Jeffrey Hutzelman wrote:

> > 1) There are applications, that need direct access to the reader, not
> > using pcsc-lite (example: cyberjack utilities).
> 
> And how do these devices know how to talk to readers?  Do they have their 
> own reader drivers, separate from those included with pcsc-lite or openct?

Yes, they do. Even worse, many of these solutions create a complete
vendor lock. Only the underlaying OS is open sourced.

> The purpose of pcscd or openct's equivalent, among other things, is to 
> multiplex access to smartcard devices

I understand this. But it does not change the fact, that several vendors
don't do it.
> I cannot 
> imagine any vendor shipping policy that would allow ordinary users direct 
> access to smartcard devices.

openSUSE has to do it, at least for selected readers, otherwise users of
these applications complain. Adding a PolicyKit restriction would be a
step forward, not back.

> > PolicyKit can ensure, that only users physically sitting at the desk can
> > use the card.
> 
> Unless, as Alon points out, the user is using pcsc-lite or openct, in which 
> case the daemon accesses the device, rather than the user doing so directly.

PolicyKit may be useful for pcsc-lite/openct as well, to block remote
users access to daemon.

> > 2) Up to now, HAL has no keyword for these devices and cannot report its
> > presence.
> 
> HAL _can_ report these devices, and does, to pcscd.

Yes, it reports them, but as unknown USB devices.

> > HAL can easily recognize this device type (at least for USB). It allows
> > to write simple applications: If smart card reader/token is plugged, do
> > something (e. g. launch banking application).
> 
> If you're going to launch an application, it should happen on the basis of 
> the presence of a card, not of a reader.  Even then, there is no reason to 
> assume that the presence of a card means that a particular reader should be 
> launched; cards may be useful for ssh, PGP, web certificates, and so on. 
> How would you know which application to launch?  Again, I cannot imagine 
> any vendor actually shipping policy that did this, unless/until there is 
> quite a bit more work done on figuring out how to map particular cards to 
> particular applications, and that's not likely to pan out so well.

As I wrote in other replies, I am not going to launch anything. Only
identify the device as good as possible.

-- 
Best Regards / S pozdravem,

Stanislav Brabec
software developer
---------------------------------------------------------------------
SUSE LINUX, s. r. o.                          e-mail: sbra...@suse.cz
Lihovarská 1060/12           tel: +420 284 028 966, +49 911 740538747
190 00 Praha 9                                  fax: +420 284 028 951
Czech Republic                                    http://www.suse.cz/

_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Reply via email to