I understand that the ECA program Smart Card solution is not originally intended for corporate ID like a CAC Card, but I believe the FiXs program is meant to provide a CAC-like card authentication with hardware assurance ECA certificates on board.
Not quite. FiX (an acronym no longer used, AFAICT) is intended to show non-Federal partners how to produce cards that are technically compatible with the PIV platform, and provide a path to meet all FIPS 201 identity assurance requirements.
The reason that I ask is that Good Technology (according to one of their webinars) is releasing an updated iPhone (and Android) product that will include S/MIME encryption in the Fall timeframe. Their previous S/MIME product was for Windows Mobile devices and used bluetooth card readers for the CAC card. Early indications (I am trying to clarify with them) is that may only support software-only certificates (at least initially).
Everything I've heard is pretty much the same: smartcard support is intended for the product, but the only info I can glean on status indicates they won't initially make that goal. It's been awhile since I've had Good in for a chat, though.
The ECA certs can be renewed in 1 year increments, so I thought I would just get software certificates and put them on a Smart Card. And just simplify the number of cards and stuff on my person and wallet, combining this card with a photo ID.
This won't help you with Good's software suite if it ships without smartcard support.
Ultimately, I think the FiXs program for DoD contractors is probably the best approach long term, but getting acceptance for it at all DoD facilities is holding things up.
Requirements for interoperation with non-Federal PKIs was clarified via DoD CIO memo last year, and is being incorporated into the DoDI 8520.02 reissuance currently being circulated.
In addition, there needs to be a mobile device solution for these hardware type certificates. It is getting more annoying as encrypted email is becoming more pervasive to keep getting "this email cannot be read on this device" on the iphone.
This is a separate problem from PKI interop. -- Tim