1 / 14

An update on Commonwealth Authentication

An update on Commonwealth Authentication. Canberra, Australia. Garry Compton Manager Government Authentication ANTA Workshop 05/08/03. NOIE's role and the Authentication Working Group.

terra
Télécharger la présentation

An update on Commonwealth Authentication

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. An update on Commonwealth Authentication Canberra, Australia Garry Compton Manager Government Authentication ANTA Workshop 05/08/03

  2. NOIE's role and the Authentication Working Group • NOIE provides secretariat services to the Authentication Working Group (AWG) that is currently undergoing a project to develop a framework for whole of government online authentication. • This initiative is to create a trusted online environment and to support the delivery of commonwealth services to individuals and businesses. • NOIE and the AWG support the Chief Information Officers Committee (CIOC) and Information Management Strategy Committee (IMSC) to achieve these goals.

  3. The Information Management Strategy Committee, Chief Information Officers Committee and Working Groups • IMSC created to provided shared leadership advice on multi-agency and whole of government information management strategies. • Members of the IMSC are at the Secretary or CEO level and are drawn from agencies that have key central roles in delivering services online. • CIOC was created to support the IMSC. • The CIOC has established a number of working groups, including the AWG.

  4. Authentication - what is it? • To authenticate an assertion - to confirm / establish a degree of confidence that the assertion is valid or genuine. • It is important to differentiate between when it is necessary to authenticate an assertion about identity and when it is adequate to authenticate assertions about data, an attribute or a value. • Attribute authentication involves proving that a person has a certain attribute or qualification. • Value authentication is based on whether a certain amount of money is available. • It is important to only require the authentication of identity when this is necessary to the transaction.

  5. Identity Fraud • A whole-of-government study to be undertaken to enhance the identification and verification processes for government agencies and to identify other measures to combat identity fraud. • Fraud estimated to cost $4 billion per year. • The use of false or stolen identities provides a means of committing terrorist acts, fraud on government programs, people-smuggling and illegal immigration, and threats to electronic commerce. • One of the aims of the study will be to test the feasibility of an on-line identity verification service to be available to Commonwealth, State and Territory agencies.

  6. NOIE Policy Objectives • Three major policy objectives essential to providing a whole of government approach to online authentication are: • consistency of user experience; • matching authentication options to transaction types and • a fit for purpose approach to the application of technological solutions. • A whole of government approach to authentication is necessary • Individuals undertake very different authentication processes with different agencies in order to access government services. • If standardisation occurred, it would be easier for citizens and businesses to access government services and people would be more inclined deal with government in an online environment.

  7. A Business Case • For online authentication to be a success it is important that legislation and government policy is based on a sound business case rather than being purely driven by technology. • More important than the technological ability to perform authentication online is the ability to provide a service that benefits both government and business. • Businesses are provided with little to no incentive to interact with government online if it is a costly and time-consuming process.

  8. The Role of PKI • It is important to match authentication options to transaction types. • There is a role for PKI and high assurance applications. ABN-DSCs will provide a medium for high assurance business to government and business to business transactions to take place. • HIC and HESA have developed a sector wide digital certificate that is currently in use to protect this type of information and authenticate practitioners and practices. • This type of fit-for-purpose approach ensures you have a trustworthy and functional whole-of-government authentication system.

  9. The Galexia Consultancy • Two consultancies have been commissioned by the Authentication Working Group to help them develop a business case for authentication and to create a trusted online environment. • Galexia consulting produced the first report regarding the use and implementation of Australian Business Number Digital Signature Certificates (ABN-DSCs). • The report found that further methods to promote the use of ABN-DSCs would be required, especially given the absence of PKI applications available in the market. • Continuing concerns about the integration of digital certificates into business processes, legal liability and other risks associated with their use.

  10. The Convergence e-Business Solutions Consultancy • Convergence report • second report commissioned by the AWG • aims to produce a framework for whole of government authentication in Australia. • The report details the issues around the authentication of assertions relevant to government. • Some of the major issues include selecting the most appropriate authentication technique eg: PKI • Privacy can be a major stumbling block for whole of government authentication because there is often a trade off between levels of identity authentication and privacy concerns.

  11. Privacy • Preventing the invasion of personal privacy is an important part of any authentication solution. • Privacy legislation requires government agencies to only collect and hold personal information that is necessary. • The e-authentication initiative requires a Privacy Impact Assessment (PIA) be conducted to evaluate the potential impact on personal privacy. • The IMSC and CIOC are committed to addressing privacy issues. • NOIE understands the importance of addressing privacy issues in the initial stages of project development.

  12. Thank You Garry Compton, Manager, Government Authentication NOIE garry.compton@noie.gov.au

  13. WWW.NOIE.GOV.AU

More Related