Apple Deprecates CDSA & Smart Card Support in Lion

Apple has elected to deprecate the Common Data Security Architecture (CDSA) in OS X Lion. By extension, this means that current Smart Card services, used by the U.S. Government and others, will also be deprecated and some necessary components will, thereby, not ship in OS X 10.7. However, customers will still be able to use Smart Card services in OS X Lion, and they’ll still have 3rd party options.

In a note to the Fed-Talk mailing list*, Apple Security Consulting Engineer Shawn Geddis explained: “With the release of OS X Lion, Smart Card Services are deprecated and will not ship as a customer functioning service. That does not mean that customers will be unable to continue to use their Smart Cards with OS X Lion. It does mean that all of the necessary components will not come pre-shipped in OS X Lion along with related support.” Briefly, the required Tokend modules will not ship with Lion along with the Authorization Mechanism.

The deprecation of CDSA was discussed at WWDC in June during Session 212, “Next Generation Cryptography.”

Mr. Geddis went on to say, “Apple’s need to deprecate what was there and focus on innovative approaches to solving the digital identity challenges on both OS X and iOS moving forward does not preclude customers from using Smart Cards on OS X 10.6 and even on 10.7. Any developer/user is expected to be able to continue to use their Smart Cards on OS X 10.6 & 10.7 as long as they have a supported Tokend for the Smart Card profile installed. This would require a non-Apple provided Installer.”

A reader familiar with the matter told TMO that equivalent solutions are available from Thursby and Centrify. As a result, customers can continue to use this technology in Lion.

Apple does these kinds of things from time to time in order to move its technology and infrastructure forward. Once Apple elected to deprecate CDSA, it would seem that continued, detailed support for the Smart Card infrastructure no longer makes sense. Government customers have several possible, viable options, and while a few might be tempted to surmise that Apple is forsaking the enterprise and government customers, Mr. Geddis’ explanations make it clear that this is not the case.

A final note: In January, 2009, Apple officially moved the already open sourced components to an organized open source project at MacOSForge.org.

______

* July 20, V8, issue 159