Skip to Content

You are in the AGIMO archive | Archive Home Page | Return to the AGIMO website | Contact Us

AGIMO archive > Publications (NOIE) > 1998 > March > Strategies for a Peak Body

The Australian Government Information Management Office Archive

The content on this page and other AGIMO archive pages is provided to assist research and may contain references to activities or policies that have no current application. See the full archive disclaimer.

Report of the National Public Key
Infrastructure Working Party

Strategies for a Peak Body for an
Australian National Electronic Authentication Framework
 
Complete Report
March 1998

Table of Contents

Executive Summary

Introduction
Background
Objectives of this Study
Context
Process
Conclusions
Recommendations

Peak Body
APAA Roles and Functions
AAPA Operational Model
APAA Resourcing
APAA Structure and Form

1. Introduction

2. Terms of Reference of Working Group

3. Background

3.1. Identification and User Authentication
3.2. Electronic Authentication
3.3. Electronic Signatures
3.4. Digital Signatures
3.5. Public Key Cryptography
3.6. Certification Authorities
3.7. Public Key Infrastructure
3.8. Roles and Functions of a Peak Body (PARRA) as Proposed in the PKAF Strategy Report
3.9. Related PKAF Activity

4. International Activity and Legal Models

4.1. Current Status Relating to PKI Laws and Frameworks
4.2. Open and Closed PKI Models
4.3. Legislative models
4.4. Approaches to the 'Peak Body'

5. Case for a National Framework and Peak Body

5.1. Three Important Contextual Issues

5.1.1. Planning Horizon
5.1.2. The Need to Maximise Participation by CAs
5.1.3. The Role of Government Facilitation

5.2. To Promote Compatibility
5.3. To Present and Represent a Single National View
5.4. To Ensure Consumer Confidence
5.5. To Ensure Market Efficiency

5.5.1. To Provide Consumers with Information
5.5.2. To Promote a Contestable Market for CA Services
5.5.3. To Manage Systemic Risks

5.6. To Facilitate the Provision of Value-Added Services
5.7. To Support Legislation
5.8. To Promote Export of Trust-based Services
5.9. To Limit Liability

6. Roles and Functions

6.1. Options
6.2. Arguments
6.3. Recommendations

6.3.1. Peak Body
6.3.2. APAA Roles and Functions

7. APAA Operational Model

7.1. Operations
7.2. Recommendations

8. APAA Resourcing

8.1. Fully Funded Model - Maximal
8.2. (Almost) Virtual Organisation - Minimal
8.3. Estimates of Costs
8.4. Industry Base
8.5. Sources of Funds
8.6. Recommendations

9. APAA Structure and Form

9.1. Accountability
9.2. Representation
9.3. Trade Practices
9.4. Recommendations

10. Root Certification Authority

10.1. Introduction
10.2. Functions
10.3. Who should be a RCA
10.4. How to ensure broad support for a Government facilitated RCA
10.5. Recommendation (already stated in 6.3.1 above)

11. Summary of Recommendations

11.1. Peak Body
11.2. APAA Roles and Functions
11.3. AAPA Operational Model
11.4. APAA Resourcing
11.5. APAA Structure and Form

Appendix A: Abbreviations

Appendix B: Glossary

Appendix C: User Authentication and Cryptography

Authentication
User Authentication
Other forms of Authentication
Identification and User Authentication
Cryptographic Techniques for User Authentication

Challenge and Response Protocols
Digital Signatures

User Authentication and Locking with Smartcards

Appendix D: Public Key Cryptography

Cryptographic Security Services
Symmetric and Public Key Cryptography

Symmetric Cryptography
Public-key Cryptography

Cryptographic Algorithms
Digital Signatures
Key Certificates
Certification Authorities
Registration Authorities
Cross-certification
Certification Authority Hierarchies
Public Key Infrastructure

Appendix E: International Approaches to Legislation and Peak Body

Overview
Open' and 'closed' PKI models
Legislative models

Rule of equivalence
Framework of principles
Complete, prescriptive law

Characteristics of the legislation

Technology neutrality
Scope of the legislation
Definition of a signature
Licensing or registration of CAs
Issues relating to a peak authority
Issues related to liability apportionment

Model laws, guidelines and frameworks

American Bar Association Digital Signature Guidelines
NCCUSL Uniform Commercial Code Article 2B
NCCUSL Uniform Electronic Transactions Act
UNCITRAL Model Law on Electronic Commerce 1996
UNCITRAL Uniform Rules on Digital Signatures and Certification Authorities
ICC GUIDEC
European Commission

Enacted or proposed legislation and regulations

United States of America

Federal
States

Denmark
Germany
Italy
United Kingdom
Japan
Malaysia
Singapore
South Korea

Functions and structure of the peak body
References

Appendix F: Non-legislative PKI initiatives

Government

United States of America
Canada
Australia
European Commission

ICE-TEL
IETF/IAB
Private enterprise CAs
References

APPENDIX H - Bibliography and Additional Reference Material

General PKI related material

Lists of links
Papers

PKI Projects and Studies
PKI related standards (and standards under development)
Legislation

Summaries
Legislation (enacted and proposed) and related material

Argentina
Germany
Italy
Japan
Malaysia
Singapore
United Kingdom
United States of America

Model Legislation

ABA
FDA
ICC
NCCUSL
UNCITRAL

APPENDIX I - Methodology

Process

APPENDIX J - Consultation

List of Interviewees
Consultation Briefing Document
NPKI -Interview Questions

PDF Download PDF version (1.2mb)

RTF Download RTF version (700kb)

Legal Notices


Warning: Unable to Write to log file /var/www/agimo/data/private/logs/error.log [SYS0051] in /var/www/agimo/core/include/locale_manager.inc on line 504

Warning: Unable to Write to log file /var/www/agimo/data/private/logs/error.log [SYS0051] in /var/www/agimo/core/include/locale_manager.inc on line 504