There are products in the marked where one company makes a mask and other companies produce smartcards with this mask. So open-source is just the next step.

Customers want interoperability and reliability and performance and security and much memory for their applications, with different priorities. So, I think there is still enough space for further Java Card implementations, one reference implementation will never fit all needs. The different hardware platforms are also an issue to consider.

Are there opinions on Open-Source Java Card in the Java Card Forum, e.g. for Java Card 3?

How about going step-by-step and starting with an open-source Java Card simulation?

By the way, I don’t think that it has to be Sun who has to or should provide their reference implementation as open-source.

I am still thinking about it, and I will publish a full entry on this in a few days.

What this means is that any product that uses part of the Java code base must also be made open source. This naturally rules out its use for Java Card.

In the smart card business most effort and money is spent on the security. Now by making it open source, we would take a similar step as cryptography dictates: The algorithm is known and the secrecy lies only in the key. The community would design the security architecture find the flaws much faster. Of course there is a stronger requirement for governance and the hardware dependency (which can be overcome with a modular layer concept). But I am sure we would get better results.

One remark regarding the reference implementation and TCK: Sun’s Java Card Kit includes a reference implementation of the virtual machine in C and the Java Test Harness is open sourced as well (the Java Card test cases are not).