Alon Bar-Lev wrote:
> On 1/21/09, Stanislav Brabec <sbra...@suse.cz> wrote:
> > 1) There are applications, that need direct access to the reader, not
> > using pcsc-lite (example: cyberjack utilities). That is why it should
> > allow to access not only to pcsc daemon, but also to users.
>
> This is why you have udev, right?
> I never understood this hal thing...
> Why do you need special keywords, while the devices are standard USB
> or PCMCIA devices...
Yes, udev supports it as well. But most vendors prefer HAL for this
purpose nowadays.
Using of HAL could bring several benefits:
- splitting of "information" (e. g.: this USB device is a known Smart
Card Reader, this /dev/ttyS0 is not a modem, but a Smart Card reader)
and "policy" (is it a smart card reader => call pcscd --hotplug).
- HAL can support non-trivial probers, that can identify devices more
exactly than udev can do (e. g. which device hangs on serial port,
scan for partitions)
- GUI device viewers can correctly identify device type
- Applications can easily implement device list change event listening,
even without root access.
There are also cons:
- HAL is not so straight forward as udev.
- In future it will be probably replaced by DeviceKit.
My current intention was:
- Define HAL standard keywords for smart card readers (and maybe for
their features).
- Identify all Smart Cards by HAL.
- Define access policy
- And finally move pcscd hotplug from udev to hal. With a bit of
configuration, it may support serial port readers.
> > PolicyKit can ensure, that only users physically sitting at the desk can
> > use the card.
>
> As long as you don't use daemon to access these.
>
> > 2) Up to now, HAL has no keyword for these devices and cannot report its
> > presence.
> >
> > HAL can easily recognize this device type (at least for USB). It allows
> > to write simple applications: If smart card reader/token is plugged, do
> > something (e. g. launch banking application).
>
> For which user? And what happens if you have several applications? How
> do you control which do what?
HAL provides only an infrastructure to any (e. g. desktop) application.
Any HAL listener then knows, that smart card reader was attached.
One of example features, that can be easily implemented in Display
Manager with HAL:
Smart card token is just plugged => read it, auto-login user
Smart card token is just unplugged => save and kill the session, logout
You can argue, that it is possible just now directly with pcscd. Yes, it
is true. But HAL level implementation is more flexible: With a few
changes of code, you may reprogram it to use USB memory flash stick
serial# instead of Smart Card.
And it is scalable: With a bit of coding (not in my plan), HAL may make
possible to poll for card insertion/removal (exactly as it does polling
of CD/DVD insertion/removal).
Example in Shell:
Nowadays:
dbus-monitor --system
signal sender=:1.538 -> dest=(null destination)
path=/org/freedesktop/Hal/Manager; interface=org.freedesktop.Hal.Manager;
member=DeviceAdded
string "/org/freedesktop/Hal/devices/usb_device_76b_3821_noserial"
signal sender=:1.538 -> dest=(null destination)
path=/org/freedesktop/Hal/Manager; interface=org.freedesktop.Hal.Manager;
member=DeviceAdded
string "/org/freedesktop/Hal/devices/usb_device_76b_3821_noserial_if0"
lshal | sed -n
'\:/org/freedesktop/Hal/devices/usb_device_76b_3821_noserial_if0:,/^$/p' | grep
'info.\(category\|capabilities\)'
(no output, no information)
With simple HAL Smart Card support:
lshal | sed -n
'\:/org/freedesktop/Hal/devices/usb_device_76b_3821_noserial_if0:,/^$/p' | grep
'info.\(category\|capabilities\)'
info.category = smart_card_reader
info.capabilities = { 'smart_card_reader' }
With advanced HAL Smart Card support (just an example and subject of
discussion):
lshal | sed -n
'\:/org/freedesktop/Hal/devices/usb_device_76b_3821_noserial_if0:,/^$/p' | grep
'info.\(category\|capabilities\)'
info.category = smart_card_reader
info.capabilities = { 'smart_card.reader.class3',
'smart_card.reader.card.iso', 'usb_ccid' }
For other devices it may be for example smart_card.reader.card.iso
smart_card.reader.card.sim
smart_card.reader.token etc.
--
Best Regards / S pozdravem,
Stanislav Brabec
software developer
---------------------------------------------------------------------
SUSE LINUX, s. r. o. e-mail: sbra...@suse.cz
Lihovarská 1060/12 tel: +420 284 028 966, +49 911 740538747
190 00 Praha 9 fax: +420 284 028 951
Czech Republic http://www.suse.cz/
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel
