--On Wednesday, January 21, 2009 07:27:03 PM +0100 Stanislav Brabec 
<sbra...@suse.cz> wrote:

> Alon Bar-Lev wrote:
>> I don't understand the motivation.
>> Why do you care if readers are accessible by all users?
>
> 1) There are applications, that need direct access to the reader, not
> using pcsc-lite (example: cyberjack utilities).

And how do these devices know how to talk to readers?  Do they have their 
own reader drivers, separate from those included with pcsc-lite or openct?

> That is why it should
> allow to access not only to pcsc daemon, but also to users.

The purpose of pcscd or openct's equivalent, among other things, is to 
multiplex access to smartcard devices and provide for the temporary 
exclusivity that is necessary for all but the most trivial of operations. 
Bypassing these services is perilous, both to the application doing so and 
to other applications, whether or not running as the same user.  I cannot 
imagine any vendor shipping policy that would allow ordinary users direct 
access to smartcard devices.

> PolicyKit can ensure, that only users physically sitting at the desk can
> use the card.

Unless, as Alon points out, the user is using pcsc-lite or openct, in which 
case the daemon accesses the device, rather than the user doing so directly.


> 2) Up to now, HAL has no keyword for these devices and cannot report its
> presence.

HAL _can_ report these devices, and does, to pcscd.

> HAL can easily recognize this device type (at least for USB). It allows
> to write simple applications: If smart card reader/token is plugged, do
> something (e. g. launch banking application).

If you're going to launch an application, it should happen on the basis of 
the presence of a card, not of a reader.  Even then, there is no reason to 
assume that the presence of a card means that a particular reader should be 
launched; cards may be useful for ssh, PGP, web certificates, and so on. 
How would you know which application to launch?  Again, I cannot imagine 
any vendor actually shipping policy that did this, unless/until there is 
quite a bit more work done on figuring out how to map particular cards to 
particular applications, and that's not likely to pan out so well.

-- Jeff
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Reply via email to