Comments (8)
@ryancdickson is this similar to the script to import certs for altsecids?
from ficam-playbooks.
@idmken - Not quite.
I think the goal described in this issue would automatically assign a friendly name to a user's PIV credential certificates upon logging onto the intended system.
Populating the "Friendly Name" attribute can make it easier for end-users to distinguish certificates (i.e., authentication versus signature). Not all products support use of "Friendly Name" --- looking quickly, it seems as if IE does, but Chrome does not.
Sample screenshots of manually setting "friendly name" --- and IE presenting it are attached.
from ficam-playbooks.
potentially test with Edge to see if friendly name is still applicable, if not close.
from ficam-playbooks.
Edge presents friendly name, observed in the following image:
from ficam-playbooks.
We believe this issue to be OBE due to the following reasons:
- the Common (and soon to be bridge) profile updates which disallowed any key usage in EKU has been in effect for almost 3 years
- recent updates to the profiles have incorporated specific EKUs for the signing cert which would prevent them from being presented in a credential tile screen upon mutual TLS auth
- Several PIV issuers already append the CN with (A, E, S) for its specific use
from ficam-playbooks.
Some notes:
-
2: Unless the issuer asserts TLS Client EKU in signature cert.
-
3: Only one issuer (HHS) appends -A, -E, -S
from ficam-playbooks.
we also know that modifying the friendly name will not affect the experience for chrome users (assumedly 90% of the user base), and we have no known cert examples of user signature certs with SC auth or TLS client auth in the EKU currently.
from ficam-playbooks.
Closing issue per previous discussions and lack of impact.
from ficam-playbooks.
Related Issues (20)
- Fix April 6 Widepoint SSP notifications HOT 1
- 0425 FPKI Graph Update
- 0501 FPKI Graph Update HOT 2
- System Notification for CertiPath Bridge CA - G3 to Lockheed Martin Root CA 2
- System Notification for CertiPath Bridge CA - G3 to Lockheed Martin Root CA 6
- System Notification for CertiPath Bridge CA - G3 to Boeing PCA G3
- 0503 update monthly activity report
- System Notification for DigiCert Class 3 SSP Intermediate CA – G4 HOT 1
- System Notification for U.S. Department of Transportation Agency CA G6 HOT 1
- System Notification for U.S. Department of Transportation Device CA G6 HOT 1
- System Notification for Senate PIV-I CA G6
- 0508 FPKI Graph Update
- 0515 FPKI Graph Update
- System Notification for US Treasury Root CA -> DHS CA4
- System Notification for FBCAG4 to DoD Interoperability Root CA 2
- 0522 FPKI Graph Update
- Examples of PIV Agreement HOT 2
- 0606 FPKI Graph Update
- 0608-update monthly activity report
- New Playbook for Windows Hello (WHfb) HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from ficam-playbooks.