问题
I've been recently tasked with a similar task that this question describes. My task is to enable a web application to verify credentials via a CAC card.
My web application is running on an embedded Jetty server running in an OSGi container.
While the question is answered with good information, I noticed that one of the answers asks a good question back. The user that answered is @erikson and in a comment on his own answer he says "Are you using CACs issued by the US DOD? Is this application for a government agency? There are a lot of extra rules you'll need to follow if so."
In my case, the answer to those questions he posed is "Yes, my application is using CAC cards issued by the US DOD."
His comment was never replied to on the original question, so I'm posting this question here.
My question is where can I find good concise information about these extra requirements placed on applications by the US DOD and government agencies that @erikson mentions?
来源:https://stackoverflow.com/questions/41833825/authenticate-a-user-using-cac-common-access-card-in-a-web-application-running