Tim, I understand that the ECA program Smart Card solution is not originally intended for corporate ID like a CAC Card, but I believe the FiXs program is meant to provide a CAC-like card authentication with hardware assurance ECA certificates on board. The reason that I ask is that Good Technology (according to one of their webinars) is releasing an updated iPhone (and Android) product that will include S/MIME encryption in the Fall timeframe. Their previous S/MIME product was for Windows Mobile devices and used bluetooth card readers for the CAC card. Early indications (I am trying to clarify with them) is that may only support software-only certificates (at least initially). The ECA certs can be renewed in 1 year increments, so I thought I would just get software certificates and put them on a Smart Card. And just simplify the number of cards and stuff on my person and wallet, combining this card with a photo ID. Ultimately, I think the FiXs program for DoD contractors is probably the best approach long term, but getting acceptance for it at all DoD facilities is holding things up. In addition, there needs to be a mobile device solution for these hardware type certificates. It is getting more annoying as encrypted email is becoming more pervasive to keep getting "this email cannot be read on this device" on the iphone. Without starting a flame war, I know Blackberries do this now, but I like the overall Good Technology approach in that workers can use their personal devices wherein the Good application is sandboxed and corporate-controlled. Thanks, Bob On 7/26/10 12:25 PM, "Miller, Timothy J." <tmiller@mitre.org> wrote:
At least one ECA authority issues smartcards, but ECA smartcards are not intended to be employee badges, and the ECA vendors don't generally support issuing to entire companies. That's not what the ECA program is for.
If you're wanting to deploy a corporate PKI that's interoperable with the DoD and/or Federal PIV systems, you need to spend some quality time with the _PIV Interoperability for Non-Federal Issuers_ specification:
http://www.cio.gov/Documents/PIV_Interoperabillity_Non-Federal_Issuers_May-2... 9.pdf
What you're really asking for is a share service provider (SSP). An SSP is someone who would issue your ID cards for you, and handle cross-certification, ID vetting, etc.; the Federal PIV program has several operating SSPs, but they can only issue to Federal agencies. I'm not aware of any non-Federal PIV-I shared service providers currently operating, but they are expected to arise.
-- Tim
-----Original Message----- From: smartcardservices-users-bounces@lists.macosforge.org [mailto:smartcardservices-users-bounces@lists.macosforge.org] On Behalf Of Bob Colbert Sent: Monday, July 26, 2010 10:29 AM To: SmartcardServices-Users@lists.macosforge.org Subject: [SmartcardServices-Users] Custom Smart Card Source
Does anyone know of a company that can provide custom printed Smart Cards for company PhotoIDs. In addition, I would hope that the provided Smart Card would be compatible with the current state of SmartCard support and with a working tokend for Snow Leopard. I understand that part of it is choosing an already supported reader. Apparently, I have discovered with my current ActivIdentity USB token that the reader portion of the token is supported, however the card profile needs to be updated to properly read the certificates from the USB token.
The Smart Card should have the capability for supporting the External Certification Authority type certificates - http://iase.disa.mil/pki/eca/ . Another capability would be that the Smart Card is compatible with ActivClient for Windows for key generation and/or certificate import. Unless there is another way under Snow Leopard to generate key requests on the card or otherwise import software certificates onto them?
Thanks, Bob Colbert
---- Bob Colbert DE Technologies 118 Sleepy Hollow Drive Suite 1 Middletown, DE 19709 302-285-0354 302-285-0357 Fax colbert@detk.net