> 2. Is there a standard that is obeyed by all smartcard hardware for
> revocation?
Revocation is performed by the CA, not by smartcard hardware itself. A
smartcard (in this example) is just a storage device for certificates (in
the same way you can issue file based certs and copy/export them to floppy).
> 3. When a smartcard is used to logon to Windows. When the
> card pulled out, the
> system can initiate an auto-logout. Is it a standard or
> depends on the
> software?
There is a policy (local or GPO in AD) under Win2k that controls this. I
can't speak for other o/s versions.
> 4. How can an applet can access the data inside a smartcard?
> Is there a
> standard API / System to do it?
This should get you started, from the DDK:
http://msdn.microsoft.com/library/en-us/smart/hh/smart/smarthdr_776r.asp
> 5. Does squid have LDAP support?
Not as standard, I believe. Try this though:
http://group-ldap-auth.sourceforge.net/squid/group_ldap_auth/
HTH!
Ian Kayne
Technical Specialist - IT Solutions
Softlab Ltd - A BMW Company
> -----Original Message-----
> From: Çagil Seker [mailto:cagils (at) biznet.com (dot) tr [email concealed]]
> Sent: 28 February 2003 11:53
> To: focus-ms (at) securityfocus (dot) com [email concealed]
> Subject: 5 security questions
>
>
> I have a couple of questions related to security and smartcards:
>
> 1. An applet that has been transfered through the SSL tunnel
> can be forced to
> communicate with the server (RMI) using the same SSL
> connection, using the
> same certificate stored?
>
> 2. Is there a standard that is obeyed by all smartcard hardware for
> revocation?
>
> 3. When a smartcard is used to logon to Windows. When the
> card pulled out, the
> system can initiate an auto-logout. Is it a standard or
> depends on the
> software?
>
> 4. How can an applet can access the data inside a smartcard?
> Is there a
> standard API / System to do it?
>
> 5. Does squid have LDAP support?
>
> Thanks.
>
********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom
they are addressed.
If you are not the intended recipient or the person responsible for
delivering to the intended recipient, be advised that you have received
this email in error and that any use of the information contained within
this email or attachments is strictly prohibited.
Internet communications are not secure and Softlab does not accept
any legal responsibility for the content of this message. Any opinions
expressed in the email are those of the individual and not necessarily
those of the Company.
If you have received this email in error, or if you are concerned with
the content of this email please notify the IT helpdesk by telephone
on +44 (0)121 788 5480.
> 2. Is there a standard that is obeyed by all smartcard hardware for
> revocation?
Revocation is performed by the CA, not by smartcard hardware itself. A
smartcard (in this example) is just a storage device for certificates (in
the same way you can issue file based certs and copy/export them to floppy).
> 3. When a smartcard is used to logon to Windows. When the
> card pulled out, the
> system can initiate an auto-logout. Is it a standard or
> depends on the
> software?
There is a policy (local or GPO in AD) under Win2k that controls this. I
can't speak for other o/s versions.
> 4. How can an applet can access the data inside a smartcard?
> Is there a
> standard API / System to do it?
This should get you started, from the DDK:
http://msdn.microsoft.com/library/en-us/smart/hh/smart/smarthdr_776r.asp
> 5. Does squid have LDAP support?
Not as standard, I believe. Try this though:
http://group-ldap-auth.sourceforge.net/squid/group_ldap_auth/
HTH!
Ian Kayne
Technical Specialist - IT Solutions
Softlab Ltd - A BMW Company
> -----Original Message-----
> From: Çagil Seker [mailto:cagils (at) biznet.com (dot) tr [email concealed]]
> Sent: 28 February 2003 11:53
> To: focus-ms (at) securityfocus (dot) com [email concealed]
> Subject: 5 security questions
>
>
> I have a couple of questions related to security and smartcards:
>
> 1. An applet that has been transfered through the SSL tunnel
> can be forced to
> communicate with the server (RMI) using the same SSL
> connection, using the
> same certificate stored?
>
> 2. Is there a standard that is obeyed by all smartcard hardware for
> revocation?
>
> 3. When a smartcard is used to logon to Windows. When the
> card pulled out, the
> system can initiate an auto-logout. Is it a standard or
> depends on the
> software?
>
> 4. How can an applet can access the data inside a smartcard?
> Is there a
> standard API / System to do it?
>
> 5. Does squid have LDAP support?
>
> Thanks.
>
********************************************************************
This email and any files transmitted with it are confidential and
intended solely for the use of the individual or entity to whom
they are addressed.
If you are not the intended recipient or the person responsible for
delivering to the intended recipient, be advised that you have received
this email in error and that any use of the information contained within
this email or attachments is strictly prohibited.
Internet communications are not secure and Softlab does not accept
any legal responsibility for the content of this message. Any opinions
expressed in the email are those of the individual and not necessarily
those of the Company.
If you have received this email in error, or if you are concerned with
the content of this email please notify the IT helpdesk by telephone
on +44 (0)121 788 5480.
********************************************************************
[ reply ]