• Open Menu Close Menu
  • Apple
  • Shopping Bag
  • Apple
  • Mac
  • iPad
  • iPhone
  • Watch
  • TV
  • Music
  • Support
  • Search apple.com
  • Shopping Bag

Lists

Open Menu Close Menu
  • Terms and Conditions
  • Lists hosted on this site
  • Email the Postmaster
  • Tips for posting to public mailing lists
RE: Using hardware based certificates
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: Using hardware based certificates

  • Subject: RE: Using hardware based certificates
  • From: "Beatty, Daniel D CIV NAVAIR, 474300D" <email@hidden>
  • Date: Thu, 5 Nov 2009 08:59:43 -0800
  • Thread-topic: Using hardware based certificates 
 Greetings Travis and Cheong,
True, those are good guides especially in the PKI lingo world.  Although, in his case there may be a simpler solution.   Since he is working with the Air Force, and I myself with the Navy I suggest that he and I collaborate on this project and that he call me to set something up.

I have noticed the same thing in academia as well, thus we should target a framework that handles this kind of thing for general public use with as open standards as possible.  Best example of such a standard I can think of is Shibboleth out of Virginia Tech.   Of course, Apple may be gunning for something similar in its Mobile Access Server and either way it would be nice to simply have a framework that just uses the service to maximize the benefit for everyone.

Later,
Daniel Beatty
Computer Scientist, Detonation Sciences Branch
Code 474300D
2400 E. Pilot Plant Rd. M/S 1109
China Lake, CA 93555
email@hidden
(760)939-7097



-----Original Message-----
From: webobjects-dev-bounces+daniel.beatty=email@hidden [mailto:webobjects-dev-bounces+daniel.beatty=email@hidden] On Behalf Of Cheong Hee (Gmail)
Sent: Wednesday, November 04, 2009 22:52
To: email@hidden
Subject: Re: Using hardware based certificates

Hi Tavis
> Daniel, I just noticed your credentials!
>
>
>
> Do you (or anyone else on the list) have experience using a smartcard
> with WO or any other web development? Here are things I'd like to do:
>
> Easy-
> Ask for an identity certificate (not too hard, they are X.509 based)
> Sign an iText document (also not hard, the iText in Action book
> describes the process)
BER DER format?

These are necessary readings:
¨An Overview of the PKCS Standards (Burton S. Kaliski Jr., 1993) ¨A Layman's Guide to a Subset of ANS.1, BER, and DER (Burton S. Kaliski Jr.,
1993)


>
> Hard-
> Get other properties off the card.
Some smart card data could be stored in secured area or open data.  If they
are open data, it is easy and just APDU commands, otherwise, it will be more
challenging.
However, to access smart card from browser, you will need PCSC library and
plug-in.  I have not much info about the plug-in.  Sometime back someone has
posted about accessing fingerprint from browser using plug-in IIRC.  Hope
some pointer on this.

>
> Purpose-
> When a new user creates a profile, I don't want them to have to play 20
> questions. It's error prone and annoying. Everyone in my organization (US
> Air Force) has to use the card to gain access to a computer or government
> web site anyway and hates entering thier data yet again to use a small
> app. Thier full name, title or military rank, unique ID number, date of
> birth, organization, etc. are all on the card and reasonably guaranteed to
> be error free. I want to pull that data. Also, my app has more person
> entities than active users; for example if I am my unit representative
> then I currently need to find and hand type the personal information for
> the 20 people in my unit knowing I will never get 20 people to create
> accounts in a painful process. But I could ask them to stop by and put
> thier card in my computer for 5 seconds. As far as I can tell, there is no
> way for a web server to get that information directly like it can when it
> asks for a certificate
> because this data is not stored in a certificate. But could a JavaScript
> application get it?
>
> I've found a lot of documentation on the web for using X.509 certificates,
> and other sources for writing native client code to interface directly
> with smartcards, but nothing on using the card's stored data from inside a
> web browser.
>
> Tavis McDevitt
>

Cheers

Cheong Hee

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden

Attachment: smime.p7s
Description: S/MIME cryptographic signature

 _______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list      (email@hidden)
Help/Unsubscribe/Update your Subscription:

This email sent to email@hidden
References: 
 >Re: Using hardware based certificates (From: "Cheong Hee (Gmail)" <email@hidden>)

  • Prev by Date: Re: ERIndexing (was: How to achieve a fuzzy match searcher)
  • Next by Date: WO Component Template....
  • Previous by thread: Re: Using hardware based certificates
  • Next by thread: RE: Using hardware based certificates
  • Index(es):
    • Date
    • Thread