ISO's "new" Smart Card Middleware: 24727

classic Classic list List threaded Threaded
6 messages Options
Reply | Threaded
Open this post in threaded view
|

ISO's "new" Smart Card Middleware: 24727

Anders Rundgren
Reply | Threaded
Open this post in threaded view
|

Re: ISO's "new" Smart Card Middleware: 24727

NdK-3
Il 14/10/2011 08:11, Anders Rundgren ha scritto:
> http://www.ecsec.de/pub/2007_TrustBus.pdf
> http://openidtrustbearer.wordpress.com/2009/12/11/first-impressions-of-isoiec-24727
>
> Is this for real?
Seems so.

Maybe could even help opensc: many card drivers could be grouped as one.
The resulting structure could be quite cleaner and understandable even
for who misses a "global view" (like me...).
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: ISO's "new" Smart Card Middleware: 24727

Tomas Gustavsson-3

There was still mentioning about smart card middleware in the article. I
didn't quite get it, but anything that still requires installation of
different middle-wares for different cards does not bring us much closer
to a "token enabled" world imho.

Cheers,
Tomas

On 10/14/2011 11:33 AM, NdK wrote:

> Il 14/10/2011 08:11, Anders Rundgren ha scritto:
>> http://www.ecsec.de/pub/2007_TrustBus.pdf
>> http://openidtrustbearer.wordpress.com/2009/12/11/first-impressions-of-isoiec-24727
>>
>> Is this for real?
> Seems so.
>
> Maybe could even help opensc: many card drivers could be grouped as one.
> The resulting structure could be quite cleaner and understandable even
> for who misses a "global view" (like me...).
> _______________________________________________
> opensc-devel mailing list
> [hidden email]
> http://www.opensc-project.org/mailman/listinfo/opensc-devel

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: ISO's "new" Smart Card Middleware: 24727

Douglas E. Engert
In reply to this post by Anders Rundgren


On 10/14/2011 1:11 AM, Anders Rundgren wrote:
> http://www.ecsec.de/pub/2007_TrustBus.pdf
> http://openidtrustbearer.wordpress.com/2009/12/11/first-impressions-of-isoiec-24727
>
> Is this for real?

 From 2009:
"The government has recognized that critical and sensitive data must
  be protected using secure methods,"  says TrustBearer Labs founder
  and CEO David Corcoran.

David was also the MUSCLE founder, and has been involved with the NIST and PIV
cards, So I would say its for real.



>
> Anders
> _______________________________________________
> opensc-devel mailing list
> [hidden email]
> http://www.opensc-project.org/mailman/listinfo/opensc-devel
>
>

--

  Douglas E. Engert  <[hidden email]>
  Argonne National Laboratory
  9700 South Cass Avenue
  Argonne, Illinois  60439
  (630) 252-5444
_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: ISO's "new" Smart Card Middleware: 24727

NdK-3
In reply to this post by Tomas Gustavsson-3
On 14/10/2011 12:34, Tomas Gustavsson wrote:

> There was still mentioning about smart card middleware in the article. I
> didn't quite get it, but anything that still requires installation of
> different middle-wares for different cards does not bring us much closer
> to a "token enabled" world imho.
Well, as long as you use 24727-compliant cards you can have only one
middleware installed.

Surely someone will be able to misinterpret specs so that incompatible
cards will appear... but that's another story.

The (not-so-)"bad" thing is that it won't map well on pkcs-11, so many
programs will need a different middleware... I hope that finally Firefox
will work "as expected" :)

BYtE,
  Diego.

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
Reply | Threaded
Open this post in threaded view
|

Re: ISO's "new" Smart Card Middleware: 24727

Anders Rundgren
On 2011-10-14 17:12, NdK wrote:
> On 14/10/2011 12:34, Tomas Gustavsson wrote:
>
>> There was still mentioning about smart card middleware in the article. I
>> didn't quite get it, but anything that still requires installation of
>> different middle-wares for different cards does not bring us much closer
>> to a "token enabled" world imho.

> Well, as long as you use 24727-compliant cards you can have only one
> middleware installed.
>
> Surely someone will be able to misinterpret specs so that incompatible
> cards will appear... but that's another story.

If I understood it right, the idea behind 24727 is to abstract
things to a high-level so you don't have to deal with them.

So far so good.

However, the net effect of this is that the application, driver etc.
must interrogate the framework to see if the underlying hardware
can do this and that.   If you ever have worked with automated
testing using JUnit or similar you would see the problem:
A project that never finishes.  Sounds a bit like OpenSC :-)

BTW, abstracting end-to-end security has proved to be hard if not
downright impossible.

The absolute "antithesis" of 24727:

http://webpki.org/papers/keygen2/sks-keygen2-exec-level-presentation.pdf

Open Security Hardware is the magic ingredient that (at least on paper)
could rock this somewhat stagnant industry segment.

Anders

> The (not-so-)"bad" thing is that it won't map well on pkcs-11, so many
> programs will need a different middleware... I hope that finally Firefox
> will work "as expected" :)
>
> BYtE,
>   Diego.
>
> _______________________________________________
> opensc-devel mailing list
> [hidden email]
> http://www.opensc-project.org/mailman/listinfo/opensc-devel
>

_______________________________________________
opensc-devel mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-devel