The New Zealand government has learned lessons from Australia’s federal government’s experience with digital certificates.
It is likely to require less “academic” criteria for approving certification authorities (CAs) to issue digital certificates to government departments under a public key infrastructure (PKI). So says Ron Segal of Baycorp ID Services, which is setting up the next stage of the government’s See (secure electronic environment) project.
The core idea of PKI is to have a trusted third party issuing digital certificates to authenticate users and performing other security services.
The Australians began by requiring stringent qualifications for CAs. Now, Segal says, they are appreciating the difficulty and additional cost this creates and “backing off” from some of the over-stringent requirements. Our government is likely to start at a more appropriate level of detail and cost, he predicts, though he acknowledges that policy formation in this area is still going on.
But Brendan Kelly of the government’s e-government unit says he cannot conclusively say there will be a less stringent set of criteria, without having the documents outlining Australian practice and New Zealand proposals in front of him and comparing them clause by clause. However, government, as evidenced by policy documents, is inclined to relax, for example, the requirement that the CA should be based in the home country.
“Due to Australia’s proximity, the Australia New Zealand Closer Economic Relations Trade Agreement (CER), and Australia’s existing investment in PKT, it seems appropriate to permit the use of Australian CAs,” say interim guidelines on the See project.
“While we may proceed along slightly different paths, we owe them [the Australian government] a debt because they have done a lot of preparatory work we can pick up on,” says Kelly.
Baycorp ID (formerly 128i) is itself a CA and plans to be involved in identification services and issuing certificates in the long term for See. But there will be several CAs or certificate issuers (which contract another party to provide it with identification services) for government agencies and private companies wishing to work with government.
This will ensure supplier choice for customers — preserving chief executive accountability in government circles.
Baycorp ID and not Pricewaterhouse-Coopers is leading the PKI infrastructure for See, as stated in our interview with PwC’s Stephen Wilson (Government should lead by example on security).