Frank, I have no particular aim with my question; it is a question related to the big issue of interoperability. The scenario is the following: imagine some entity (shopping mall, bank, public agency, etc.) providing two (or more) online services based on different client client software, maybe one written in Java plus OCF and the other written in C/C++ plus a pkcs#11. Now, imagine also that the two applications both make use of digital signatures and smartcards. In addition, let's also suppose the entity wants to distribute just *one* card to each of its clients (it would be very annoying to have to use two or more different cards), and let's finally assume that the card is a 4K or 8K card, therefore lacking room for plenty of keypairs and certificates, because the applications also need some card storage for their own purposes. So, the card has just one or two keypairs and corresponding certificate, plus some opaque application data. In this scenario, which you may judge very unlikely but from my viewpoint is not, the (BIG) problem that would arise is the one I briefly described in my previous mail. Note that I am not implying that this scenario makes sense or that the problem has an easy solution. Adriano > -----Messaggio originale----- > Da: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Inviato: mercoled� 29 dicembre 1999 11.10 > A: 'Santoni Adriano'; [EMAIL PROTECTED] > Oggetto: Re: [OCF] RE: �OCFA OCF-based and PKCS11-based access to same > data on the same card: possible? > > > > > Adriano, > I am curious why you would want to do just that, have the > other application > access the file objects on the smart card bypassing PKCS#11? > This is asking for > trouble if the PKCS#11 using application is relying on the > status of file > objects on the card that the other application is changing > (our PKCS#11 > implementation for example uses a cashing scheme to minimize > card access). > > It sounds like both applications do not exist today. Why > then not write the > second application in a way that also uses PKCS#11 to access > the objects on the > card? Or do you intent that the other application uses file > objects on the same > card that are not seen and used by the PKCS#11 layer? This > is very well > possible if the PKCS#11 implementation is using OCF > internally. In that case > both applications work on disjunct file objects on the same > card and OCF > arbitrates the access to this card. > Frank Seliger > IBM Pervasive Computing Division > Schoenaicher Str. 220, 71032 Boeblingen, Germany > [EMAIL PROTECTED] > Tel. > +49-7031-16-3142 > > --- > Visit the OpenCard web site at http://www.opencard.org/ for more > information on OpenCard---binaries, source code, documents. > This list is being archived at http://www.opencard.org/archive/opencard/ ! To unsubscribe from the [EMAIL PROTECTED] mailing list send an email ! to ! [EMAIL PROTECTED] ! containing the word ! unsubscribe ! in the body.
