On Wednesday 22 March 2006 13:51, Shawn Willden wrote:
> While musing about some related issues today, a major possible problem with
> pcsc-lite's security model cropped up. It doesn't appear that there is any
> way to restrict smart card access by user.
Okay, after looking into things a little, it appears that the PC/SC Workgroup
specification (for whatever it's worth) provides a mechanism for user-centric
access control. SCardEstablishConnection takes a scope parameter, and one of
the options is SCARD_SCOPE_USER. However, (a) the document doesn't really
define what it means, (b) what explanation there is doesn't make it seem
useful to solve this problem and (c) pcsc-lite doesn't implement it anyway.
It appears to me that SCARD_SCOPE_USER is supposed to restrict the
application's access to readers that the user is supposed to have access to.
It looks like a mechanism to narrow the set of available readers for
convenience, rather than for security.
Shawn.
_______________________________________________
Muscle mailing list
[email protected]
http://lists.drizzle.com/mailman/listinfo/muscle
