[LINK] government agencies' use of digital certificates
Tom.Worthington at tomw.net.au
Mon Sep 11 09:10:52 EST 2006
At 12:50 PM 9/6/2006, Roger Clarke wrote:
>At 9:50 +0800 6/9/06, brd at iimetro.com.au wrote:
>>... which/how many Australian government agencies enforce digital
>>certificates for communication
>>with all external parties?
>Taken literally, an agency would most likely be in breach of the
>AGAF if they enforced dig sigs in respect of all communications ...
Yes. Have a look at my quick summary of the various bits of the
Australian Government e-Authentication Framework
>For various reasons, dig sig penetration has been signally unsuccessful.
Digital certificates are fiddly to use. At one I had about half a
dozen digital certificates, none of which worked.
>That said, there are a couple of operational applications, in
>particular the ATO for BAS and similar - a requirement that is
>imposed on medium and large corporations. ...
I never got my ATO BAS certificate to work. Then I couldn't cancel
the certificate, as I had to use it to identify myself to ATO's
outsourced support center in order to have it cancelled.
ps: At the talk I went to in a bunker last week, AGIMO mentioned
using a single sign-on via Australia.gov.au
. Identification from one agency or a private company (such as a
bank), might be used for doing government business. That sounds more
workable. The public wouldn't actually be using email, just typing
into a web page on the secure site.
There are obviously lots of issues with this approach, particularly
if they used the Microsoft security management technology.
See also: "Australia Post decides to cease KeyPOST" in the Link
Tom Worthington FACS HLM tom.worthington at tomw.net.au Ph: 0419 496150
Director, Tomw Communications Pty Ltd ABN: 17 088 714 309
PO Box 13, Belconnen ACT 2617 http://www.tomw.net.au/
Director, ACS Communications Tech Board http://www.acs.org.au/ctb/
Visiting Fellow, ANU Blog: http://www.tomw.net.au/blog/atom.xml
More information about the Link