130 likes | 295 Views
PKI in Australia. PKI Forum Sydney 2000 Members Meeting. Stephen Wilson Chair -- Certification Forum of Australia Director -- PricewaterhouseCoopers beTRUSTed. PKI in Australia. Evolution of PKI in Australia What’s hot in PKI? The PKI market Certification Forum of Australia
E N D
PKI in Australia PKI Forum Sydney 2000 Members Meeting Stephen Wilson Chair -- Certification Forum of Australia Director -- PricewaterhouseCoopers beTRUSTed
PKI in Australia • Evolution of PKI in Australia • What’s hot in PKI? • The PKI market • Certification Forum of Australia • Towards a national PKI
PKAF Report AS4539 PKAF Gatekeeper 2 Gatekeeper Report First CAs A-G’s Expert Group ETA States Non Govt PKI Model Unified model “Light touch” PKI policy Research Projects Evolution of PKI in Australia Standards Australia Project Gatekeeper Law reform Certification Forum NEAC 1997 1998 1999 2000 2001 1996
What’s hot in PKI? • Internet transaction value -- and risk -- on the rise • Applications: corporate banking, health, govt services • Non-value transactions • corporate & taxation reporting • online healthcare • superannuation, conveyancing • Communities of Interest; certificate policy customisation • Mutual recognition rather than cross certification
Characterising the Australian PKI environment • Light touch politics & regulatory settings (UNCITRAL) • Strong Internet & e-commerce uptake • Strong history of e-security technology companies • Government a vigorous PKI user and regulator (Gatekeeper) • Increasing latent demand for authentication • But historically difficult to crystalise PKI business case
PKI market highlights in Australia • Australian Tax Office certificates for GST returns • 300,000 certs issued; 20-40,000 used • leading to general purpose govt endorsed Australian Business Certificate (see www.noie.gov.au/projects/govt/ABNDSC.htm) • Finance sector experience • National Australia Bank retail Internet banking • Australian Stock Exchange block trading system • Identrus (three of the four majors joined up)
PKI market highlights in Australia (cont.) • Government services delivery • Australia Securities & Investment Commission (live) • Electronic Conveyancing Victoria (planned) • HealthConnect national health network • PKI central to practitioner & patient identifiers • see www.health.gov.au
The Certification Forum of Australia • Pre-eminent authentication sector industry group • lobbying & position papers • awareness & education • Code of Practice & control model • represent PKI on the NEAC • 40+ members • PKI services and vendors • users & user groups • governments • lawyers, auditors, insurers
Accreditation Body Accreditation Body Accreditation Body ISO/IEC Guides ISO/IEC Guides ISO/IEC Guides Auditor Auditor AS/NZS 4444 e.g. AS 4539 Supplier CA Security System CP CPS Goods or Services Alice CA 1010111001 The CFA model: audit-based PKI
Advantages of audit-based PKI • Light touch; no legislation needed • Industry-based yet highly trusted • Utilises existing bodies & processes • Transparent liability for all types of CA • Demystifies the role of Root CA • Supports fitness for purpose
Independent NEAC review [We] can expect that it will soon become normal practice for every electronic business system … to undergo regular audits of compliance with legal and regulatory requirements ... there will be considerable demand for an accreditation framework for electronic authentication products and services, driven by the need for businesses to assure their information systems and processes in the emerging climate of electronic business there is already a general framework for certifying appropriate auditors and development of appropriate audit standards • NEAC now proposing a joint Gatekeeper-CFA national model
Bank 1 Australian PKI Accreditation Body Bank 2 Auditor A Auditor B Bank 3 Identrus PKI as communities of interest Doctors Nurses Health sector Auditor ATO ABN-DSC CA Gatekeeper Auditor
Discussion www.aeema.asn.au (look for CFA under “Groups”) www.noie.gov.au/neac www.gpka.gov.au www.health.gov.au/healthonline/ehr_rep.htm www.apii.or.kr/apec/atwg/preatg.html