECTED] <xmpp:[EMAIL PROTECTED]> Blog: Join the Revolution! <http://blog.startcom.org> Phone: +1.213.341.0390 _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
