{"id":1507,"date":"2009-09-16T21:36:04","date_gmt":"2009-09-17T02:36:04","guid":{"rendered":"http:\/\/www.coresecuritypatterns.com\/blogs\/?p=1507"},"modified":"2020-08-08T04:12:07","modified_gmt":"2020-08-08T04:12:07","slug":"exploring-logical-access-control-with-piv-cards","status":"publish","type":"post","link":"https:\/\/websecuritypatterns.com\/blogs\/2009\/09\/16\/exploring-logical-access-control-with-piv-cards\/","title":{"rendered":"Exploring Logical Access Control with PIV cards"},"content":{"rendered":"<p>Looks like convergence projects are in the limelight&#8230; lately I noticed a lot of interests on enabling the use of common credentials for securely accessing physical and logical resources.&nbsp; Although we find most convergence projects are targeted at the enterprise level but there are serious minds working on using smartcard based PKI credentials for supporting citizen-scale projects (I regret that I cannot discuss the specifics) !&nbsp; Ofcourse the use of on-card PKI credentials and its on-demand verification with the PKI service provider is in practice for a while now at security sensitive organizations. The DoD CAC, PIV and most smartcard based National ID\/eIDs contain PKI certificate credentials and few of them includes Biometric samples of the card holder as well. Using those on-card identity credentials for accessing physical and logical resources becomes critical and also makes sense to&nbsp; fulfil the ultimate purpose of issuing smartcard based credentials&#8230; it cannot be overstated.<\/p>\n<p>Couple of weeks ago, I had a chance to present and demonstrate PIV card credentials based logical access control using Sun IDM, OpenSSO Enterprise, WinXP running on Sun Ray environment. The demo was hosted&nbsp; one of the Big5 SI.&nbsp; If you curious to see my preso detailing the pieces of the puzzle&#8230;<a href=\"http:\/\/www.websecuritypatterns.com\/blogs\/wp-content\/uploads\/2009\/10\/piv-sunray-idm-rameshnagappan.pdf\" target=\"_blank\" rel=\"noopener noreferrer\">here you go<\/a>:<\/p>\n<p style=\"center;\"><a href=\"http:\/\/www.slideshare.net\/ramesh_r_nagappan\/piv-card-based-identity-assurance-in-sun-ray-and-idm-environment\"><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-1508 aligncenter\" src=\"http:\/\/www.websecuritypatterns.com\/blogs\/wp-content\/uploads\/2009\/10\/placs.png\" alt=\"\" width=\"500\" height=\"338\"><\/a><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Looks like convergence projects are in the limelight&#8230; lately I noticed a lot of interests on enabling the use of common credentials for securely accessing physical and logical resources.&nbsp; Although we find most convergence projects are targeted at the enterprise level but there are serious minds working on using smartcard based PKI credentials for supporting citizen-scale projects (I regret that&#8230; <a href=\"https:\/\/websecuritypatterns.com\/blogs\/2009\/09\/16\/exploring-logical-access-control-with-piv-cards\/\">Read more &raquo;<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[2,5,20,6,7,8,9,11],"tags":[24,26,29,31,51,55,57,58,62,64,69,70],"class_list":["post-1507","post","type-post","status-publish","format-standard","hentry","category-biometrics","category-identity-management","category-java-ee","category-main","category-piv-fips-201","category-pki-main","category-security","category-smartcards-pki","tag-biometrics-main","tag-cac","tag-eid","tag-fips-201","tag-opensso","tag-piv","tag-pki-main","tag-provisioning","tag-security","tag-smartcards","tag-sso","tag-sunray"],"jetpack_sharing_enabled":true,"jetpack_featured_media_url":"","_links":{"self":[{"href":"https:\/\/websecuritypatterns.com\/blogs\/wp-json\/wp\/v2\/posts\/1507","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/websecuritypatterns.com\/blogs\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/websecuritypatterns.com\/blogs\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/websecuritypatterns.com\/blogs\/wp-json\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/websecuritypatterns.com\/blogs\/wp-json\/wp\/v2\/comments?post=1507"}],"version-history":[{"count":1,"href":"https:\/\/websecuritypatterns.com\/blogs\/wp-json\/wp\/v2\/posts\/1507\/revisions"}],"predecessor-version":[{"id":2837,"href":"https:\/\/websecuritypatterns.com\/blogs\/wp-json\/wp\/v2\/posts\/1507\/revisions\/2837"}],"wp:attachment":[{"href":"https:\/\/websecuritypatterns.com\/blogs\/wp-json\/wp\/v2\/media?parent=1507"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/websecuritypatterns.com\/blogs\/wp-json\/wp\/v2\/categories?post=1507"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/websecuritypatterns.com\/blogs\/wp-json\/wp\/v2\/tags?post=1507"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}