Answers to the Issues of Fingerprint authentication (PSARC 2007/286)
Gaopeng Chen - Sun China
Gaopeng.Chen at sun.com
Tue Aug 21 19:42:53 PDT 2007
>
> For keyboards, mice, and displays, I see an obvious way to relate them
> to a user approaching the system at a workstation. They're all
> attached to the same X server, and it's the X server's problem to make
> sure that these bits of hardware are associated with that one site.
>
> The biometric readers are coming at this sideways. There appears to
> be no way to know whether a given reader has anything to do with a
> given workstation. All that you can do is "guess," which seems a poor
> idea for something that aims to be a security system.
>
> I suspect that the underlying problem is that these devices are
> designed for a different environment -- the single-user Windows
> laptop. There are many things that make sense in such an environment
> that simply do not make sense on a larger multi-user system, and
> vice-versa.
Right, many devices integrates the enrollment/verification function into
the firmware. If the device is virtualized in X, PAM module is not able
to implement the verification, just like the smartcard. So I would not
like to introduce the biometric devices in X level. For this project, in
the first stage, the solution is focused on a local system(desktop,
laptop). In the second stage, when nis/ldap is supported, I think SunRay
would be prioritized rather than X Biometric Device since all USB
devices have already bound in client. Thanks.
--
Best Regards,
GaoPeng Chen
Call: +86-10-62673005
Ext: x82005
Sun Microsystem Inc. China
More information about the opensolaris-arc
mailing list