[SmartcardServices-Users] Custom Smart Card Source
Miller, Timothy J.
tmiller at mitre.org
Mon Jul 26 09:25:58 PDT 2010
At least one ECA authority issues smartcards, but ECA smartcards are not intended to be employee badges, and the ECA vendors don't generally support issuing to entire companies. That's not what the ECA program is for.
If you're wanting to deploy a corporate PKI that's interoperable with the DoD and/or Federal PIV systems, you need to spend some quality time with the _PIV Interoperability for Non-Federal Issuers_ specification:
http://www.cio.gov/Documents/PIV_Interoperabillity_Non-Federal_Issuers_May-2009.pdf
What you're really asking for is a share service provider (SSP). An SSP is someone who would issue your ID cards for you, and handle cross-certification, ID vetting, etc.; the Federal PIV program has several operating SSPs, but they can only issue to Federal agencies. I'm not aware of any non-Federal PIV-I shared service providers currently operating, but they are expected to arise.
-- Tim
>-----Original Message-----
>From: smartcardservices-users-bounces at lists.macosforge.org
>[mailto:smartcardservices-users-bounces at lists.macosforge.org] On Behalf
>Of Bob Colbert
>Sent: Monday, July 26, 2010 10:29 AM
>To: SmartcardServices-Users at lists.macosforge.org
>Subject: [SmartcardServices-Users] Custom Smart Card Source
>
>Does anyone know of a company that can provide custom printed Smart
>Cards for company PhotoIDs. In addition, I would hope that the provided
>Smart Card would be compatible with the current state of SmartCard
>support and with a working tokend for Snow Leopard. I understand that
>part of it is choosing an already supported reader. Apparently, I have
>discovered with my current ActivIdentity USB token that the reader
>portion of the token is supported, however the card profile needs to be
>updated to properly read the certificates from the USB token.
>
>The Smart Card should have the capability for supporting the External
>Certification Authority type certificates -
>http://iase.disa.mil/pki/eca/ . Another capability would be that the
>Smart Card is compatible with ActivClient for Windows for key generation
>and/or certificate import. Unless there is another way under Snow
>Leopard to generate key requests on the card or otherwise import
>software certificates onto them?
>
>Thanks,
>Bob Colbert
>
>
More information about the SmartcardServices-Users
mailing list