Frank, I am not sure I understand all you said. Of course, I am not talking about *concurrent* access to the card from the two hypothetical applications. What I believe would be most likely is that at any time the user is playing with either application or the other, not both. So there would not be a concurrency/sharing/consistency/arbitration problem. On the other hand, having one API controlling access to the card seems too much of a limitation. I do not think having a pkcs#11 DLL below OCF is a viable option, at least today. By the way, while it is very useful that OCF supports PC/SC (via the bridge DLL) it is instead a pity that the average pkcs#11 library is not based on PC/SC too (if I am not mistaken: please correct me). Adriano > -----Messaggio originale----- > Da: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]] > Inviato: mercoled� 29 dicembre 1999 13.18 > A: Santoni Adriano > Cc: [EMAIL PROTECTED] > Oggetto: Re: R: [OCF] RE: �OCFA OCF-based and PKCS11-based access to > same data on the same card: possible? > > > > > Adriano, > the scenario that you described does make sense to me and is > something that we > have discussed many times in our group. What you pose as a > more general question > of interoperability does in deed not have an easy solution. > But it is easy to > understand that there must be one single point in the system, > that finally > controls and arbitrates the concurrent access to the same > card in the scenario > that you describe. So, it can be either ... > ... OCF, if all applications are based directly or indirectly on OCF, > ... a PKCS#11 access layer, if all applications are based on it, > ... PC/SC if that particular implementation (probaby Windoze) > is using PKCS#11 > and OCF on PC/SC, > ... your own self written access layer that takes over this > "traffic cop" > function and which is used by all applications. And if the > applications are > using the same data, like in your example cryptographic keys, > they better use > the same view of and access mechanism to them. > > OCF can not do anything about card accesses that go around > it, as can not > PKCS#11, as can not PC/SC as can not your or mine self > written access layer. > All must go through one common channel in order to guarantee > concurrent access > without interference. In my view OCF and PKCS#11 are both > good candidates of > being that one access controlling instance of choice, but > only one of both for > the same card (in the case of PKCS#11 implemented based on > OCF this instance is > OCF). > > We have written a very sophisticated PKCS#11 access layer for > a filesystem card > an for a JavaCard. We know what optimizations we have done > internally to store > the data safely and securely and performantly on the card. > We would not advise > anybody to try to access the data on the card directly > without the control of > the PKCS#11 access layer. We would not do so if it were our > development project > :-) > Frank Seliger > IBM Pervasive Computing Division > Schoenaicher Str. 220, 71032 Boeblingen, Germany > [EMAIL PROTECTED] > Tel. > +49-7031-16-3142 > > --- > Visit the OpenCard web site at http://www.opencard.org/ for more > information on OpenCard---binaries, source code, documents. > This list is being archived at http://www.opencard.org/archive/opencard/ ! To unsubscribe from the [EMAIL PROTECTED] mailing list send an email ! to ! [EMAIL PROTECTED] ! containing the word ! unsubscribe ! in the body.
