The _Simple Certificate Enrollment Protocol_ (SCEP, rhymes with “step”) is an X.509 certificate enrollment protocol that uses PKCS#7 and PKCS#10 over HTTP. * http://en.wikipedia.org/wiki/Simple_Certificate_Enrollment_Protocol * http://www.cisco.com/warp/public/cc/pd/sqsw/tech/scep_wp.htm * http://www.ietf.org/id/draft-nourse-scep-22.txt Apple uses SCEP for "over the air" certificate enrollment on the iPhone: * http://images.apple.com/iphone/business/docs/iPhone_MDM.pdf * http://images.apple.com/iphone/business/docs/iPhone_OTA_Enrollment_Configuration.pdf * http://manuals.info.apple.com/en_US/Enterprise_Deployment_Guide.pdf For more information about SCEP and the iPhone, perform this google search: {pre}Simple Certificate Enrollment Protocol iphone site:apple.com{pre} On the iPhone, the SCEP protocol is bootstrapped by typing a username/password into a Safari browser window (which immediately suggests that federated access may be possible). An interesting application of SCEP: * http://www.egeniq.com/2010/10/14/mobile-phones-for-two-factor-and-step-up-authentication/ |