Title: GATEKEEPER
1GATEKEEPER
- CACR
- Connecticut 09 November 1999
2Overview
- Origins
- GPKA
- Evaluation - process
- Accreditation - an evolution
- Critique
- Look to the future
- Conclusion and Summary
3Origins
- Commenced in 1997
- Three core initiatives
- AGEGEC The Law
- NOIE A National approach
- OGIT Commonwealth Government
- Target May 1998
- Gatekeeper launched May 07, 1998
- Minister for Finance Administration
- GPKA Established
- Secretariat Established
- Policy to process
4GPKA
- Government Public Key Authority
- Established May 1998
- Core responsibilities
- Manage the GPKI
- Promote take - up within the Commonwealth
- Recommend accreditation of TTPs
- Establish and manage the accreditation process
- Set standards for government operation
- accredit Identity standards and processes
5GPKA - Within a PKAF
PARRA
International RCA
Multi-national RCA
GPKA
Government Run ICA
Government Accredited Commercial ICA
Non Government Accredited ICA
Government Run OCAs
Government Accredited Commercial OCA
Government Run OCA
Non Government Run OCA
Non Government Accredited OCAs
Government Run ORAs
Government Accredited Commercial ORAs
Government Run ORA
Non Government Run ORA
Non Government Accredited ORAs
Users
Users
Users
Users
Users
6GPKA - Membership
Government
Industry
DSD
AIIA
OGO (Chair)
H.I.C.
NOIE
AEEMA
ATO
?
PRIVACY
Core (Voting) Members
?
Special interest groups
Advisory (non voting) members
7Evaluation - process
1
2
A
Submit Technical Elements to AISEP for Evaluation
Submit Security Policy Practice Statements For
evaluation
Submit Procedures For Evaluation
3
B
Receive DSD Certificate of Accreditation
Receive Certificate of Evaluation
4
Sign Head Agreement with OGO
5
C
Submit Procedures For Evaluation
Submit Agreements Certificates to GPKA
6
D
Submit Procedures For Evaluation
Receive Entry Level GPKI Accreditation
8Identity certificates
- Based on two criteria
- Proof Of Identity
- Value proposition
- Proof Of Identity (POI)
- Points based
- Derived from tax and social security fraud
experience - Value Proposition
- Primary basis is financial commitment
- No financial value
- 10,000 aggregating to 100,000
- 100,000 aggregating to 1,000,000
9Accreditation - an evolution
- GPKA - Government
- State
- Territory
- NEAC - National
- Advisory board
- All authentication
- JAZANZ - Commercial
- PKI only
- Standards based
RCA
ICA
OCA
JAZANZ/CFA
ORA
EE
10GPKA - Process
OGO
GPKA
CASP
Secretariat
Evaluators
11Issues
- Identity certificates accredited to date
- Awaiting outcome of Primary attribute Identity
certificates - SSL certificates not supported (but used)
- Working groups have been established
- Outstanding issues
- Attribute certificates
- Functional certificates
- Financial certificates
- Registration Authority accreditation
- others
12Look to the future
- Widespread future use across government
- 3 Million certificates in operation probable by
end 2000 - Movement to mission critical status
- Drive towards independent trust proofs
- The road to recognition
- Technical interoperability
- Mutual recognition
- Cross Certification
13Conclusion and summary
- Australia is at the forefront of PKI technology
implementation - Many issues as yet unresolved
- First accreditation achieved in 1999 (Baltimore)
- First such process at a national level
- State governments and New Zealand moving to adopt
as standard approach - More expert resources required at the GPKA
- Significantly influenced by industry and special
interest groups
14A word to the wise
- Never, ever, get yourself into a situation where
you go from policy writing to policy
implementation