>>>>> "David" == David Corcoran <[EMAIL PROTECTED]> writes:
David> Ok, Finally I have gotten out the latest API. This will likely not
David> change much since it follow most of the ISO guidlines. Be sure to read
David> the README for it describes the API. Included is a simple X
David> Application written in C/Tk8.0 which will create files,do
David> authorization,view files on the card,etc. Let me know of any bugs and
David> report them back to this list. The source can be found on:
David> http://www.linuxnet.com/smartcard/code.html
Ok. I've just had a quick look over this. Here's my 0.02 (in your favourite
currency) in no particular order:
+ lynx doesn't show a link to the code (there is a link buried in html
somewhere, but it is not shown). whatever reason for.
+ readerconfig.c: shudder. this is Makefile stuff, if anything. Besides, there
could be ttyS2/ttyS3/etc. with the reader attached...
I think we shouldn't muck around with the serial options, either. stty (or
the like) should be able to set everything up correctly, or at least lets
move this into the resource manager on a device-by-device basis (see below),
not application-by-application basis.
+ After having a look at the PC/SC specs, I suggest we should aim for
that. Specifically, we should have the resource manager sitting somewhere in
the kernel asap with the device drivers somewhere hidden underneath - while a
driver for a particular reader/card is nice, I would like to see a generic API
to build applications on instead of building them on top of the driver. There
are rather a lot of different readers out there with only minor differences
(LEDs to turn on/off etc), so much of the driver code will be shared. With
the PC/SC specs already existing, we would then present a similar API as the
"evil empire", making transition to linux as smooth as possible (think of all
the experimental "wallets" (ultrasecure, but will only run under Win95..).
Using this, we should then integrate the PAM modules with
token/challenge+response authentication. This could be a mayor kick for some
people to buy devices, especially if they get netscape web authentication (or
whatever it is called) "for free" due to the common API.
In short: this should be kernel stuff, with a config file for different
readers hanging around in /etc, another config file for card
abilities/allowed usage (e.g. only allow signatures on readers with a separate
display, token auth. is ok from every device and so on..)
Comments?
Jan
***************************************************************
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***************************************************************
