Re: [opensc-devel] Docs/Specs on ACLs / security attributes?

Mon, 28 May 2012 07:30:02 -0700 

Hi,

On Monday, 28. May 2012, Martin Paljak wrote:
> I don't really understand how you would use ACL-s with the "gender"
> field, for example.

Let me try to explain what I want to achieve.

card-openpgp.c emulates a filesystem for the DOs on the card.

Now, some of the DOs are
* readable after VERIFY PIN2
some are 
* writeable a VERIFY PIN2
some are
* writeable after VERIFY PIN3
...
(and the sets may overlap)

All this information is written in the spec only, and thus is implicit.
(i.e. the DO do not tell about their permissions)

This "implicit only" behaviour does not necessarily extend to the
emulated file system.
(i.e. the emulated files can have emulated ACLs, ... that can be
evaluated by tools)

My goal is to extend openpgp-tool in a way that it does not need
implicit information on the readability/writeablity of the DOs, but
can use standard-compliant data to get the information.
This way the mapping only needs to be done in card-openpgp.c only
instead of distributed over many places.

Let me try to show it graphically

        On the Card                     
                DO 0101
                        permissions (implicit from the spec)
                                read: always
                                write: VERIFY PIN2
                |
                |       (this happens in card-openpgp.c)
                |
                v
        Emulated File System
                EF 0101
                        ACL: READ=always, WRITE=VERIFY CHV2

Currently the ACLs are not emulated yet.
But If they are, then standard-compliant applications can determine
what needs to be done in order to be able to e.g. write to an emulated EF.

So, the ACLs shall not in any way try to influnce what happens on the card (I 
am very crealy aware that they can't), but tell to the outside world how the 
permissions are laid out on an OpenPGP card.
This way not every application needs to know the specs of an OpenPGP
card, but can use the information provided by the emulation.

I hope that makes my goals clearer.

If this is not doable with either security attributes or/and ACLs, because 
their intention and potential use cases conflict with that goal, please tell.

Best regards
Peter

-- 
Peter Marschall
pe...@adpm.de
_______________________________________________
opensc-devel mailing list
opensc-devel@lists.opensc-project.org
http://www.opensc-project.org/mailman/listinfo/opensc-devel

Reply via email to