[prev in list] [next in list] [prev in thread] [next in thread]
List: kde-bugs-dist
Subject: [Bug 116201] Add support of PKCS#11 (Smartcards) into KDE
From: Alon Bar-Lev <alon.barlev () gmail ! com>
Date: 2008-03-08 7:48:40
Message-ID: 20080308074840.3970.qmail () ktown ! kde ! org
[Download RAW message or body]
------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
http://bugs.kde.org/show_bug.cgi?id=116201
------- Additional Comments From alon.barlev gmail com 2008-03-08 08:48 -------
> Alon: If you want to do something you should start ASAP so KTcpSocket
> can be made public soon, with Smartcard support. We'd need to figure
> out how to handle UI interaction and while doing that some
> related backend<->UI problems could be solved in one go.
Hi!
This is the work already done in QCA, so supporting its interface will enable you to \
know that all OK.
Highlights:
1. Application should not make any assumption regarding the number of certificates \
available for user. The certificates should be gotten from a "store".
2. Access to certificate store may be with or without authentication, even to the \
public part of the store. There are some tokens which requires authentication to \
public objects.
3. Access to the private key may be with or without authentication.
4. Authentication may be triggered several times during session, as there is session \
expiration feature for some tokens.
5. If user removes a token, then a a private operation is required, the user should \
be prompted to insert his token. For example: A user uses his token within a browser, \
then remove it, after several minutes during renegotiation the key is not there, \
failing the session will sometime fail an application, so the most friendly approach \
would be to ask the user to insert his token.
6. There should be an option to match between a specific operation and a specific \
key, so user will not be forced to select the correct certificate over and over, \
example: mail signing certificate or a certificate for a specific site. This can be \
achieved by allowing certificate/key serialization.
7. Public objects should be cached as it takes a long time to reload them each time \
from hardware.
8. As there are a lot of vendors and behaviors, configuration should be separate from \
applications, and allow specifying custom settings to allow backends behave \
correctly.
The singer example at QCA demonstrate most of the above. I truly beleive that users \
will benefit greatly if QCA is used, as most of the work already done. I am sure QCA \
development team will do whatever needed to support such activity.
Thanks!
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic