On 2/20/2011 2:37 PM, Anders Rundgren wrote: > /http://gcn.com/articles/2011/02/03/nstic-identity-management-challenges.aspx > > _Seven years_ after the directive, “we’re finally making some progress as > DHS,” in issuing the PIV Card, Spires said. Some 180,000 cards have been > issued to employees and contractors, primarily in the > National Capital Region near Washington. But that is the low-hanging fruit, > and *issuing cards to all the department’s geographically dispersed workers > “is a daunting exercise” that could take years > to complete*, Spires said. > / > Mr. Spires is right. PIV cards were designed to be centrally provisioned and > distributed through physical means while you can get a password on the fly. > It is possible that my "heroic" SKS/KeyGen2 > effort will fail due to lack of resources. Demand is certainly not the > stumbling block!
There are other issues which have held up deployment. The primary use of the cards is as an ID badge. HSPD-12 requires a background check, photo, and fingerprints before and a fingerprint verification when the card is issued to the card holder. (The objects on the card include fingerprints and a photo, and NIST 800-73-3 defines an new Iris scan object.) This can cost $100 - $150 or so per employee, plus a $100 background check: http://homelandsecuritynewswire.com/ibm-wins-41-million-department-interior-hspd-12-contract Federal agencies are required to issue the cards, but federal contractors have resisted implementing the cards because of these issues. (Argonne is a contractor for DOE, and thus only some of us have cards.) Employees of JPL of NASA had a lawsuit against having to submit to a background check. They lost the lawsuit: http://hspd12jpl.org/lawsuit.html But the Defence departmanet's CAC cards are being converted to PIV: http://gcn.com/articles/2005/12/05/defense-to-test-piv-iicompliant-access-cards.aspx 17 million cards issued, 3.5 million active as of 2008: http://en.wikipedia.org/wiki/Common_Access_Card It has been recognized that PIV card could be useful outside the Federal Government: http://www.idmanagement.gov/documents/PIV_IO_NonFed_Issuers_May2009.pdf And since there are multiple vendors, and support by Microsoft, and Apple (and the OpenSC code) it might eventually get much larger acceptance. > > Regards, > Anders > > > > > _______________________________________________ > opensc-devel mailing list > opensc-devel@lists.opensc-project.org > http://www.opensc-project.org/mailman/listinfo/opensc-devel -- Douglas E. Engert <deeng...@anl.gov> Argonne National Laboratory 9700 South Cass Avenue Argonne, Illinois 60439 (630) 252-5444 _______________________________________________ opensc-devel mailing list opensc-devel@lists.opensc-project.org http://www.opensc-project.org/mailman/listinfo/opensc-devel
