Hi all,
Mark has said,
>On the system diagram in the specs, it shows that applications can access the
>resource manager directly. So in a network environment a resource manager
with
>only local connections does not match the spec. However, they do reserve the
>use of App/Resource Manager communication to "very specific uses of IFDs
or ICCs,
>such as personalization systems", which is vague at best.
Why the specification allows application access Resource Manager directly?I
think I have to expain my understanding.Notice that the Service Provider is
specific to a kind of cards,typically, a set of cards of one specific
application.And the Resource Manager is one module which can talk to any
card from any IFDs linked to it.For instance,we choose a kind of JavaCard
to make a application for us to access this mailing list.The products of
JavaCard we choose is called Cyberflex,and the specific cards for this
specific application will be called MUSCLE.Here,these cards are different
from the normal ones.Because we will put our own information or program
inside.So it means that we have to personalize some of Cyberflex into
special MUSCLE cards.Afer personalization,the application can recognize and
use them by MUSCLE Service Provider,which Service Provider should be
provided by us.Because we make a special card,maybe we have change the
interface of the card.These changes should be told to the application by
our Service Provider.If we didn't touch the interface,we can just use the
JavaCard Service Provider or even Resource Manager.
So,it will be possible for us to access Resource Manager directly.When we
do the personalization.Normally we will access Resource Manager
directly.Why?Actually,some cards have their own personalization
command,which the vendor doesn't want to expose it to the applicaiton.The
other case is that sometime,the card is too simple to be provide a Service
Provider.Apllication prefer access it by Resource Manager.Or,in some very
special situation,the application developer have to access Resource Manger
due to limitation of Service Provider.Anyway,the spec keep this interface
for the flexibility.
As to whether we shall put Resource Manager into kernel or
not,personnally,I think it depends on which level of security we shall
provide to the application.It is not defined inside the standard.I think we
shall implement different levels of security for ICC on Linux.Let's hava a
look on some very simple security solutions of system.
1) One card utilize RSA128 to encrypt all the sensitive data.The card
itself is quite secure,all the data transimited outside the card is
encrypted.It means,there is no need to do too much on security issure
here,right?For example,we don't need to encrypt the encrypted data again on
opening network channels.
2) The other application is much simpler and less secure.It just put the
password in one Smart card file in plain text.Everytime,system get the
password and do the authentification,that is it.Ok,for these kinds of
applications,what can we do? One solution is that we make every interface
between all the modules very secure,and meanwhile we put as much as
possible into kernel.Is it worth?I don't know.Maybe for some cases,it
is.The other solution is that we still do little with security
considerations.Application developer does so maybe because he doesn't care.
I am still thinking about which level of security we can provide to
applicaiton by what kinds of design.Maybe this should be done in the
Security Manager.Actually I don't understand what the Security Manager is.
But I think we could support network-aware IFD Handlers.Besides security
issue of system,this kind of IFD Handlers are very useful.Some client
machine doesn't need to comprise Resource Manager,acccording to Mark's
letter.It means two solutions for a system.
1)
(Server-side) (client-side)
comunication
Application <-----------------------------------> Application
^ ^
| |
| |
Service Provider & Resource Manager Service Provider &
Resource Manager
^ ^
| |
| |
IFD Handlers IFD Handlers
2) (server-side) (client-side)
Application
^
|
|
Service Provider & Resource Manager
^ ^
| |____________________________comunication_______________
| |
IFD Handlers IFD Handlers
I think the second one seems to be better if we can make the comunication
channel secure.
Regards,
***************************************************************
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***************************************************************
