Hi all
I have been reading this list for some time now, and I must say that I
have learned a lot.
I know that my question is i bit out of line in this mailing list and I
apologise for this an advance. My question might be of some interest for
some of the readers, since I guess some of you are dealing with the same
problem as I am.
I'm not a security expert but I think I have got a reasonably correct
view of the particular problem I will have to solve, which is the
following:
The application is a servlet thing running under weblogic webserver. We
currently use https (http over ssl) with client authorization, using
browser certificates. The application also performs signing using
JavaScript in Netscape. We would like to use smart cards instad of the
browser certificates. The proposed solution involved browser plugins
with support for smart cards.
I have proposed that we use applets and OpenCard instead. I guess it is
impossible to create an applet hook for the browser doing the client
authorization magic. A workaround is for us to do the authorization
ourselves, involving applets and OpenCard. The catch is that it is
impossible to know if a connection has been client authorized in the
server, i.e. one doesn't know when the https session is broken and
reestablished. Is there a way to tell if a https session is new, i.e.
client authorisation must be done? Is there a better solution to my
problem?
Thanks a lot.
M�rten
Visit the OpenCard Framework's WWW site at http://www.opencard.org/ for
access to documentation, code, presentations, and OCF announcements.
-----------------------------------------------------------------------------
To unsubscribe from the OCF Mailing list, send a mail to
"[EMAIL PROTECTED]" with the word "unsubscribe" in the BODY of the
message.
