2009/1/21 Stanislav Brabec <sbra...@suse.cz>: > Alon Bar-Lev wrote: >> I don't understand the motivation. >> Why do you care if readers are accessible by all users? > > 1) There are applications, that need direct access to the reader, not > using pcsc-lite (example: cyberjack utilities). That is why it should > allow to access not only to pcsc daemon, but also to users.
The Reiner-SCT cyberJack pinpad(a) is already supported by my CCID driver. Maybe the cyberjack utilities could be modified to use PC/SC instead of a direct device access. Note: I could not find a "cyberjack utilities" software. Do you have an URL? > PolicyKit can ensure, that only users physically sitting at the desk can > use the card. Is that really needed? I remember proposing such a change on the Muscle list a while ago. One solution is to play with the permissions of the /var/run/pcscd/* files and then restrict access to PC/SC only to the user physically sitting at the desk. > 2) Up to now, HAL has no keyword for these devices and cannot report its > presence. > > HAL can easily recognize this device type (at least for USB). It allows > to write simple applications: If smart card reader/token is plugged, do > something (e. g. launch banking application). PC/SC provides a method to detect reader insertion/removal. HAL is not needed here. And as Jeffrey already wrote, inserting a reader does not infer insertion of a card in the reader. Why launch a banking application and not a SIM application? How to you plan to recognise a bank card from a phone card, from a health card, from a corporate access card, from a fidelity card, etc? It looks like you are trying to do something like what Apple is doing with the smart card infrastructure: - if a CCID reader is inserted then pcscd is started - when a card is inserted each tokend is started and return with a integer value (indicating support of the card). The tokend with the highest value is used. This only works if only tokend are used by all the application. This is the case for Apple applications but not for Firefox (Firefox uses PKCS#11 and not CDSA). -- Dr. Ludovic Rousseau _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
