The ISC CAPI Bridge (ICB) allows an organization to easily manage X.509 user credentials and trust anchors for Firefox on Windows without installing them directly into Firefox. ICB is added to Firefox as an additional security device and translates the Firefox requests into Microsoft CryptoAPI (CAPI) or Microsoft Cryptography API: Next Generation (CNG) calls. ICB also creates the necessary trust objects to allow Firefox to automatically trust the same trust anchors as Windows.
ICB is most commonly used with Firefox, but can also be used by other applications that only support PKCS#11 devices including Mozilla Thunderbird and other applications that use Mozilla’s Network Security Services (NSS) API.
Leveraging ICB allows an organization to better control their users’ credentials. ICB allows the organization to limit credential duplication, credential export, and the security of the credentials. Instead of having the user’s credentials stored in multiple applications with multiple security mechanisms, the user’s credentials are kept only in the Windows Key Store with well known security properties and controls.