On Thu, Feb 01, 2007 at 07:51:47AM +1100, Andrew Bartlett wrote: > I think developing a cross-platform USB 'tumb drive' based soft token > would be an immense benefit. It could make PKINIT real for many small > sites that do not yet wish to invest in a token stack, and perhaps more > importantly, make PKINIT and smart-card login something that developers > and interested technical users can test with resources to hand.
What do you mean by "cross-platform"? OpenSolaris has an OSS (CDDL'ed) PKCS#11 softtoken provider that does pretty much what you want. It stores its files in a filesystem, by default in a sub-directory of the user's home directory; filesystem type does not matter. Since you can put filesystems on a USB flash drive that should suffice for a "cross-platform" softtoken. The specifics of the Solaris softtoken's directory layout and file formats are project private interfaces IIRC, but if there's interest I imagine that we could document them, make them committed public interfaces and help establish a standard for a cross-platform softtoken. Nico --
