Post on 11-Feb-2022
transcript
Mastertitelformat bearbeiten Australia Centerlink (CSIC) Project
Marco Smeja, cv cryptovision
CTST 2009
PAGE 2
Centrelink
Australian Government Statutory Agency
assisting people to become self-sufficient and supporting those in need
reports to the ministery for Human Services
Founded in 1997
29,000 employees
Who is Centrelink?
PAGE 3
Marco Smeja, cv cryptovision
director at cv cryptovision
focus on Identity Management and PKI
former Novell employee
involved in the Centrelink CSIC project
cv cryptovision: German company specialised on crypto, Smartcards and PKI
Who am I?
PAGE 4
1. The challenge
2. The solution
3. Lessons learned
Agenda
PAGE 5
Centrelink IT infrastructure
Centrelink …
operates one of the largest transaction databases in Australia
uses Novell eDirectory & IDM as primary directory and identity management solution
has 29,000 users
operates 42,000 workstations
has high security requirements
Centrelink IT
PAGE 6
Centrelink Staff Identification Card (CSIC)
29,000 employees need physical access
29,000 employees and 42,000 workstations need access to IT infrastructure
using passwords was not considered secure enough
Centrelink decided to set up a company card
Card Management System (CMS) was provided by ActivIdentity
CSIC
The Centrelink Staff Identification Card (CSIC) was born
PAGE 7
CSIC applications
Applications
Smart-card-protected Windows login
Smart-card-protected PC login with Novell Client
Smart-card-protected VPN login
CSIC
A PKI became necessary
PAGE 8
CSIC Project edirectory
user
user
PC
PC
VPN Server
eDirectory Tree
Meta-Directory
CSIC architecture without PKI and CMS
eDirectory Tree
PAGE 9
1. The challenge
2. The solution
3. Lessons learned
Agenda
Lotus Notes, LDAP
SAP HR,Peoplesoft
Siemens DirX,Microsoft ADS
IDMConnector
CA Engine
PKIntegrated Administration
IDMConnector
LDAPAdmin. Console
PKI Applications
OCSP, SCEP
Directory orDatabase
cv act PKIntegrated
PAGE 10
PKIneeds qualified
user data
IDMprovisions user data and
improves its quality
PKIntegratedobtains user data and commands
within IDM processes
How cv act PKIntegrated profits from IDM
PAGE 11
PKIneeds administration, registration and
workflow capabilities
IDMoffers administration, registration
and workflow capabilities
PKIntegrateduses state of the art IDM technologies
How cv act PKIntegrated profits from IDM
PAGE 12
PKIneeds an administration and
user interface
IDM typically features sophisticated
administration and user interfaces
PKIntegratedextends existing interfaces
with SnapIns
How cv act PKIntegrated profits from IDM
PAGE 13
PKIneeds a certificate repository
Directory or Databasecan be used as repository
PKIntegrateduses standard Directories or
Databases as certificate repositories
How cv act PKIntegrated profits from IDM
PAGE 14
PAGE 15
Integrated PKI solution
PAGE 16
user PCserver
Centrelink CA
Centrelink Root CA
Centrelink PKI hierarchy
PAGE 17
CSICProjecteDirectory
Card Management System
user
user
PC
PC
smart card
smart card
VPN Server
Meta-Directory
CA server
HSM
Root CA server
Centrelink PKI components
ActivIdentity CMS and cv act PKIntegrated are connected via the AI credential provider
eDirectory Tree
eDirectory Tree
PAGE 18
PAGE 19
PAGE 20
Certificate types
User certificate types:
Authentication certificates
Short-lived authentication certificates
Server certificates
CA certificate types:
CA certificate
CA self-signed certificate
Root CA (self-signed) certificate
Certificates
PAGE 21
Certificates
Company ProfileSEITE 22 2009
PAGE 23
1. The challenge
2. The solution
3. Lessons learned
Agenda
PAGE 24
Conclusions
Budget for PKI is usually low Budget for PKI is usually low
PKI should be a feature of the identity management
Integrated PKI is ideal solutionIntegrated PKI is ideal solution
Centrelink is a typical example for a large-scale PKI projectCentrelink is a typical example for a large-scale PKI project
Mastertitelformat bearbeiten
More information is available on www.cryptovision.com
© cv cryptovision GmbH 2009