On Mar 17, 2009, at 5:08 AM, Folkert Saathoff wrote:

Hello List, glad to see things are going forward again with smartcard integration on Mac OS X.

I'm a bit confused though about the focus of the project (please excuse my ignorance, I'm reading up on it as we speak :) I'm mostly interested in home/personal use of USB Smartcards (eg Aladdin eTokenPRO), not necessarily for login authentication, but rather as a secure place to store ssh keys etc. Thus, i'm looking for a way to provision (if that's the right term) cards on Mac OS X, preferably using open source middleware. Right now, it seems that the OpenSC project should be the best place to look for that. But I'm wondering, is anybody on the list interested in (and in a position to contribute to) this kind of thing? Or are people mainly concerned with making enterprise stuff like CAC and PIV work correctly?

thnx/ cheers Folkert Saathoff

Folkert, Welcome to the List / Project and I hope we can be of assistance to you. This Project has a very ambitious goal of enhancing all things "Token" related with Mac OS X in an interactive and open source community. Apple has been doing a fair amount of work internally and with some external individuals, but we really wanted to take this to the next level. For that, we felt a good way to engage all of the appropriate entities in this space while providing a high level of transparency is to bring everyone together with this MacOSForge Project. We have pulled together all of the appropriate open source code previously available via http://www.opensource.apple.com/ darwinsource/ which makes up the SmartCardServices. We already have a few sub-proejcts that will be added which will provide key capability that did not previously exist. One such sub-project is a "PKCS#11 Shim" which is built on top of CDSA and fully leverages the built-in SmartCardServices without inflicting a problem of arbitration as is the case with competing PKCS#11 Library and Tokend environments right now. The capability of a Tokend on Mac OS X fully allows for complete provisioning, personalization, administration, etc. of a supported Smart Card. A "Tokend" is an abstraction for any kind of security token. The currently shipped tokend modules were originally developed to support PKI-based Smart Cards already issued (i.e. CAC,PIV,BELPIC,JPKI). We want this project to take that further and work to providing a set of APIs / Services that extend to what you are asking for and what is needed for future concepts. There is much in our minds as to what can be done if we all work together. You are more than welcome to participate or select the environments of choice, but we hope you consider working with us here to further our work and meeting your current and future needs as well. __________________________________________________ Shawn Geddis geddis@mac.com Security Consulting Engineer MacOSForge Project Lead: Smart Card Services Web: http://smartcardservices.macosforge.org/ Lists: http://lists.macosforge.org/mailman/listinfo __________________________________________________