WebApp Sec mailing list archives
Re: dual certificate/smartcard web session management
From: Alexander Kalinovsky <akalinovsky () yahoo com>
Date: Sat, 18 Sep 2004 08:45:31 -0400
As far as I know, this is not possible. Client side digital certificate authentication is performed via SSL handshake. To force the user to present another smartcard you would have to terminate the SSL session and force authentication again. This may work in sequence, but not at the same time.
Best Regards, Alex Frank Dobb wrote:
Hello, I am designing a authentication/session managment system for a financial web application. Browsers will be upto date versions of IE, Netscape. Each client post will have a dual smartcard reader and two different smartcards will have to be present for the entire web session. I am looking for ideas, references, white papers orany other pointers how this has achieved in the past.Thanks in advance, Frank __________________________________ Do you Yahoo!? Yahoo! Mail is new and improved - Check it out! http://promotions.yahoo.com/new_mail
Current thread:
- dual certificate/smartcard web session management Frank Dobb (Sep 16)
- Re: dual certificate/smartcard web session management Alexander Kalinovsky (Sep 18)
- Re: dual certificate/smartcard web session management Rogan Dawes (Sep 18)
- <Possible follow-ups>
- RE: dual certificate/smartcard web session management Scovetta, Michael V (Sep 18)