New project coordinator: Martin Paljak

classic Classic list List threaded Threaded
9 messages Options
Reply | Threaded
Open this post in threaded view
|

New project coordinator: Martin Paljak

Andreas Jellinghaus-2
Dear all,

for several years I have coordinated the OpenSC, OpenCT, Libp11,
Pam_p11 and Engine_PKCS11 projects: Created new releases, fixed
some bugs, helped many users with questions, applied patches
from developers all around the world, written some documentation,
tested our software and the packaging by distributions, kept our
server alive and up-to-date and done whatever else was necessary
to keep the projects going. Still most work was done by everyone
else, I only had to fill some gaps and start some processes to
keep the projects going.
Recently however I started a new job and at least right now I
have little time available for these open source projects.

Thus I'm very happy to announce Martin Paljak has agreed to
take over as project coordinator for these projects. Martin is
a long time contributer and very active developer to OpenSC.
He has already taken care of several parts of OpenSC in the past
and improved and maintained them, such as the PC/SC reader driver
with a focus on the PIN-pad input system, or driver for estonian
national ID cards. Also he has been co-administrator of our server
for several years and very active on the mailing list, helping
users and developers, and recently started to reorganize and greatly
improve our wiki pages.

I'd like to thank everyone for the support and encouragement I got
as project coordinator and would like you to give the same to
Martin Paljak as new project coordinator too. Of course I will
continue to work on OpenSC and related projects to improve them
and help users and all that, but I'm happy to pass the role of
project coordinator to Martin, so the projects won't be held back
by my recent time constrains.

With kind regards

Andreas Jellinghaus
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: New project coordinator: Martin Paljak

Jean-Michel Pouré - GOOZE
On Sun, 2010-04-11 at 08:48 +0200, Andreas Jellinghaus wrote:
> I'd like to thank everyone for the support and encouragement I got
> as project coordinator and would like you to give the same to
> Martin Paljak as new project coordinator too. Of course I will
> continue to work on OpenSC and related projects to improve them
> and help users and all that, but I'm happy to pass the role of
> project coordinator to Martin, so the projects won't be held back
> by my recent time constrains.

Dear Andreas,

Thank you for your past work and involvement. Nice to see OpenSC
continuing on the same base with Martin.

Kind regards,
--
                  Jean-Michel Pouré - [hidden email]

_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: [opensc-devel] New project coordinator: Martin Paljak

Alon Bar-Lev
In reply to this post by Andreas Jellinghaus-2
Thank you for your efforts in the past years!
Good luck Martin!

On Sun, Apr 11, 2010 at 9:48 AM, Andreas Jellinghaus <[hidden email]> wrote:

> Dear all,
>
> for several years I have coordinated the OpenSC, OpenCT, Libp11,
> Pam_p11 and Engine_PKCS11 projects: Created new releases, fixed
> some bugs, helped many users with questions, applied patches
> from developers all around the world, written some documentation,
> tested our software and the packaging by distributions, kept our
> server alive and up-to-date and done whatever else was necessary
> to keep the projects going. Still most work was done by everyone
> else, I only had to fill some gaps and start some processes to
> keep the projects going.
> Recently however I started a new job and at least right now I
> have little time available for these open source projects.
>
> Thus I'm very happy to announce Martin Paljak has agreed to
> take over as project coordinator for these projects. Martin is
> a long time contributer and very active developer to OpenSC.
> He has already taken care of several parts of OpenSC in the past
> and improved and maintained them, such as the PC/SC reader driver
> with a focus on the PIN-pad input system, or driver for estonian
> national ID cards. Also he has been co-administrator of our server
> for several years and very active on the mailing list, helping
> users and developers, and recently started to reorganize and greatly
> improve our wiki pages.
>
> I'd like to thank everyone for the support and encouragement I got
> as project coordinator and would like you to give the same to
> Martin Paljak as new project coordinator too. Of course I will
> continue to work on OpenSC and related projects to improve them
> and help users and all that, but I'm happy to pass the role of
> project coordinator to Martin, so the projects won't be held back
> by my recent time constrains.
>
> With kind regards
>
> Andreas Jellinghaus
> _______________________________________________
> opensc-devel mailing list
> [hidden email]
> http://www.opensc-project.org/mailman/listinfo/opensc-devel
>
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: New project coordinator: Martin Paljak

Martin Paljak-2
In reply to this post by Andreas Jellinghaus-2
Hello as well,

On Apr 11, 2010, at 09:48 , Andreas Jellinghaus wrote:
> for several years I have coordinated the OpenSC, OpenCT, Libp11,
> Pam_p11 and Engine_PKCS11 projects: Created new releases, fixed
> some bugs, helped many users with questions, applied patches
> from developers all around the world, written some documentation,
> tested our software and the packaging by distributions, kept our
> server alive and up-to-date and done whatever else was necessary
> to keep the projects going. Still most work was done by everyone
> else, I only had to fill some gaps and start some processes to
> keep the projects going.
I'd like to thank Andreas for the great work during the past few years and for keeping the projects alive and moving forward!
I heard about the intentions of some people to go to LinuxTag in Berlin for a get-together, if that will take place then Andreas receives a few beers/pizzas/whatever on me :)


> Recently however I started a new job and at least right now I
> have little time available for these open source projects.
>
> Thus I'm very happy to announce Martin Paljak has agreed to
> take over as project coordinator for these projects. Martin is
> a long time contributer and very active developer to OpenSC.
> He has already taken care of several parts of OpenSC in the past
> and improved and maintained them, such as the PC/SC reader driver
> with a focus on the PIN-pad input system, or driver for estonian
> national ID cards. Also he has been co-administrator of our server
> for several years and very active on the mailing list, helping
> users and developers, and recently started to reorganize and greatly
> improve our wiki pages.

Looking back in time, I've been involved (at least using ;)) with the open source smart card related software since 2004 or so, with ups and downs in activity, as life usually goes.

I can be accused in making it possible to use the Estonian eID card on "alternative" platforms, first Linux, then Mac, and it has all been possible because of the great work done by everybody who has contributed to OpenSC and friends! This has led to Estonia using OpenSC in the "official" eID software, which, I believe, led to the decision to create all of the software under LGPL or comparable (check https://id.eesti.ee/trac for the rest of it) I believe that working whit this has given me a "holistic" view of the smart card world that spans most common platforms (Windows, Linux, Mac OSX) and crosses the border between open source and proprietary solutions.

As it is known, OpenSC has been used by others as well in their products or eID rollouts, either with source or without it. Which is IMHO a great sign of good work.

My main goals and improvement areas in OpenSC are:

 - Raise the visibility of the "OpenSC brand" (and its sub-projects  like all the PKCS#11 tools) among dumb end-users (who don't know that they have received OpenSC software in a software bundle), knowing end-users (who knowingly look for OpenSC and want to personalize their tokens) and among developers and integrators. To make this happen, some re-organization in the website and project(s) structure are needed.
 - Provide a competitive "true open source" solution for end-users, comparable to what is available from either card vendors or eID rollouts. This includes having smooth installers for non-Linux platforms and a "user-friendly" approach.
 - Try to keep the project(s) active and attractive to new contributors and users, no matter what their background or interest. The size and vitality of the community decides the success of an open source project, IMO.
 - Keep the projects up to date with current standards, trends, platform developments etc. One of these targets is to have great documentation on how to use modern JavaCards with OpenSC (or more broadly, with open source software)

I also disclose that my daily work has been related to open source consulting for quite some time, which also covers OpenSC (and proprietary additions to it) but I have no relationships with any vendor (either software or hardware).

If you have any comments or suggestions, please let me know. If you think that my focus on end-user and eID can lead somewhere we should not go or I'm somehow otherwise biased, please voice your opinions as well.

Thanks,
--
Martin Paljak
http://martin.paljak.pri.ee
+3725156495

_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: New project coordinator: Martin Paljak

Andreas Jellinghaus-2
Am Montag 12 April 2010 12:59:08 schrieb Martin Paljak:
> I'd like to thank Andreas for the great work during the past few years and
>  for keeping the projects alive and moving forward! I heard about the
>  intentions of some people to go to LinuxTag in Berlin for a get-together,
>  if that will take place then Andreas receives a few beers/pizzas/whatever
>  on me :)

thanks for the offer, but I guess I can't make it to linuxtag in berlin
this years, as I already have other plans for that weekend.

but I'd be very interested in meeting up with people, and it would be
best if it could be planed quite early, so we can even submit some
talks, man a booth, prepare some demonstrations or organize a
meeting with other projects to discuss smart card <-> application
integration.

my suggestion would be fosdem. I haven't been there so far,
but from the news I read it seems to be the most active meeting
for developers of all kinds of projects. it is away far enough
so we have enough time for planing and preperations. the only
downside is: it is quite far away: february next year.

> If you have any comments or suggestions, please let me know. If you think
>  that my focus on end-user and eID can lead somewhere we should not go or
>  I'm somehow otherwise biased, please voice your opinions as well.

I still hope to find sime time for opensc too, some of the things I would
like to work one (if I find time) are:
* documentation. something small to ship with tar.gz files and install
  with distributions deb/rpm files. maybe in docbook/html/pdf/man whatever?
* working example code: people often ask for examples of ssl sessions with
  smart card authentication. so we should provide that is possible, maybe
  for all major ssl kits (openssl, gnutls, nss).
* developer documentation. I'm thinking about gathering commands to reflect
  the common operations, create log files with APDUs, decode them and thus
  build some document that shows what opensc does in detail, and what code
  needs to be written for new drivers to reproduce that.
* maybe also write / help with acos5 driver.

but I have quite little time right now, so no idea when I get to those.

Also of course I will try to help as good as I can with administrative
tasks and whatever else is necessary, if you need any help.

Regards, Andreas
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: New project coordinator: Martin Paljak

Martin Paljak-2
Hi.

On Apr 12, 2010, at 20:41 , Andreas Jellinghaus wrote:
> thanks for the offer, but I guess I can't make it to linuxtag in berlin
> this years, as I already have other plans for that weekend.

OK, some other time and place then.

> my suggestion would be fosdem. I haven't been there so far,
> but from the news I read it seems to be the most active meeting
> for developers of all kinds of projects. it is away far enough
> so we have enough time for planing and preperations. the only
> downside is: it is quite far away: february next year.

Fosdem would be nice indeed. For one thing, I don't think that OpenSC belongs strictly to the Linux theme, more like "generic open source" or security. But Linux events usually have the best overall spirit. Another option might be some reasonable barcamp style event, if it has a good theme and a good location. Location is important, as for people in EU it should be somewhere "central" or well connected with easy/cheap connections flights/trains. As much as I like Athens for example, it is somewhat far.

>> If you have any comments or suggestions, please let me know. If you think
>> that my focus on end-user and eID can lead somewhere we should not go or
>> I'm somehow otherwise biased, please voice your opinions as well.
>
> I still hope to find sime time for opensc too, some of the things I would
> like to work one (if I find time) are:
> * documentation. something small to ship with tar.gz files and install
>  with distributions deb/rpm files. maybe in docbook/html/pdf/man whatever?
For Linux/Unix, man pages would be the best, in addition to README/INSTALL/COPYING style standard files.

> * working example code: people often ask for examples of ssl sessions with
>  smart card authentication. so we should provide that is possible, maybe
>  for all major ssl kits (openssl, gnutls, nss).
As it seems, GnuTLS has experimental support for PKCS#11, which only exists in an old release. I did not find any references to PKCS#11 in the latest (2.8.6) release.

NSS has deep connections with PKCS#11 and it should be straightforward for anyone who works with NSS and/or belongs to NSS docs. With OpenSSL it is trickier, especially if the engine interface is used (which, again, belongs to OpenSC lists and wikis).

But of course, nice code examples on how to use OpenSC PKCS#11 (and thus all generic PKCS#11 code examples) would be nice to have.


> * developer documentation. I'm thinking about gathering commands to reflect
>  the common operations, create log files with APDUs, decode them and thus
>  build some document that shows what opensc does in detail, and what code
>  needs to be written for new drivers to reproduce that.
Developer documentation as OpenSC developer documentation or something else? Something that would help analyze Windows drivers or proprietary drivers?

> * maybe also write / help with acos5 driver.
Somebody said he is working on an ACOS5 driver. Have not heard anything since then. But I'd gladly like to help as much as possible anyone who steps up with the intention of writing a driver as well.

I'm personally more interested in proper JavaCard support (has various vendors) than for a single card.

--
Martin Paljak
http://martin.paljak.pri.ee
+3725156495

_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: [opensc-devel] New project coordinator: Martin Paljak

Alon Bar-Lev
In reply to this post by Martin Paljak-2
On Mon, Apr 12, 2010 at 1:59 PM, Martin Paljak <[hidden email]> wrote:
> My main goals and improvement areas in OpenSC are:

<snip>

1. Make OpenSC secured?

The fact that OpenSC locks the reader for its own use for the duration
of the session is the most critical issue OpenSC has.
As a result two applications that uses PKCS#11 at the same time either
cannot work at the same time, or can access the card without
authentication.

A stateless mode should be implemented... [1], it has nothing to do
with the card features, but credential caching.

As for PINPAD readers, there are some cards that has a feature of
authentication cookie that is given after initial authentication, this
cookie is valid as long as there is power to the card. So the
algorithm is as follows: Lock reader, authenticate using PINPAD,
acquire cookie, unlock reader. After that a normal sequence of
stateless operation can be executed while the cookie is the
authentication credential.

Because of the lack of this feature I could not offer OpenSC to any enterprise.

2. Support biometrics match-on-card? This feature is missing from open
source and Linux drivers. If you go toward java cards, an applet can
be implemented in order to do so, maybe using libfprint [2].

Alon.

[1] http://www.opensc-project.org/opensc/ticket/186
[2] http://reactivated.net/fprint/wiki/Libfprint
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: [opensc-devel] New project coordinator: Martin Paljak

Hans Witvliet
On Tue, 2010-04-13 at 15:02 +0300, Alon Bar-Lev wrote:

>
> As for PINPAD readers, there are some cards that has a feature of
> authentication cookie that is given after initial authentication, this
> cookie is valid as long as there is power to the card. So the
> algorithm is as follows: Lock reader, authenticate using PINPAD,
> acquire cookie, unlock reader. After that a normal sequence of
> stateless operation can be executed while the cookie is the
> authentication credential.
>
> Because of the lack of this feature I could not offer OpenSC to any enterprise.
>
> 2. Support biometrics match-on-card? This feature is missing from open
> source and Linux drivers. If you go toward java cards, an applet can
> be implemented in order to do so, maybe using libfprint [2].
>

Just wondering,
how much is this biometrics ** still alive?
At work, we were participating with a field-trial of the new Blackberry
smartcard readers. afaicr, the first release of their cardreaders had a
fingerprintreader as a special request from the DoD. But RIM dropped it
in the next hw-release.
Too many false rejects, too easy to circumvent (with some tape & glue)
Just adding much costs, while not adding any form of security.

hw

** i mean fingerprint, other biometrics do work, if you can afford it
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user
Reply | Threaded
Open this post in threaded view
|

Re: [opensc-devel] New project coordinator: Martin Paljak

Alon Bar-Lev
On Tue, Apr 13, 2010 at 3:16 PM, Hans Witvliet <[hidden email]> wrote:

> On Tue, 2010-04-13 at 15:02 +0300, Alon Bar-Lev wrote:
>
>>
>> As for PINPAD readers, there are some cards that has a feature of
>> authentication cookie that is given after initial authentication, this
>> cookie is valid as long as there is power to the card. So the
>> algorithm is as follows: Lock reader, authenticate using PINPAD,
>> acquire cookie, unlock reader. After that a normal sequence of
>> stateless operation can be executed while the cookie is the
>> authentication credential.
>>
>> Because of the lack of this feature I could not offer OpenSC to any enterprise.
>>
>> 2. Support biometrics match-on-card? This feature is missing from open
>> source and Linux drivers. If you go toward java cards, an applet can
>> be implemented in order to do so, maybe using libfprint [2].
>>
>
> Just wondering,
> how much is this biometrics ** still alive?
> At work, we were participating with a field-trial of the new Blackberry
> smartcard readers. afaicr, the first release of their cardreaders had a
> fingerprintreader as a special request from the DoD. But RIM dropped it
> in the next hw-release.
> Too many false rejects, too easy to circumvent (with some tape & glue)
> Just adding much costs, while not adding any form of security.
>
> hw
>
> ** i mean fingerprint, other biometrics do work, if you can afford it

Yes. There is a requirement in some industries to have BIO+PIN authentication.
For these locations Linux is out of the game.
We need to keep this in mind.

Alon.
_______________________________________________
opensc-user mailing list
[hidden email]
http://www.opensc-project.org/mailman/listinfo/opensc-user