The usual way to do Drupal 7 logging is to save all the log entries to the database. This has it's benefits and it's problems: On one hand it works fine on every Drupal site without requiring any additional software or access to the server. On the other hand, it causes a few extra database queries (which in itself isn't that horrible, but when there are already plenty, you usually want to do everything in your power to minimize the amount...). And of course, for the logs to be useful they should be monitored and acted upon.
On Sunday I wrote about Drupal 6 authentication with a FINeID card. In it I also claimed I was planning on expanding the Certificate Login module to facilitate an option for OpenID style identification, in which the user name doesn't need to be taken directly from the certificate but the user can instead be attached to any number of certificates. This is possible by using Drupal 6's authmap-table, which also Drupal's own OpenID module uses.
Months ago I acquired the Finnish FINeID smart card produced by the Police and Population Register Centre, even though plans about discontinuing it altogether have already been made. In addition to being a traditional identification card, it has a certificate that can be used for both authentication and signing documents – although quite few services actually support it (pretty much the only ones are public sector and Itella NetPosti – one bank did allow it for quite a while, but they discontinued it stating lack of use).