[LINK] government agencies' use of digital certificates
Roger.Clarke at xamax.com.au
Wed Sep 6 12:50:58 EST 2006
At 9:50 +0800 6/9/06, brd at iimetro.com.au wrote:
>Does anyone know, without doing a whole lot of research, which/how many
>Australian government agencies enforce digital certificates for communication
>with all external parties?
Taken literally, an agency would most likely be in breach of the AGAF
if they enforced dig sigs in respect of all communications, or all
It's a requirement that identity authentication be undertaken only to
the extent that it is justified by the risks being managed, and only
with the level of inconvenience, cost and intrusiveness imposition on
the other party that is commensurate with those risks.
For various reasons, dig sig penetration has been signally unsuccessful.
That said, there are a couple of operational applications, in
particular the ATO for BAS and similar - a requirement that is
imposed on medium and large corporations.
I'm not sure whether any of the attempts in the health care sector
have ever borne fruit.
[Caveat: I've been both a consultant and an advocate in this area
for a long time, and my views on the matter might be seen to taint my
Roger Clarke http://www.anu.edu.au/people/Roger.Clarke/
Xamax Consultancy Pty Ltd 78 Sidaway St, Chapman ACT 2611 AUSTRALIA
Tel: +61 2 6288 1472, and 6288 6916
mailto:Roger.Clarke at xamax.com.au http://www.xamax.com.au/
Visiting Professor in Info Science & Eng Australian National University
Visiting Professor in the eCommerce Program University of Hong Kong
Visiting Professor in the Cyberspace Law & Policy Centre Uni of NSW
More information about the Link