Viktor TARASOV wrote: > when creating new object with protected usage (using > 'pkcs15-init'), the 'auth-id' argument is mandatory. > 'Auth-id' argument can have only one possible value
This I think is the crux, and it always seemed stupid to me that I need to provide an argument which can only ever have one correct value. > Brief, 'auth-id' has to correspond to the ACLs settings from the > card profile. More specifically the card profile used to create the parent. > - this situation is considered as: 'not friendly'(VT), > 'dangerous and error-prone' (NdK), 'possibly out-of sync' (NdK); Plain dumb. > - 'auth-id' argument should have a possibility to overwrite, in > somewhat manner, the profile settings for a new object's ACLs. Why does it need to be overridden when only one value can be correct? > - there are the volunteers to propose an appropriate solution. It seems to me that there is an obvious solution: Always autodetect the correct auth-id value and remove the option. The implementation is another issue however! Especially for cards which do not inform the ACL in effect. As Diego points out the only real solution for them is to describe the "equivalent ACL" in the OpenSC card driver (as in, not where anyone can change it easily) and to never change it. //Peter _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
