1 / 6

oasis-open

www.oasis-open.org. PKI lessons from Australia Expectations for the New Secure Network Age panel discussion Asia PKI Forum Conference Tokyo 24 February 2005 Stephen Wilson (OASIS liaison to APKIF). Best practice PKI: example 1. Health eSignature Authority See www.hesa.com.au

rasha
Télécharger la présentation

oasis-open

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. www.oasis-open.org PKI lessons from AustraliaExpectations for the New Secure Network Age panel discussionAsia PKI Forum ConferenceTokyo 24 February 2005Stephen Wilson (OASIS liaison to APKIF)

  2. Best practice PKI: example 1 Health eSignature Authority See www.hesa.com.au • Owned by a government health IT agency • >7,000 certs issued to healthcare professionals • USB dongles & smartcards • Initial applications focus on doctors’ reports & forms to government (i.e. B2G) • Next applications will be in medical records and doctor-to-doctor messaging (i.e. B2B)

  3. Best practice PKI: example 2 Australian Tax Office See www.ato.gov.au • One of the biggest PKIs in the world • 100,000 certificates for business tax reporting (GST) • Several 100,000 certificates for personal tax returns • Led to “Australian Business Number Certificate” (ABN-DSC) for multi-agency B2G (and B2B) • Identrus cross-recognised by Gatekeeper

  4. Current understanding of PKI • Fundamental aim is to automate paperless transactions • “Known Customer” certificates represent an existing business relationship with issuer; e.g. • Doctors, lawyers, accountants, other professionals • Licence holders (stock brokers, customs brokers, taxi drivers …) • Credit card holders • One party recognises the affiliation of the other party • Existing transaction context, terms & conditions, liability arrangements all carry over to PKI based transactions • PKI is specific to an application or class of applications

  5. A vision for embedded PKI • Secure networks … a main infrastructure of society • The right person should be able to get right services • Digital certificates embedded in applications • Trend from identity towards membership • i.e. e-Business Card, not e-passport

  6. www.oasis-open.org OASIS PKI Technical Committeewww.oasis-open.org/committees/pkiStephen Wilson OASIS PKI TC Liaison to the APKIFBoard Member, Australian IT Security Forum swilson@lockstep.com.auPh +61 414 488851

More Related