GATEKEEPER

1
GATEKEEPER

• CACR
• Connecticut 09 November 1999

2
Overview

• Origins
• GPKA
• Evaluation - process
• Accreditation - an evolution
• Critique
• Look to the future
• Conclusion and Summary

3
Origins

• Commenced in 1997
• Three core initiatives
• AGEGEC The Law
• NOIE A National approach
• OGIT Commonwealth Government
• Target May 1998
• Gatekeeper launched May 07, 1998
• Minister for Finance Administration
• GPKA Established
• Secretariat Established
• Policy to process

4
GPKA

• Government Public Key Authority
• Established May 1998
• Core responsibilities
• Manage the GPKI
• Promote take - up within the Commonwealth
• Recommend accreditation of TTPs
• Establish and manage the accreditation process
• Set standards for government operation
• accredit Identity standards and processes

5
GPKA - Within a PKAF
PARRA
International RCA
Multi-national RCA
GPKA
Government Run ICA
Government Accredited Commercial ICA
Non Government Accredited ICA
Government Run OCAs
Government Accredited Commercial OCA
Government Run OCA
Non Government Run OCA
Non Government Accredited OCAs
Government Run ORAs
Government Accredited Commercial ORAs
Government Run ORA
Non Government Run ORA
Non Government Accredited ORAs
Users
Users
Users
Users
Users
6
GPKA - Membership
Government
Industry
DSD
AIIA
OGO (Chair)
H.I.C.
NOIE
AEEMA
ATO
?
PRIVACY
Core (Voting) Members
?
Special interest groups
Advisory (non voting) members
7
Evaluation - process
1
2
A
Submit Technical Elements to AISEP for Evaluation
Submit Security Policy Practice Statements For
evaluation
Submit Procedures For Evaluation
3
B
Receive DSD Certificate of Accreditation
Receive Certificate of Evaluation
4
Sign Head Agreement with OGO
5
C
Submit Procedures For Evaluation
Submit Agreements Certificates to GPKA
6
D
Submit Procedures For Evaluation
Receive Entry Level GPKI Accreditation
8
Identity certificates

• Based on two criteria
• Proof Of Identity
• Value proposition
• Proof Of Identity (POI)
• Points based
• Derived from tax and social security fraud
  experience
• Value Proposition
• Primary basis is financial commitment
• No financial value
• 10,000 aggregating to 100,000
• 100,000 aggregating to 1,000,000

9
Accreditation - an evolution

• GPKA - Government
• State
• Territory
• NEAC - National
• Advisory board
• All authentication
• JAZANZ - Commercial
• PKI only
• Standards based

RCA
ICA
OCA
JAZANZ/CFA
ORA
EE
10
GPKA - Process
OGO
GPKA
CASP
Secretariat
Evaluators
11
Issues

• Identity certificates accredited to date
• Awaiting outcome of Primary attribute Identity
  certificates
• SSL certificates not supported (but used)
• Working groups have been established
• Outstanding issues
• Attribute certificates
• Functional certificates
• Financial certificates
• Registration Authority accreditation
• others

12
Look to the future

• Widespread future use across government
• 3 Million certificates in operation probable by
  end 2000
• Movement to mission critical status
• Drive towards independent trust proofs
• The road to recognition
• Technical interoperability
• Mutual recognition
• Cross Certification

13
Conclusion and summary

• Australia is at the forefront of PKI technology
  implementation
• Many issues as yet unresolved
• First accreditation achieved in 1999 (Baltimore)
• First such process at a national level
• State governments and New Zealand moving to adopt
  as standard approach
• More expert resources required at the GPKA
• Significantly influenced by industry and special
  interest groups

14
A word to the wise

• Never, ever, get yourself into a situation where
  you go from policy writing to policy
  implementation