Bug 3555 - Implement HSPD-12/PIV-II
: Implement HSPD-12/PIV-II
Status: NEW
: unspecified
: PC Windows XP
: P3 enhancement
: ---
Assigned To:
  Show dependency treegraph
Reported: 2005-07-11 17:04 by
Modified: 2014-06-18 09:05 (History)



You need to log in before you can comment on or make changes to this bug.

Description From 2005-07-11 17:04:58
Please implement smart card, specifically PIV-II smart card support into 

Homeland Security Presidential Directive (HSPD) 12 mandates that federal 
employees and contractors will use strong authentication. FIPS 201 has chosen 
that strong authentication to be smart cards.

GLOBUS is in an excellent position to solve the remote access problem posed by 
HSPD-12. As you know smart cards and GLOBUS both rely on certificates. The 
national laboratories are unsure how to address remote access when they must 
enable to smart cards

The Presidents directive HSPD-12 can be seen at
and, FIPS-201 can be found at

NIST SP 800-73 (which details the smart card dialoge) can be found at



---- John Volmer
------- Comment #1 From 2005-07-12 08:50:03 -------
John - are there any open source libraries (or even a specified API) for
interfacing with these cards?
------- Comment #2 From 2005-07-12 16:24:56 -------
Hi Von,

Doug Engert tells me to ask for a PKCS 11 Interface.

NIST SP 800-73 provides the precise command codes (ADPUs) to
interface with the card.

Some other technical work in this field includes
Michigan State University: http://cse498t04s.cse.msu.edu/
Muscle Project: http://www.linuxnet.com/

--- John
------- Comment #3 From 2005-07-12 16:27:57 -------
One more note: PIV-II cards don't exist yet.

I am planning ahead.
------- Comment #4 From 2005-07-13 17:03:31 -------
In May 2005 Doug Engert and I met with David Corcoran who is responsible for
two WWW sites that offer smart card software:

   http://www.linuxnet.com (open source) and
   http://www.identityalliance.com (commercial)

Dave participated in the HSPD-12 specification as well. I got the sense that 
all of the smart card open source stuff is at http://www.linuxnet.com but if 
you want the nicly packaged stuff you need to go to 

Also, Dave has done some work with Michigan State to create a PIV compliant 
java smart card, but I could not find the source at 
------- Comment #5 From 2005-08-12 18:59:21 -------
Oberthur has a PIV-II compliant card available for beta testing. They are
seeking testers. The ADPU commands is as stated in NIST 800-73.

"Over the course of a 4 week period, Oberthur looks forward to receiving your
valuable feedback on our ID-One Cosmo 64K Dual Interface Card and our PIVII
applet.   We are hoping to hear back from you on:

1-     Any issues surrounding interoperability
2-     Any suggestions or insights concerning the applet and/or card
3-     Any questions that you may need answered to effectively test the card
4-     Any positive feedback as well"


Lynn M. Rice

Business Development Manager - Government & ID
Oberthur Card Systems
4250 Pleasant Valley Road
Chantilly, VA 20161
Tel: 703-322-8954
Cell: 703-571-239-2390
------- Comment #6 From 2007-07-12 15:25:04 -------
Subject: Re:  Implement HSPD-12/PIV-II

Please see

OpenSC provides a PKCS#11 lib that can use the PIV cards.
This is the code I have been working on for the last few years,
using Beta PIV cards.

John's original bug report was to get Globus people aware that
these cards where coming. If you can call PKCS#11 then you would
be ready.

bugzilla-daemon@mcs.anl.gov wrote:
> http://bugzilla.globus.org/bugzilla/show_bug.cgi?id=3555
> kettimut@mcs.anl.gov changed:
>            What    |Removed                     |Added
> ----------------------------------------------------------------------------
>          AssignedTo|kettimut@mcs.anl.gov        |bester@mcs.anl.gov
> ------- You are receiving this mail because: -------
> You are on the CC list for the bug, or are watching someone who is.
------- Comment #7 From 2014-04-18 18:15:07 -------
*** Bug 260998 has been marked as a duplicate of this bug. ***
Seen from the domain http://volichat.com
Page where seen: http://volichat.com/omegle-chat-alternative
Marked for reference. Resolved as fixed @bugzilla.
------- Comment #8 From 2014-06-18 09:05:23 -------
At this time several U.S. Government organizations are rolling out directives
that mandate compliance with HSPD-12.  Currently we have been searching for an
SSH solution that supports smartcards and X.509 certificate authentication,
with no success.  If Globus could add support for PIV-II cards, they would
solve a lot of people's problems.