Just to keep you informed. I'm working on interfacing RPC into the resource
manager. This is a socket based approach to allowing applications to talk to
the resource manager. I will basically have two listeners. The first which
will be implemented first is a Unix Domain Socket - it can't be accessed
outside of the machine. The second is an external TCP socket so resource
managers can communicate between each other. Better yet, RPC has secure RPC
which allows you to create a session between communications which is encrypted.
You can also authenticate rpc clients/servers using a DES authentication
protocol which is built into secure RPC. This will allow any Unix like machine
functionality with the resource manager. There is also a windows
implementation of RPC so it is feasable to even make a PC/SC middleware which
runs on Windows that we could use to remote authenticate and communicate with a
Unix resource manager. This will also solve the problem with PAM and remote
authentication using security devices. The TCP socket using secure RPC on the
resource manager will have a limited functionality to the resource manager.
This way when you connect to a machine that has a smartcard PAM module on it -
it will grab the connecting IP address and communicate through a secure channel
back to the users machine and grab the credentials it needs on the smartcard to
perform the authentication. For more information on RPC please visit
http://pandonia.canberra.edu.au/ClientServer/week11/rpc.html
for some class notes. This will take a bit longer to implement probably 2-3
weeks for just the Unix Domain stuff.
By the way if anyone is interested I think it would be useful to make a ctapi
testing utility to test ctapi libraries and their CT-BCS. It would also be
nice to have timing mechanisms so we could clock different smartcard
transactions and benchmark card/readers.
Let me know what you think.
Thanks
Dave
--
******************************************************************
David Corcoran Internet Security/Smartcards
Work: School:
205 Industrial Blvd 2252 US Highway 52 West Apt C4
Sugar Land, TX 77478 West Lafayette, IN 47906
Suggestion: Use Linux, it is for IQ's higher than 95.
Quote:
If you can't make it work, at least make it look good.
~ Bill Gates
******************************************************************
***************************************************************
Linux Smart Card Developers - M.U.S.C.L.E.
(Movement for the Use of Smart Cards in a Linux Environment)
http://www.linuxnet.com/smartcard/index.html
***************************************************************
