This paper presents an open protocol for interoperability across multi-vendor programmable smart cards. It allows exposition of on-card storage and cryptographic services to host applications in a unified, card-independent way. Its design, inspired by the standardization of on-card Java language and cryptographic API, has been kept as generic and modular as possible. The protocol security model has been designed with the aim of allowing multiple applications to use the services exposed by a same card, with either a cooperative or a no-interference approach, depending on application requirements. Existing protocols for smart card interoperability define powerful and sophisticated card services, intended to be hard-coded into the device hardware. The presented protocol, instead, is intended to be implemented in software on programmable smart cards. By defining simple functionalities, it allows to achieve a small management code that, once loaded onto a card, leaves enough free memory...