Yes, Need only implement a java applet that performs the challenge response protocol based on digital signatures. The only difficulty is interfacing the device with the standard PKCS # 11. Beyond that, many devices do not work on linux / mac.
Cheers, Yuri Feitosa Negócio On Wed, Nov 3, 2010 at 4:56 PM, Shi Yusen <[email protected]> wrote: > Yes, you can use OpenSign (http://www.openoces.org/) to achieve this. It > uses digital signature process to check public key, so a student > certificate should be able to sign data. If your ID card is a standard > keystore can be used by IE, firefox and safari, it will be easy to > achieve your goal. > > Good luck, > > Shi Yusen/Beijing Langhua Ltd. > > > 在 2010-10-25一的 19:52 +0200,Michał Pysz写道: > > Hello > > > > is there a possibility to authenticate by using x509 certificates from > > students ID card but without installing certificate in the user browser? > > > > Installation of certificate in the browser is quite complicated and we > > want to bypass this step. > > > > My dream scenario: > > - user enters CAS login page > > - page detects ID card (or user chooses ID card authentication by > > pressing link/button) > > - page requests PIN from user > > - CAS authenticates user by certificate from ID card and our repository > > (eg LDAP) > > > > > > -- > > Michal Pysz > > Department of Information Systems > > Jagiellonian University > > > > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
