[prev in list] [next in list] [prev in thread] [next in thread] 

List:       kde-bugs-dist
Subject:    [Bug 116201] Add support of PKCS#11 (Smartcards) into KDE
From:       Alon Bar-Lev <alon.barlev () gmail ! com>
Date:       2008-03-08 7:48:40
Message-ID: 20080308074840.3970.qmail () ktown ! kde ! org
[Download RAW message or body]

------- You are receiving this mail because: -------
You are on the CC list for the bug, or are watching someone who is.
         
http://bugs.kde.org/show_bug.cgi?id=116201         




------- Additional Comments From alon.barlev gmail com  2008-03-08 08:48 -------
> Alon: If you want to do something you should start ASAP so KTcpSocket
> can be made public soon, with Smartcard support. We'd need to figure
> out how to handle UI interaction and while doing that some
> related backend<->UI problems could be solved in one go. 

Hi!

This is the work already done in QCA, so supporting its interface will enable you to \
know that all OK.

Highlights:

1. Application should not make any assumption regarding the number of certificates \
available for user. The certificates should be gotten from a "store".

2. Access to certificate store may be with or without authentication, even to the \
public part of the store. There are some tokens which requires authentication to \
public objects.

3. Access to the private key may be with or without authentication.

4. Authentication may be triggered several times during session, as there is session \
expiration feature for some tokens.

5. If user removes a token, then a a private operation is required, the user should \
be prompted to insert his token. For example: A user uses his token within a browser, \
then remove it, after several minutes during renegotiation the key is not there, \
failing the session will sometime fail an application, so the most friendly approach \
would be to ask the user to insert his token.

6. There should be an option to match between a specific operation and a specific \
key, so user will not be forced to select the correct certificate over and over, \
example: mail signing certificate or a certificate for a specific site. This can be \
achieved by allowing certificate/key serialization.

7. Public objects should be cached as it takes a long time to reload them each time \
from hardware.

8. As there are a lot of vendors and behaviors, configuration should be separate from \
applications, and allow specifying custom settings to allow backends behave \
correctly.

The singer example at QCA demonstrate most of the above. I truly beleive that users \
will benefit greatly if QCA is used, as most of the work already done. I am sure QCA \
development team will do whatever needed to support such activity.

Thanks!


[prev in list] [next in list] [prev in thread] [next in thread]