Jeffrey Hutzelman wrote: > > 1) There are applications, that need direct access to the reader, not > > using pcsc-lite (example: cyberjack utilities). > > And how do these devices know how to talk to readers? Do they have their > own reader drivers, separate from those included with pcsc-lite or openct?
Yes, they do. Even worse, many of these solutions create a complete vendor lock. Only the underlaying OS is open sourced. > The purpose of pcscd or openct's equivalent, among other things, is to > multiplex access to smartcard devices I understand this. But it does not change the fact, that several vendors don't do it. > I cannot > imagine any vendor shipping policy that would allow ordinary users direct > access to smartcard devices. openSUSE has to do it, at least for selected readers, otherwise users of these applications complain. Adding a PolicyKit restriction would be a step forward, not back. > > PolicyKit can ensure, that only users physically sitting at the desk can > > use the card. > > Unless, as Alon points out, the user is using pcsc-lite or openct, in which > case the daemon accesses the device, rather than the user doing so directly. PolicyKit may be useful for pcsc-lite/openct as well, to block remote users access to daemon. > > 2) Up to now, HAL has no keyword for these devices and cannot report its > > presence. > > HAL _can_ report these devices, and does, to pcscd. Yes, it reports them, but as unknown USB devices. > > HAL can easily recognize this device type (at least for USB). It allows > > to write simple applications: If smart card reader/token is plugged, do > > something (e. g. launch banking application). > > If you're going to launch an application, it should happen on the basis of > the presence of a card, not of a reader. Even then, there is no reason to > assume that the presence of a card means that a particular reader should be > launched; cards may be useful for ssh, PGP, web certificates, and so on. > How would you know which application to launch? Again, I cannot imagine > any vendor actually shipping policy that did this, unless/until there is > quite a bit more work done on figuring out how to map particular cards to > particular applications, and that's not likely to pan out so well. As I wrote in other replies, I am not going to launch anything. Only identify the device as good as possible. -- Best Regards / S pozdravem, Stanislav Brabec software developer --------------------------------------------------------------------- SUSE LINUX, s. r. o. e-mail: sbra...@suse.cz Lihovarská 1060/12 tel: +420 284 028 966, +49 911 740538747 190 00 Praha 9 fax: +420 284 028 951 Czech Republic http://www.suse.cz/ _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel