--On Wednesday, January 21, 2009 07:27:03 PM +0100 Stanislav Brabec <sbra...@suse.cz> wrote:
> Alon Bar-Lev wrote: >> I don't understand the motivation. >> Why do you care if readers are accessible by all users? > > 1) There are applications, that need direct access to the reader, not > using pcsc-lite (example: cyberjack utilities). And how do these devices know how to talk to readers? Do they have their own reader drivers, separate from those included with pcsc-lite or openct? > That is why it should > allow to access not only to pcsc daemon, but also to users. The purpose of pcscd or openct's equivalent, among other things, is to multiplex access to smartcard devices and provide for the temporary exclusivity that is necessary for all but the most trivial of operations. Bypassing these services is perilous, both to the application doing so and to other applications, whether or not running as the same user. I cannot imagine any vendor shipping policy that would allow ordinary users direct access to smartcard devices. > PolicyKit can ensure, that only users physically sitting at the desk can > use the card. Unless, as Alon points out, the user is using pcsc-lite or openct, in which case the daemon accesses the device, rather than the user doing so directly. > 2) Up to now, HAL has no keyword for these devices and cannot report its > presence. HAL _can_ report these devices, and does, to pcscd. > HAL can easily recognize this device type (at least for USB). It allows > to write simple applications: If smart card reader/token is plugged, do > something (e. g. launch banking application). If you're going to launch an application, it should happen on the basis of the presence of a card, not of a reader. Even then, there is no reason to assume that the presence of a card means that a particular reader should be launched; cards may be useful for ssh, PGP, web certificates, and so on. How would you know which application to launch? Again, I cannot imagine any vendor actually shipping policy that did this, unless/until there is quite a bit more work done on figuring out how to map particular cards to particular applications, and that's not likely to pan out so well. -- Jeff _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel