2007/9/22, Michael Bender/MBP <[EMAIL PROTECTED]>: > I still wonder if it's ever really necessary to have APDU level > access to a card that is on a remote system. How useful is it to > be able to send raw SCSI commands to a disk drive on another box > for example? Disks are abstracted via filesystems and above that > via network file access protocols that can have appropriate > access controls layered on top of them, yet the issue of being > able to send an APDU from an application on one machine to a card > in a reader on another machine still comes up from time to time. > Is it really necessary to do that? It seems to me that the better > approach would be to abstract the card functionality over the > network (i.e. "sign this", "verify that").
I don't think that SCSI is a good example since iSCSI (SCSI over TCP/IP) [1] already exists. SUN has products [2] for that. Maybe the need is to have a storage that does not need to understand the file system used by the client. As I said in my previous mail, the choice of where to put the remote support is not easy to do. With a multi-layer system you can select any layer and split it to have the two parts of the layer on two different machines. - application - PKCS#11 - PC/SC - ifdhandler - USB After doing some research I found some products to do USB over IP. So you do not even have to change any existing software layer. Just add a new layer. Bye [1] http://en.wikipedia.org/wiki/ISCSI [2] http://www.sun.com/storagetek/nas/5220/ -- Dr. Ludovic Rousseau _______________________________________________ Muscle mailing list Muscle@lists.musclecard.com http://lists.drizzle.com/mailman/listinfo/muscle