search

Twuk / eid-mw

Automatically exported from code.google.com/p/eid-mw
0 stars 0 forks source link

Can not disable warning message #2

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
We are writing a 'kiosk' java application which will read data from EID.

We would like to be able to disable the confirmation dialog show by the
method askWarningLevel without recompile our own version of the library.

With the old version of the middleware it was possible to specify the list
of accepted application... this functionality is not available anymore.

I see two way of fixing the problem.
- Enable access to the method 
void APL_EIDCard::setWarningLevel(APL_AccessWarningLevel lWarningLevel)
in java api. (security issue ?)
- implement a "list of authorized application" (in window registry or
config files)

Original issue reported on code.google.com by thorgull on 11 Jun 2009 at 1:35

GoogleCodeExporter commented 9 years ago 
We have the same issue with our ASP.NET application that uses the e-ID card from
customers. I've posted a message on the b-eid forum.
http://www.b-eid.com/forum/showthread.php?t=110

Original comment by kevin.de...@gmail.com on 7 Aug 2009 at 10:15

GoogleCodeExporter commented 9 years ago 
The confirmation dialog is there (mainly) because of the privacy law of 1992. 
See
also: "08/12/1992 | Wet tot bescherming van de persoonlijke levenssfeer ten 
opzichte
van de verwerking van persoonsgegevens"
You have to inform the citizen somehow about the readout of his personal data 
when
using the eID card within your applications.

We also want to prevent that malicious web applications start to readout the 
eID card
via the official eID Middleware without the citizen's consent.

Original comment by frank.co...@gmail.com on 17 Aug 2009 at 8:17

GoogleCodeExporter commented 9 years ago

Original comment by frederik...@gmail.com on 16 Sep 2010 at 11:31

GoogleCodeExporter commented 9 years ago 
[deleted comment]
GoogleCodeExporter commented 9 years ago 
Workaround : Use the standard java smartcard API raw-connect to the BEID Card. 

You can even take the library http://code.google.com/p/eidlib/.
The eidlib is more a Proof of concept but wrok well. The code need some 
optimisation before production use but work well. It is pure java (no dll 
installation required), but need java 6.

Personal opinion about the privacy law of 1992 : This is the "application" 
which need to alert the user. Not the middleware. Mainly because other 
middleware exists and can bypass this.

Original comment by thorgull on 16 Sep 2010 at 11:43

GoogleCodeExporter commented 9 years ago 
I agree with @thorgull, the application should alert the user, not the 
middleware! Can we please have an option to disable this, other than 
recompiling beid35applayer.dll? It is just unacceptable to pop up an ugly 
dialog inside a WPF kiosk application. Totally unprofessional! So pretty please 
with sugar on top... reconsider this issue!

Original comment by fre...@fretje.be on 8 Mar 2011 at 10:34