RE: Using hardware based certificates
RE: Using hardware based certificates
- Subject: RE: Using hardware based certificates
- From: "Beatty, Daniel D CIV NAVAIR, 474300D" <email@hidden>
- Date: Fri, 6 Nov 2009 09:38:32 -0800
- Thread-topic: Using hardware based certificates
Greetings Cheong,
Oh can relate. LOL on the Platform 7.
If I am not mistaken, both Identity Provider (IdP) that Shibboleth support (1.3 and 2.2) both have x509 support (Smartcards included). I believe that 1.3 was written in J2EE as a servlet. It could have been written in .NET if Virginia Tech wanted to. Although, I think the notion that Shibboleth represents may be a major milestone.
Instead of reproducing the Shibboleth IdP with a WO app, it might be better to have a WO framework that simply cooperates and uses that IdP. To my knowledge; Amazon, Google, and iTunesU and few other companies have adopted the standard on which Shibboleth is based, SAML2, as authentication mechanism. Thus the notion for such a WO framework is for it use the IdP for different Virtual Service Providers are out there.
Any who, just a thought. I don't know if there is a suggestion box, but this would be a great thing for the crew of Apple to weigh in on. In my humble opinion, it would make for a great framework for the community at large, and Apple has a lot of play on this.
Later,
Daniel Beatty
Computer Scientist, Detonation Sciences Branch
Code 474300D
2400 E. Pilot Plant Rd. M/S 1109
China Lake, CA 93555
email@hidden
(760)939-7097
-----Original Message-----
From: webobjects-dev-bounces+daniel.beatty=email@hidden [mailto:webobjects-dev-bounces+daniel.beatty=email@hidden] On Behalf Of Cheong Hee (Gmail)
Sent: Thursday, November 05, 2009 20:26
To: email@hidden
Subject: RE: Using hardware based certificates
Hi Daniel
Appreciate feedback and help to keep the interest. IIRC someone asked similar subject before, but not much follow through. May be this is non WO related issue, however hopefully a generic framework for WO could be derived to as you suggested.
For past few years, I spent some thought to marry [browser + smartcard] together during smart card personalization. Should I say, personalization process is the core process in smart card implementation. If you know how the data being "written" securely into the card, reading will be at ease.
Else, challenging or challenging!!! If you heard about Datacard Affina or
Platform7 (nope... not the one in Transformers movie) SCLM, you know what i meant .
If I got it right, Travis is looking into a card that has been personalized with certificate. The first hurdle I thought Travis asking was the access to smart card / reader from browser. I supposed it could be done using some kind of variant Javascript , correct me if wrong. Once this is done, the rest will be pretty much with individual case of challenge-response. Did a quick google, Shibboleth is a single sign on server, curious if it provides
method to access smart card via browser. It is easier in .NET, but then it
limits the solution.
Cheers
Cheong Hee
> Greetings Travis and Cheong,
> True, those are good guides especially in the PKI lingo world. Although,
> in his case there may be a simpler solution. Since he is working with
> the Air Force, and I myself with the Navy I suggest that he and I
> collaborate on this project and that he call me to set something up.
>
> I have noticed the same thing in academia as well, thus we should
> target a framework that handles this kind of thing for general public
> use with as open standards as possible. Best example of such a standard I can think
> of is Shibboleth out of Virginia Tech. Of course, Apple may be gunning
> for something similar in its Mobile Access Server and either way it
> would be nice to simply have a framework that just uses the service to
> maximize the benefit for everyone.
>
> Later,
> Daniel Beatty
> Computer Scientist, Detonation Sciences Branch Code 474300D 2400 E.
> Pilot Plant Rd. M/S 1109 China Lake, CA 93555 email@hidden
> (760)939-7097
>
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden