Timothy J Miller wrote: > On Mar 31, 2008, at 9:49 AM, Douglas E. Engert wrote: > >> PIV is really an application on a card, and there are currently 4 >> NIST approved cards. 800-73 defines the application that needs to be >> stanadardized for end user use. > > I've heard that there's at least one card provider that's going to > implement 800-73 in hardware, but I've never been able to confirm it. > > Would be cool if it were true. > >> The goal was to support the normal use of the NIST standard, for >> platforms that use Open Source. Not to develop a card administration >> station for specific cards. This would allow Unix systems to use >> government issued cards with PKCS11 for login, browser and mail. > > Nevertheless, the ability would be useful. For example, some companies > may want to use PIV-compliant middleware but don't want to implement > everything FIPS 201 requires. This is of interest to contractors where > a not-insignificant proportion of employees will hold a PIV as well as a > corporate smartcard.
Yes that could be us too. Some with PIV issued by government, some with corporate cards, either PIV or some other cards. The PIV could just have the certs. In effect that is how our testing was done, using Windows enterprise CA certs. One could then use the card to login to AD using IdAlly as the CSP, calling OpenSC, which also works with IE. On Unix, the can be used with pam_krb5, with PKINIT, to login, as well as used by FireFox both calling OpenSC pkcs#11. But to implement issuing PIV cards for the corporation requires a card administration system, to initialize finalize cards and escrow all the keys. I was not about to do that, as it would be a big project, and in competition with private companies. If we where to do this I would expect we would buy a card management system. The card management vendors must also be aware of this market. That said, someone else could take on adding full PIV administration to OpenSC. > > -- Tim > -- Douglas E. Engert <[EMAIL PROTECTED]> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
