#1
  1. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2016
    Location
    Lakewood, WA
    Posts
    207
    Rep Power
    17

    Common Access Card (CAC)


    There are a number of commercial packages available for dealing with Common Access Card (CAC) interactions, it's a documented "open" standard. Does anyone here know of or used any Open Source PHP libraries for interacting with CAC cards?
  2. #2
  3. Banned (not really)
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 1999
    Location
    Caro, Michigan
    Posts
    14,803
    Rep Power
    4536
    Aren't most of the interactions on the client side? Not sure what PHP would do in this scenario.
    -- Cigars, whiskey and wild, wild women. --
  4. #3
  5. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2016
    Location
    Lakewood, WA
    Posts
    207
    Rep Power
    17
    The particular application may have a set of valid users. As well, the application may want to log identity info against changes / services used with the application, so for example beyond different levels of access, users attached to error log events and so forth. Using CAC to authenticate alleviates the need to maintain a user / password hash database, which I am loath to do.

    I use a number of web-based CAC enabled applications that acquire user identity from the log-in. There *IS* client side apps required for the CAC reader, but at some point, it sends data to the server-based application.
    Last edited by Arty Zifferelli; May 5th, 2017 at 09:43 PM.
  6. #4
  7. Banned (not really)
    Devshed Supreme Being (6500+ posts)

    Join Date
    Dec 1999
    Location
    Caro, Michigan
    Posts
    14,803
    Rep Power
    4536
    True, it has to send a valid token or something, eventually.
    -- Cigars, whiskey and wild, wild women. --
  8. #5
  9. Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2016
    Location
    Lakewood, WA
    Posts
    207
    Rep Power
    17
    I also prefer to NOT involve the Com Guys until I'm ready to push a new version, they are not particularly happy with more or less being directed to spin up specific operating systems and set them up with my specifications as it is. Fact is, they chaff at having to allow me the access I have, but when the O6 says "provision this guy with what he wants", they have little choice but to be unhappy about it... I'd get more respect if I were an offshore contractor, but the software would be ****, especially since it helps to actually know what it does and what it's used for...
    Last edited by Arty Zifferelli; May 6th, 2017 at 12:23 AM.

IMN logo majestic logo threadwatch logo seochat tools logo