Bugzilla – Bug 3555
Last modified: 2008-08-11 15:18:51
You need to
before you can comment on or make changes to this bug.
Please implement smart card, specifically PIV-II smart card support into
Homeland Security Presidential Directive (HSPD) 12 mandates that federal
employees and contractors will use strong authentication. FIPS 201 has chosen
that strong authentication to be smart cards.
GLOBUS is in an excellent position to solve the remote access problem posed by
HSPD-12. As you know smart cards and GLOBUS both rely on certificates. The
national laboratories are unsure how to address remote access when they must
enable to smart cards
The Presidents directive HSPD-12 can be seen at
and, FIPS-201 can be found at
NIST SP 800-73 (which details the smart card dialoge) can be found at
---- John Volmer
John - are there any open source libraries (or even a specified API) for
interfacing with these cards?
Doug Engert tells me to ask for a PKCS 11 Interface.
NIST SP 800-73 provides the precise command codes (ADPUs) to
interface with the card.
Some other technical work in this field includes
Michigan State University: http://cse498t04s.cse.msu.edu/
Muscle Project: http://www.linuxnet.com/
One more note: PIV-II cards don't exist yet.
I am planning ahead.
In May 2005 Doug Engert and I met with David Corcoran who is responsible for
two WWW sites that offer smart card software:
http://www.linuxnet.com (open source) and
Dave participated in the HSPD-12 specification as well. I got the sense that
all of the smart card open source stuff is at http://www.linuxnet.com but if
you want the nicly packaged stuff you need to go to
Also, Dave has done some work with Michigan State to create a PIV compliant
java smart card, but I could not find the source at
Oberthur has a PIV-II compliant card available for beta testing. They are
seeking testers. The ADPU commands is as stated in NIST 800-73.
"Over the course of a 4 week period, Oberthur looks forward to receiving your
valuable feedback on our ID-One Cosmo 64K Dual Interface Card and our PIVII
applet. We are hoping to hear back from you on:
1- Any issues surrounding interoperability
2- Any suggestions or insights concerning the applet and/or card
3- Any questions that you may need answered to effectively test the card
4- Any positive feedback as well"
Lynn M. Rice
Business Development Manager - Government & ID
Oberthur Card Systems
4250 Pleasant Valley Road
Chantilly, VA 20161
Subject: Re: Implement HSPD-12/PIV-II
OpenSC provides a PKCS#11 lib that can use the PIV cards.
This is the code I have been working on for the last few years,
using Beta PIV cards.
John's original bug report was to get Globus people aware that
these cards where coming. If you can call PKCS#11 then you would
> email@example.com changed:
> What |Removed |Added
> AssignedTofirstname.lastname@example.org |email@example.com
> ------- You are receiving this mail because: -------
> You are on the CC list for the bug, or are watching someone who is.