Reader Interface Secure Element Requirement

GlobalPlatform / WebApis-for-SE

Open source Apis to access a Secure Element from a Web application

Apache License 2.0

18 stars 5 forks source link

Reader Interface Secure Element Requirement #38

Closed hchavers closed 8 years ago

hchavers commented 8 years ago

Comments from Trusted Computing Group - Item # 19

Section: 10. Reader Interface

Comment: A reader may only have at most one present Secure Element.

Proposed Resolution: A reader MUST have at most one present Secure Element.

serianox commented 8 years ago

ISO 14443 allows for several contactless cards to be present on a reader at the same time.

Though it is uncommon, some readers support this feature. The API does not take this case into account.

Maybe the Reader interface could be changed to SecureElement instead?

interface SecureElement {
    readonly attribute DOMString         readerName;
    readonly attribute SecureElementType type;
    readonly attribute boolean           isRemovable;
    Promise<Session> openSession();
    Promise<void>    closeSessions();
};

opoto commented 8 years ago

The proposed changed above would be a significant change to the specification, which assumes that a Reader may have no secure element present. This is aligned with OMAPI. A reader should be viewed as a slot for one secure element. If a physical devices accepts several secure elements it should appear as several Reader objects.