Re: [Fed-Talk] SmartCard Login
Re: [Fed-Talk] SmartCard Login
- Subject: Re: [Fed-Talk] SmartCard Login
- From: Paul Nelson <email@hidden>
- Date: Mon, 27 Feb 2006 12:41:24 -0600
- Thread-topic: [Fed-Talk] SmartCard Login
Sorry this is so long...
Thursby is working on the problem of using CAC/PKINIT for authentication
with Active Directory right now. If I have to implement the Kerberos
AS_REQ/AS_REP to do it, I will. I think the market in DoD is plenty big
enough for our small company to make it worth while.
Thursby is dedicated to solving this problem (Kerberos and PKINIT), but we
don't think it is appropriate for us to implement the new Kerberos spec on
the Macintosh. There are many reasons besides the investment of money.
1) Security comes from wide use and public inspection. We are not as well
positioned as Apple/MIT cooperating on this.
2) Apple does not disclose future plans as a general policy, and could be
duplicating this effort so we could make an investment in this project that
will be a complete waste of time and money.
I didn't mean to do any finger pointing. If I did, I apologize, and agree
that that kind of thing is not helpful. A lot of forces have conspired to
get us into the situation we are in, and most if not all of them are NOT
Apple's fault. Microsoft has deployed PKINIT solutions before there was any
industry agreement on a spec for PKINIT and Kerberos. The DoD accepting
Microsoft's solution as a standard auth method was another force at work.
As for Thursby, we could have been working on PKINIT a while back.
Also remember that there is a lot of work to be done to deploy a solution.
I can't just provide bits and pieces. One of the reasons people do business
with Thursby is that we will work with them so they have deployable
solutions that are cost effective. This often goes beyond software and
includes documentation, plans and procedures, system architecture,
deployment tools, etc.
Paul Nelson
Thursby Software Systems, Inc.
> From: "Timothy J. Miller" <email@hidden>
> Date: Mon, 27 Feb 2006 12:18:58 -0600
> To: Paul Nelson <email@hidden>
> Cc: Shawn Geddis <email@hidden>, "Nebergall, Christopher"
> <email@hidden>, Brian Raymond <email@hidden>, Apple Fed
> Talk <email@hidden>
> Subject: Re: [Fed-Talk] SmartCard Login
>
> A third party can play in this space too, of course. Paul's company
> would be the one I'd turn to for an implementation. But I'll warrant
> that he has the same business case issues Apple does.
Attachment:
smime.p7s
Description: S/MIME cryptographic signature
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Fed-talk mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden