--On Thursday, January 22, 2009 01:18:44 PM +0100 Stanislav Brabec <sbra...@suse.cz> wrote:
>> I cannot >> imagine any vendor shipping policy that would allow ordinary users >> direct access to smartcard devices. > > openSUSE has to do it, at least for selected readers, otherwise users of > these applications complain. Adding a PolicyKit restriction would be a > step forward, not back. > >> > PolicyKit can ensure, that only users physically sitting at the desk >> > can use the card. >> >> Unless, as Alon points out, the user is using pcsc-lite or openct, in >> which case the daemon accesses the device, rather than the user doing >> so directly. > > PolicyKit may be useful for pcsc-lite/openct as well, to block remote > users access to daemon. I'm not sure how you intend to do that, or even that it's a good idea. In fact, I'm pretty sure it's not a good idea to assume that all cards belong to a user physically sitting at some terminal; I expect to see a usage model in my organization that involves forwarding of reader access over an ssh connection, in a manner analogous to how the ssh agent works. >> HAL _can_ report these devices, and does, to pcscd. > > Yes, it reports them, but as unknown USB devices. Which is OK, because all smartcard reader devices are _not_ alike, and pcscd needs to identify the device specifically in order to determine which driver to use. > As I wrote in other replies, I am not going to launch anything. No, but you're arguing that a use case for your proposal is to enable launching an application when a reader appears, and that's not the right time to do so. -- Jeff _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
