Justin Karneges wrote:
On Thursday 15 February 2007 7:14 am, Douglas E. Engert wrote:
Yes propriety vendor solutions are a major problem. Have a look at the
PIV card comments at:
http://www.opensc-project.org/opensc/wiki/UnitedStatesPIV
The intent is to standardize on multiple vendors for cards,
multiple vendor's for readers, and multiple vendors for middle ware.
Thus avoiding the proprietary problems with a single vendor.
The components that have passed the interoperability testing
are on the list at:
http://fips201ep.cio.gov/apl.php
But all this standardization is limiting. With PIV there is a predefined
set of objects that can be on the card, and it is meant to be read only
for the end user. Administration of the card is left up to the card
vendor's to work with the administration software vendor's.
Hmm, very interesting. And is this standardization based on existing
standards? E.g., the government simply forcing vendors to use ISO 7816 and
PCKS#15, or ... ?
HSPD-12 is behind the push. (Google for HSPD-12) This creates a
market of millions of users of these cards. (just a guess)
NIST is setting the standard for this card, Google for NIST 800-73-1
that defines the ADPUs, on top of a subset of ISO 7816. But the card has
no files, but rather objects, so PKCS#15 is not part of thus. But the
OpenSC pkcs15-piv.c emulates a PKCS#15 file system and makes the
objects look like files. OpenSC does this emulation for other cards
too. Thus the pkcs15-tool as well as the pkcs11-tool can read the cards.
The government is not "forcing" vendors, but rather enticing vendors
to produce products that will fit this vendor neutral environment with
the government as the customer.
This in not a national ID card, its meant for government employees
and those that need to work with the government.
I would expect that if this works out well, PIV cards could be used
for non-government projects too. Most (all?) of the approved cards
are actually Java based, with the PIV applet being the default applet.
(NIST 800-73-1 requirement.) Thus other applets could be on the card.
Sorry for being so long winded about a specific class of smart cards,
but PIV addresses a lot of the concerns you have with the smart card
industry, but based on your company's web site, may not apply
to you.
Long winded can be good. :) And Affinix for game development certainly does
not apply. :) However, the Delta XMPP Project is related:
http://delta.affinix.com/
We use PKCS#11, and so we're far abstracted from the gory details of this
thread. However, as a simple user of crypto tokens, I've found the
interoperability situation lacking. I ask these questions as an
enthusiast. :)
-Justin
_______________________________________________
opensc-devel mailing list
[email protected]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
--
Douglas E. Engert <[EMAIL PROTECTED]>
Argonne National Laboratory
9700 South Cass Avenue
Argonne, Illinois 60439
(630) 252-5444
_______________________________________________
opensc-devel mailing list
[email protected]
http://www.opensc-project.org/mailman/listinfo/opensc-devel
