Australian Government Information Management Office. AGAF guide to authorisation and access management

Size: px
Start display at page:

Download "Australian Government Information Management Office. AGAF guide to authorisation and access management"

Transcription

1 1 Australian Government Information Management Office AGAF guide to authorisation and access management

2 Contents 1 Summary... 4 Implementing layered permissions enforcement... 4 Addressing varying user access modes... 4 Providing links between e-authentication and permissions management... 5 Enabling acceptance of third-party credentials... 5 Determining user identifiers... 6 Assigning and enforcing roles of business representatives... 6 Using a permissions management architecture Introduction... 7 Background... 7 Identity management... 7 Purpose and structure of this guide Key constructs... 9 Identity management... 9 Permissions management Registration and enrolment Registration Enrolment Deregistration Positioning e-authentication and authorisation controls Implementing layers and granularity of controls Using role-based authorisation or access control Using business application or fine-grained controls Designing e-authentication or authorisation architectures Re-engineering legacy applications Management, audit and controls Business architecture considerations Business needs Businesses acting for themselves Businesses acting on behalf of others Access model scenarios Changing access environments Access types Implementation approach Choosing identifiers and credentials Technology architecture Overview... 26

3 Registration and credential issuing services Enrolment and business delegation services E-authentication services Permissions enforcement services Audit services Shared service implementation options Credential management Audit services Credential validation services E-authentication services Enrolment and mapping services Authorisation services Applicable standards Use of standards is more important for security protocols Relevant standards bodies Useful standards for access control Applicability Security purpose or external technology matrix Summary of infrastructure standards or protocols... 39

4 1 Summary This guide provides a framework to enable agencies to examine and address the authorisation and access management requirements associated with the deployment of online services to Australian businesses. The guide examines these matters within the broader context of identity management. Identity management represents the policies, processes, systems and technologies required to address the operational risks, systems usability and technology management issues associated with the provision of internal and external user access (across networks) to systems at an enterprise level. It encompasses electronic authentication (e-authentication), authorisation and access, and audit. The style of the guide is essentially discursive rather than prescriptive. This is seen as appropriate, given the current lack of maturity and received wisdom in the area of identity management and the diversity of environments and requirements of agencies in this area. The key constructs and guiding principles of the guide are summarised below. Implementing layered permissions enforcement Controlling what system resources users access and what they are authorised to do thereafter can be implemented at three levels within a systems architecture: e-authentication layer authorisation (permissions management) layer, and business application layer. Increasingly, controls or rules are being abstracted from the business application layer and repositioned in the other two layers. The underpinning logic for this is that once rules are implemented within a business application, they are not easily audited or reviewed by an external agent. Similarly, revoking user access permissions is more difficult when rules proliferate across multiple discrete business applications. Selecting the appropriate level within which specific checks or controls should be implemented depends on: how easily business rules can be implemented and maintained within an abstracted (authorisation) layer as opposed to within business applications the extent to which there is the requirement or demand to handle authorisation for the same user groups across multiple application systems, and how important it is for an agency to have a single view of a user s privileges across an application suite or across all agency systems, for example for the purposes of effectively de-provisioning the user when they change job roles or leave the organisation or forfeit the rights to access systems for some other reason. Guiding principle: Maintain permissions where practicable within abstracted e-authentication and authorisation management layers. Addressing varying user access modes There is an emerging requirement for agencies to handle e-authentication, authorisation and access management across three modes or categories of user connections to agency sites: browser attended business applications, and

5 unattended business applications. This diversity directly affects how and where user e-authentication and authorisation is undertaken. Guiding principle: Recognise that it is likely that agency applications will be accessed via all these modes and develop identity management solutions that can accommodate the nuances of each mode non-disruptively. Providing links between e-authentication and permissions management A layered approach to identity management will encompass separating permissions management from e-authentication. Permissions management is, however, vitally interested in the assurance level associated with an authenticated identity see Volume 2 (Key Concepts) of the AGAF implementation guide for government for an explanation of assurance level. Permissions management must therefore be able to access the assurance level (associated with the e-authentication credential) and, moreover, request step-up e- authentication as required. This includes situations where permissions management is implemented within a business application. Guiding principle: The authorisation process must take account of explicit permissions assigned to identities and must enforce the e-authentication assurance level policies of the business applications. Enabling acceptance of third-party credentials Using suitable third-party credentials in lieu of issuing application-specific or agencyspecific credentials offers potential benefits to agencies through reduced costs of the credentials themselves, deployment, user support and ongoing credential management. In approaching use of third-party credentials, agencies should review, and where necessary re-affirm, identity information associated with a credential. This may include linking the credential to an agency s record of the user already held within a database and/or gathered during an enrolment phase. This late binding will create, in effect, the linking of the credential to the existing identifier used within the agency to distinguish a business from other businesses. Guiding principles: 1. Where practicable, recognise and use suitable credentials that have been issued by, and continue to be supported by, another agency or certified third-party credential provider. 2. Handle additional credential information requirements outside of the credentials themselves, for example, in directories or databases. 3. Embed an enrolment process as part of an agency s standard identity management life cycle to encompass late binding of externally issued credentials.

6 Determining user identifiers Where businesses have existing offline dealings with an agency, they will be known by an identifier, such as an Australian Business Number (ABN) or a business name. In developing online services, agencies need to determine appropriate online identifiers for these businesses, taking into account the differing needs of identity e-authentication compared with previous paper, voice or personal channels. Guiding principle: Choice of identifiers should be completed in concert with a credential type for e-authentication, but should not depend on choice of credential. Where no existing identifiers exist or where adoption of a new identifier is not invasive, agencies should adopt the ABN as the preferred business identifier. Assigning and enforcing roles of business representatives Businesses will have many different dealings with government and will often have different officers within the organisation authorised to dealing with particular transaction types and/or agencies. Agencies must implement processes and procedures that allow roles of business representatives to be assigned and enforced. Guiding principle: Permissions management systems should ensure that businesses have suitable mechanisms to manage the enrolment of business representatives with various authorities and, as a corollary, that agency application owners have suitable mechanisms to validate that authenticated representatives have the authority to act on behalf of the business. Using a permissions management architecture Agencies should seek to implement permissions management functionality within an architecture that will provide for consistency of implementation across application suites and across agencies. This will enable rationalisation of permissions management services which, over time, will bring operational, cost and integrity benefits to the applications. Government tenders should be incorporated the requirement for vendor solutions to support the appropriate standards that enable such architectures to work and interoperate; see section 6 Applicable standards. Guiding principle: As agencies develop, upgrade or replace existing online services and (some) business applications, they should give preference to applications and products that support existing and emerging standards thereby allowing the use of abstracted permissions management infrastructure.

7 2 Introduction Background The knowledge of who is requesting services and their authority to access these services has long been a fundamental element of the effective operation of internal government systems and in providing government services to external individuals and organisations. Historically, as business and online systems were developed, the issues of user identification and authority, and the associated risks of getting it wrong, were handled implicitly within each business system domain, and solutions were tailored to the specific constituency that used the services. The explosion in electronic service delivery globally sees government agencies and large private sector organisations facing a number of issues that are rapidly driving a change from this multi-siloed approach to one of managing a diverse user base in a coordinated and consistent manner across, the entire organisation. Initiatives such as the Australian Government e-authentication Framework (AGAF) seek to extend this coordination and consistency across agency boundaries. These issues have led government and businesses globally to the view that a more structured and organised enterprise-wide approach is required for managing and controlling the who, when, what, how and why of user access to networked enterprise resources. Identity management The emergence of so-called identity management as an enterprise-level function is a response to the changing requirements outlined above. Identity management represents the policies, processes, systems and technologies that address the operational risks, systems usability and technology management issues surrounding internal and external user access to systems at an enterprise level. It encompasses the complementary requirements of e-authentication, authorisation and access, and audit. These concepts and their interaction are dealt with in Section 3. The recognition of identity management as a separable set of functions is akin to the previous and now widely accepted practice of unbundling major functional elements such as communications and database management from within business applications and placing them into separately managed infrastructure. This enables organisations to standardise, optimise and potentially share the component policies, processes, technologies and systems across all their business application areas. This unbundling of access control matters results in a three-layer approach to identity management, as shown in Figure 2.1. Figure 2.1 Three-layer identity management model

8 Adopting this model enables organisations to shift from an applications-focused to a userfocused regime of managing identity e-authentication and authorisation. An applicationsfocused approach is a legacy of previous siloed development of systems and their access mechanisms. The AGAF represents the first step in defining an Australian Government identity management approach. It focuses on authenticating external user identities (and, prospectively, other assertions such as age and group membership). As such, it addresses the who and how of online access, but has so far left open the issue of dealing with the what, when and why of access to government services. Purpose and structure of this guide This guide focuses on providing a framework for addressing the what, when and why issues, generally termed authorisation and access management, in the context of the AGAF. The guide provides: the key constructs of an identity management approach required business and technology architectures, and applicable standards. While the guide focuses on managing access to authenticated identities, the same principles can be applied to managing access where e-authentication of other attributes or entitlements has been completed, such as the age or affiliation of the user. This guide should be read in conjunction with the AGAF implementation guide for government.

9 3 Key constructs This section is intended to be both explanatory and definitional. It examines the key constructs required for authorisation and access management and within which authorisation and access management is required to operate. The constructs covered are: identity management permissions management registration and enrolment deregistration positioning of e-authentication and authorisation controls within a three-layer, identity management architecture user access modes, and management, audit and controls. Identity management Authorisation and access management should be considered within the context of the identity management life cycle and identity management architectures. Identity management is a significant component of an overall risk-managed 1 approach to providing trusted and reliable online delivery of government services. The scope of identity management, presented in Figure 3.1, illustrates: the typical business processes that lead to the online enabling of users, incorporating registration, credential issuance and enrolment the subsequent transactional processes, incorporating identity e-authentication and permissions management, and the treatment of the disabling of users over time, including deregistration. This is also known colloquially as de-provisioning. Importantly, these processes should be undertaken within a robust and independent audit regime that achieves both: pre-emptive detection and prevention, and after-the-fact transaction analysis, and the detection and remediation of unauthorised activities. 1 The risk management approach is covered in detail in Part 3 of Volume 3 of the AGAF implementation guide for government.

10 Establish entitlements Identities Directory(ies) Permissions Store(s) Identity or Entitlement Checking Registration & Credential Issuing Enrolment Application (A) C Issue Identity & credential Credential C Transacting Authentication Access Authorisation Application (B) Application (C) Authentication Service Populate Issuer Directory Identities Directory(ies) Suspend identity; update roles Populate Issuer Credential store Credential Store(s) Revoke credential De-registration & De-provisioning Figure 3.1 Identity management life cycle Permissions management Throughout this guide, we use the industry-accepted term permissions management as a synonym for authorisation and access management. Permissions management forms the bridge between an authenticated identity and the portfolio of online business applications offered by various government agencies that the authenticated identity may be able to access. Permissions management enforces: the previously determined e-authentication level requirements of business applications 2, and various other access restrictions determined by business requirements. Implementation of permissions management depends on the context, which dictates: the nature of the transaction, and the complexity of the business rules surrounding the determination of access permissions. Contemporary systems typically have a dedicated permissions management layer within the architecture, and increasingly make this layer available as an infrastructure element to other applications (see Figure 2.1). This layer is intended to address the primary permissions management needs of an application system, with finer grained permissions typically implemented within the application or transaction. 2 The method of determining the assurance level requirements of applications and determining appropriate e-authentication mechanisms is dealt with in Parts 3 and 4 of Volume 3 of the AGAF implementation guide for government.

11 Registration and enrolment Registration Registration refers to the processes that culminate in providing an e-authentication credential 3 to a business or business user through which identity e-authentication can be effected. As described in the AGAF implementation guide for government, such e-authentication will have an associated e-authentication assurance level. This will be a function of the strength of both the registration process and of the e-authentication mechanism associated with the credential issued. This duality is represented in Figure 3.2. Authentication Assurance Level Matrix Strength of Registration of Entity, Identity, or Attribute Low (2) Low (2) Low (2) Moderate (3) Moderate (3) Low (2) High (4) Moderate (3) Moderate (3) High (4) High (4) Moderate (3) 1 Minimal (1) Low (2) Low (2) Low (2) 4 Strength of Authentication Mechanism Figure 3.2 AGAF assurance level table Registration can be completed by a government agency (for example, the Australian Taxation Office [ATO] or Centrelink) or, increasingly commonly, by third parties. Credentials issued by third parties can be used to authenticate users to a range of organisations. Verisign is an example of a non-government credential issuer. It issues Gatekeeper certificates and Australian Business Number Digital Signature Certificates (ABN DSCs). Registration typically incorporates some or all of the following elements: checking identity (or other) documentation in order to achieve a level of confidence in the identity of a business and its representative creating user entries in a directory or database, and/or issuing a credential to a business. Checking identity Checking identity (or other) documentation is intended to achieve a level of confidence in the identity of a business and its representative. This process might include, for example, face-to-face contact and sighting original documents such as company registration information, a passports or drivers licence. The extent of the checking will depend on the assurance level required to verify the claimed business identity. The Financial Transaction Reports Act 1988 provides guidelines on minimum identification methods for the financial sector, often referred to as 100-point checks. These and similar checks are used across a range of industries and are the subject of ongoing review and refinement to ensure continuing confidence in their use. 4 3 The credential and an associated e-authentication protocol make up the e-authentication mechanism see figure See Part 4 of Volume 3 of the AGAF implementation guide for government.

12 If the business does not already have a recognised and suitable identifier, the registration process will involve issuing such an identifier. It is expected that the primary online identifier for businesses will be the ABN, although there may be some instances where this is inappropriate. 5 Current Australian Government business registration practice usually sees an already authenticated business representative authorised and assigned to undertake elements of the registration process for other users within that business. Here the business representative is acting on behalf of the issuer of the credential, who usually prescribes strict operational procedures. The nature of this delegated registration will vary across credential types and issuers, and will be more onerous as the assurance level of the related credential increases. Creating user entries in a directory or database Creating user entries in a directory or database provides an electronic record of a business s identity and associated information, which can be used in subsequent maintenance of the directory. This electronic record should ideally also maintain references or indexes to information detailing the checks completed as part of registration, for example, evidence of identity checks. This directory will typically be maintained by the issuer of the credentials and may include private information provided as part of the registration process. In a business context, this is less likely than when dealing with individuals. Where a credential is to be used across government agencies or even more broadly, the extent of availability of this registration-related information to relying parties needs to be carefully considered. Issuing a credential The credential issued to a business will be used as the key element of subsequent e-authentication of the business. Details of the credential will be held in the directory. Credential mechanisms are intrinsically of different strengths and can include a password, a token of some kind (such as a smartcard) or a digital certificate. 6 The strength of the credential required will be determined by the assurance level requirements of the target business application or transaction. Issuing a credential involves issuing a credential plus any associated access codes to enable the credential to be used within an e-authentication and permissions management environment. Factors that need to be considered include: the methods of protecting shared secrets such as cryptographic keys, from the time of issuance until they are in the certain custody of the end-user the methods of activating the credential upon receipt by the user. This would typically be achieved through some sort of activation code entered into a device such as smartcard or token, a phone call to a help desk or Interactive Voice Response (IVR) centre, or a mailed confirmation, and the implementation and activation of any special software or hardware required by the credential. Examples of this include a smartcard reader and software and special application software. The ATO s Common-use Signing Interface (CSI) software is an example of the latter, although the ATO has decoupled the implementation of CSI from the credential issuance process. 7 5 For further coverage of identifiers see Choosing identifiers and credentials in Section 4 of this guide. 6 See Part 4 of Volume 3 of the AGAF implementation guide for government. 7 See the business portal area of

13 Enrolment Note: Difficulties in any of the above areas will result in potentially significant help desk imposts and loss of user confidence in the e-authentication regime. Once issued with a credential, a business will need to make arrangements with a government agency to assign permissions to the business to gain access to online services and transactions (such as making payments, lodging declarations, enquiring on status) using the credential. This activity is termed enrolment. Enrolment may proceed in one of two ways: 1) As a natural extension of the registration process described above. In this case, which is typical in a siloed application, the business will be issued with a credential and, based on elements of the registration process, will be given access permissions for various transactions offered by the agency. 8 The assurance level of the credential used in this context is well understood by the agency as it issued the credential and previously completed all elements of the registration and issuance processes. Whilst there is a logical separation of registration and enrolment within the business systems, to the business user, registration and enrolment steps would be seen as seamless processes and indistinguishable from one another. 2) As a discrete step performed at some time after the registration. This second method of enrolment is termed late binding. In this instance, an agency that already has an offline relationship with a business might elect to accept a credential issued to that business by another agency. The relying agency would make this decision as part of a broader consideration of its online deployment strategy and would need to consider: the number of third-party credentials issued by various issuers the extent of overlap of the credential holders (that is, businesses) with the particular agency application concerned, and any commercial issues (including liability, longevity, etc.) relating to acceptance of that credential type. In evaluating whether to accept credentials issued by others, the agency must first ensure that the e-authentication mechanism (incorporating the credential) is of a suitable assurance level for its needs. 9 Once this 'fitness-for-purpose has been determined, processes are required that link the information about a business s credential with the information the agency already has about the credential holder in its systems (for example, a user record in a database or directory). This might involve linking, say, a digital certificate to an account number, licence number or other internal application-based identifier that represents the relying agency s existing record of the business or business representative. This linking would be achieved by matching the business s details against records held within the agency s application systems. This matching process, or establishing evidence of relationship, is similar to completing an evidence of identity check, which is normally done at the time of registration. Once the link is established through this binding process, access permissions for various transactions offered by the agency will be established in the same way as for siloed applications described in (1) above. Processes surrounding enrolment and binding processes are described section 5. 8 The ATO approach is an example of this. 9 This is dealt with in the choosing identifier area of section 4, and in Parts 2 and 3 of Volume 3 of the AGAF implementation guide for government.

14 Deregistration A business s online interaction with an agency will vary over time, as will the identity and authority of individuals within the business. This is analogous to the situation with nonelectronic channels. Managing the currency and accuracy of these relationships is a critical element of the integrity of the identity management infrastructure. Thus a cohesive deregistration capacity is vital. In an open identity management environment, promulgation of changes in credential status or implicit authority must be readily accessible online or be promulgated in a robust and timely manner so that relying authorisation systems remain well informed. Guidance on implementation is provided in section 5. Positioning e-authentication and authorisation controls Dealing with a business is potentially a complex matter. Businesses are often represented by a number of individuals who are assigned various roles (and therefore access permissions), potentially across a number of agencies. Roles can be legislated (for example, company office bearer) or assigned arbitrarily by a business, and can be persistent or highly volatile. Thus authorisation of individuals to act in various capacities on behalf of the business presents significant design, operational and administrative challenges for agencies. A consistent approach to allocating permissions and their associated enrolment techniques across government agencies will improve the overall integrity of the authorisation processes and also provide businesses with a common interface to this function. Moreover, depending on the specific implementation, it enables a single view and consistent management of all the access permissions of a business, or an individual within a business, to agency and potentially whole-of-government services. Implementing layers and granularity of controls E-authentication and authorisation are complementary and sequential processes in online transaction processing models and deal with the preliminaries to processing transactions. In simple terms, e-authentication checks is this the person they claim to be, and authorisation checks what is this person allowed to do. Identity e-authentication deals with checking the identity of a business using the e-authentication mechanism and associated credential. In open models that rely on credentials issued by third parties, the e-authentication step may require interaction with the issuer of the credential to validate the credential and its status (for example, its currency). Once e-authentication is complete, the access permissions of the user need to be validated. In contemporary systems, this permissions management is typically implemented as a separate layer of the technology architecture (see Figure 3.3). This relieves application systems from the need to embody the functionality, and enables the functionality to be implemented just once and then used by many applications. The extent of permissions management logic that is implemented within an authorisation layer needs to be carefully assessed during the design stage.

Tasmanian Government Identity and Access Management Toolkit

Tasmanian Government Identity and Access Management Toolkit Tasmanian Government Identity and Access Management Toolkit Summary January 2010 Department of Premier and Cabinet For further information on the Toolkit, contact the Office of egovernment: egovernment@dpac.tas.gov.au

More information

THE GOLD STANDARD ENROLMENT FRAMEWORK

THE GOLD STANDARD ENROLMENT FRAMEWORK 1. Introduction THE GOLD STANDARD ENROLMENT FRAMEWORK The issue of identity security was addressed by the Council of Australian Governments (COAG) Special Meeting on Counter-Terrorism on 27 September 2005.

More information

WESTERN AUSTRALIAN GOVERNMENT OFFICE OF e GOVERNMENT IDENTITY & ACCESS MANAGEMENT FRAMEWORK PROJECT. Action Plan (Draft Final V2.

WESTERN AUSTRALIAN GOVERNMENT OFFICE OF e GOVERNMENT IDENTITY & ACCESS MANAGEMENT FRAMEWORK PROJECT. Action Plan (Draft Final V2. WESTERN AUSTRALIAN GOVERNMENT OFFICE OF e GOVERNMENT IDENTITY & ACCESS MANAGEMENT FRAMEWORK PROJECT Action Plan (Draft Final V2.0) 15 September 2005 Prepared by Convergence e Business Solutions Pty Ltd

More information

HKUST CA. Certification Practice Statement

HKUST CA. Certification Practice Statement HKUST CA Certification Practice Statement IN SUPPORT OF HKUST CA CERTIFICATION SERVICES Version : 2.1 Date : 12 November 2003 Prepared by : Information Technology Services Center Hong Kong University of

More information

Queensland recordkeeping metadata standard and guideline

Queensland recordkeeping metadata standard and guideline Queensland recordkeeping metadata standard and guideline June 2012 Version 1.1 Queensland State Archives Department of Science, Information Technology, Innovation and the Arts Document details Security

More information

Newcastle University Information Security Procedures Version 3

Newcastle University Information Security Procedures Version 3 Newcastle University Information Security Procedures Version 3 A Information Security Procedures 2 B Business Continuity 3 C Compliance 4 D Outsourcing and Third Party Access 5 E Personnel 6 F Operations

More information

Oracle Identity Management Concepts and Architecture. An Oracle White Paper December 2003

Oracle Identity Management Concepts and Architecture. An Oracle White Paper December 2003 Oracle Identity Management Concepts and Architecture An Oracle White Paper December 2003 Oracle Identity Management Concepts and Architecture Introduction... 3 Identity management... 3 What is Identity

More information

Gatekeeper PKI Framework. Archived. February 2009. Gatekeeper Public Key Infrastructure Framework. Gatekeeper PKI Framework.

Gatekeeper PKI Framework. Archived. February 2009. Gatekeeper Public Key Infrastructure Framework. Gatekeeper PKI Framework. Gatekeeper Public Key Infrastructure Framework 1 October 2007 Department of Finance and Deregulation Australian Government Information Management Office Commonwealth of Australia 2009 This work is copyright.

More information

How much do you pay for your PKI solution?

How much do you pay for your PKI solution? Information Paper Understand the total cost of your PKI How much do you pay for your PKI? A closer look into the real costs associated with building and running your own Public Key Infrastructure and 3SKey.

More information

A SECURITY ARCHITECTURE FOR AGENT-BASED MOBILE SYSTEMS. N. Borselius 1, N. Hur 1, M. Kaprynski 2 and C.J. Mitchell 1

A SECURITY ARCHITECTURE FOR AGENT-BASED MOBILE SYSTEMS. N. Borselius 1, N. Hur 1, M. Kaprynski 2 and C.J. Mitchell 1 A SECURITY ARCHITECTURE FOR AGENT-BASED MOBILE SYSTEMS N. Borselius 1, N. Hur 1, M. Kaprynski 2 and C.J. Mitchell 1 1 Royal Holloway, University of London 2 University of Strathclyde ABSTRACT Future mobile

More information

The Benefits of an Industry Standard Platform for Enterprise Sign-On

The Benefits of an Industry Standard Platform for Enterprise Sign-On white paper The Benefits of an Industry Standard Platform for Enterprise Sign-On The need for scalable solutions to the growing concerns about enterprise security and regulatory compliance can be addressed

More information

Certification Practice Statement (ANZ PKI)

Certification Practice Statement (ANZ PKI) Certification Practice Statement March 2009 1. Overview 1.1 What is a Certification Practice Statement? A certification practice statement is a statement of the practices that a Certification Authority

More information

CPNI VIEWPOINT CONFIGURING AND MANAGING REMOTE ACCESS FOR INDUSTRIAL CONTROL SYSTEMS

CPNI VIEWPOINT CONFIGURING AND MANAGING REMOTE ACCESS FOR INDUSTRIAL CONTROL SYSTEMS CPNI VIEWPOINT CONFIGURING AND MANAGING REMOTE ACCESS FOR INDUSTRIAL CONTROL SYSTEMS MARCH 2011 Acknowledgements This Viewpoint is based upon the Recommended Practice: Configuring and Managing Remote Access

More information

Single Sign-On. Security and comfort can be friend. Arnd Langguth. alangguth@novell.com. September, 2006

Single Sign-On. Security and comfort can be friend. Arnd Langguth. alangguth@novell.com. September, 2006 Single Sign-On Security and comfort can be friend. Arnd Langguth alangguth@novell.com September, 2006 Identity proliferation in the enterprise Password management problem How many passwords do you have?

More information

B2C, B2B and B2E:! Leveraging IAM to Achieve Real Business Value

B2C, B2B and B2E:! Leveraging IAM to Achieve Real Business Value B2C, B2B and B2E:! Leveraging IAM to Achieve Real Business Value IDM, 12 th November 2014 Colin Miles Chief Technology Officer, Pirean Copyright 2014 Pirean Limited. All rights reserved. Safe Harbor All

More information

Electronic business conditions of use

Electronic business conditions of use Electronic business conditions of use This document provides Water Corporation s Electronic Business Conditions of Use. These are to be applied to all applications, which are developed for external users

More information

Glossary of Key Terms

Glossary of Key Terms and s Branch Glossary of Key Terms The terms and definitions listed in this glossary are used throughout the s Package to define key terms in the context of. Access Control Access The processes by which

More information

SOA REFERENCE ARCHITECTURE: WEB TIER

SOA REFERENCE ARCHITECTURE: WEB TIER SOA REFERENCE ARCHITECTURE: WEB TIER SOA Blueprint A structured blog by Yogish Pai Web Application Tier The primary requirement for this tier is that all the business systems and solutions be accessible

More information

Alternative authentication what does it really provide?

Alternative authentication what does it really provide? Alternative authentication what does it really provide? Steve Pannifer Consult Hyperion Tweed House 12 The Mount Guildford GU2 4HN UK steve.pannifer@chyp.com Abstract In recent years many new technologies

More information

Reporting on Control Procedures at Outsourcing Entities

Reporting on Control Procedures at Outsourcing Entities Auditing Guidance Statement AGS 1042 (July 2002) Reporting on Control Procedures at Outsourcing Entities Prepared by the Auditing & Assurance Standards Board of the Australian Accounting Research Foundation

More information

White Paper Delivering Web Services Security: The Entrust Secure Transaction Platform

White Paper Delivering Web Services Security: The Entrust Secure Transaction Platform White Paper Delivering Web Services Security: September 2003 Copyright 2003 Entrust. All rights reserved. Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries.

More information

OPENIAM ACCESS MANAGER. Web Access Management made Easy

OPENIAM ACCESS MANAGER. Web Access Management made Easy OPENIAM ACCESS MANAGER Web Access Management made Easy TABLE OF CONTENTS Introduction... 3 OpenIAM Access Manager Overview... 4 Access Gateway... 4 Authentication... 5 Authorization... 5 Role Based Access

More information

Ericsson Group Certificate Value Statement - 2013

Ericsson Group Certificate Value Statement - 2013 COMPANY INFO 1 (23) Ericsson Group Certificate Value Statement - 2013 COMPANY INFO 2 (23) Contents 1 Ericsson Certificate Value Statement... 3 2 Introduction... 3 2.1 Overview... 3 3 Contact information...

More information

Securing Internet Payments. The current regulatory state of play

Securing Internet Payments. The current regulatory state of play Securing Internet Payments The current regulatory state of play In recent years the European Union (EU) institutions have shown a growing interest on the security of electronic payments. This interest

More information

Commonwealth Department of Family and Community Services. Submission to the Joint Committee of Public Accounts and Audit (JCPAA)

Commonwealth Department of Family and Community Services. Submission to the Joint Committee of Public Accounts and Audit (JCPAA) Commonwealth Department of Family and Community Services Submission to the Joint Committee of Public Accounts and Audit (JCPAA) Inquiry into the Management and Integrity of Electronic Information in the

More information

Information security controls. Briefing for clients on Experian information security controls

Information security controls. Briefing for clients on Experian information security controls Information security controls Briefing for clients on Experian information security controls Introduction Security sits at the core of Experian s operations. The vast majority of modern organisations face

More information

PRACTICE NOTE 1013 ELECTRONIC COMMERCE - EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS

PRACTICE NOTE 1013 ELECTRONIC COMMERCE - EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS PRACTICE NOTE 1013 ELECTRONIC COMMERCE - EFFECT ON THE AUDIT OF FINANCIAL STATEMENTS (Issued December 2003; revised September 2004 (name change)) PN 1013 (September 04) PN 1013 (December 03) Contents Paragraphs

More information

Crime Statistics Data Security Standards. Office of the Commissioner for Privacy and Data Protection

Crime Statistics Data Security Standards. Office of the Commissioner for Privacy and Data Protection Crime Statistics Data Security Standards Office of the Commissioner for Privacy and Data Protection 2015 Document details Security Classification Dissemination Limiting Marker Dissemination Instructions

More information

TELSTRA RSS CA Subscriber Agreement (SA)

TELSTRA RSS CA Subscriber Agreement (SA) TELSTRA RSS CA Subscriber Agreement (SA) Last Revision Date: December 16, 2009 Version: Published By: Telstra Corporation Ltd Copyright 2009 by Telstra Corporation All rights reserved. No part of this

More information

expanding web single sign-on to cloud and mobile environments agility made possible

expanding web single sign-on to cloud and mobile environments agility made possible expanding web single sign-on to cloud and mobile environments agility made possible the world of online business is rapidly evolving In years past, customers once tiptoed cautiously into the realm of online

More information

The Convergence of IT Security and Physical Access Control

The Convergence of IT Security and Physical Access Control The Convergence of IT Security and Physical Access Control Using a Single Credential to Secure Access to IT and Physical Resources Executive Summary Organizations are increasingly adopting a model in which

More information

Data Protection Act 1998. Guidance on the use of cloud computing

Data Protection Act 1998. Guidance on the use of cloud computing Data Protection Act 1998 Guidance on the use of cloud computing Contents Overview... 2 Introduction... 2 What is cloud computing?... 3 Definitions... 3 Deployment models... 4 Service models... 5 Layered

More information

INFORMATION TECHNOLOGY SECURITY STANDARDS

INFORMATION TECHNOLOGY SECURITY STANDARDS INFORMATION TECHNOLOGY SECURITY STANDARDS Version 2.0 December 2013 Table of Contents 1 OVERVIEW 3 2 SCOPE 4 3 STRUCTURE 5 4 ASSET MANAGEMENT 6 5 HUMAN RESOURCES SECURITY 7 6 PHYSICAL AND ENVIRONMENTAL

More information

nexus Hybrid Access Gateway

nexus Hybrid Access Gateway Product Sheet nexus Hybrid Access Gateway nexus Hybrid Access Gateway nexus Hybrid Access Gateway uses the inherent simplicity of virtual appliances to create matchless security, even beyond the boundaries

More information

Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure

Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure Certification Practice Statement of the Federal Reserve Banks Services Public Key Infrastructure 1.0 INTRODUCTION 1.1 Overview The Federal Reserve Banks operate a public key infrastructure (PKI) that manages

More information

Security and Security Certificates for OpenADR systems. Background. Content:

Security and Security Certificates for OpenADR systems. Background. Content: Security and Security Certificates for OpenADR systems Content: Background... 1 Setup for OpenADR... 2 Test-, Evaluation-, and Production Certificates... 3 Responsibilities... 3 Certificate Requesting

More information

Management of Official Records in a Business System

Management of Official Records in a Business System GPO Box 2343 ADELAIDE SA 5001 Tel (08) 8204 8773 Fax (08) 8204 8777 DX:467 srsarecordsmanagement@sa.gov.au www.archives.sa.gov.au Management of Official Records in a Business System October 2011 Version

More information

Delivering value to the business with IAM

Delivering value to the business with IAM Delivering value to the business with IAM IDM, 18 th June 2014 Colin Miles Chief Technology Officer, Pirean Copyright 2014 Pirean Limited. All rights reserved. Safe Harbor All statements other than statements

More information

Certification Practice Statement

Certification Practice Statement FernUniversität in Hagen: Certification Authority (CA) Certification Practice Statement VERSION 1.1 Ralph Knoche 18.12.2009 Contents 1. Introduction... 4 1.1. Overview... 4 1.2. Scope of the Certification

More information

QUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN 18 085 048 237. better health cover shouldn t hurt

QUEENSLAND COUNTRY HEALTH FUND. privacy policy. Queensland Country Health Fund Ltd ABN 18 085 048 237. better health cover shouldn t hurt QUEENSLAND COUNTRY HEALTH FUND privacy policy Queensland Country Health Fund Ltd ABN 18 085 048 237 better health cover shouldn t hurt 1 2 contents 1. Introduction 4 2. National Privacy Principles 5 3.

More information

PRIME IDENTITY MANAGEMENT CORE

PRIME IDENTITY MANAGEMENT CORE PRIME IDENTITY MANAGEMENT CORE For secure enrollment applications processing and workflow management. PRIME Identity Management Core provides the foundation for any biometric identification platform. It

More information

Unifying framework for Identity management

Unifying framework for Identity management Unifying framework for Identity management Breakfast seminar Security-Assessment.com Stephan Overbeek 2006-03-28 Disclaimer + This is a slide pack that supports a narrative and needs to be accompanied

More information

Capital Adequacy: Advanced Measurement Approaches to Operational Risk

Capital Adequacy: Advanced Measurement Approaches to Operational Risk Prudential Standard APS 115 Capital Adequacy: Advanced Measurement Approaches to Operational Risk Objective and key requirements of this Prudential Standard This Prudential Standard sets out the requirements

More information

Creating trusted data governance across domains and sectors

Creating trusted data governance across domains and sectors Authors: Niall Burns (Symphonic), Professor Bill Buchanan (Edinburgh Napier University), Cassie Anderson (miicard) Overview There is a growing demand within governments, health sectors, social care, police,

More information

Understanding Digital Certificates & Secure Sockets Layer A Fundamental Requirement for Internet Transactions

Understanding Digital Certificates & Secure Sockets Layer A Fundamental Requirement for Internet Transactions A Fundamental Requirement for Internet Transactions May 2007 Copyright 2007 Entrust. All rights reserved. Entrust is a registered trademark of Entrust, Inc. in the United States and certain other countries.

More information

IDENTITY MANAGEMENT. February 2008. The Government of the Hong Kong Special Administrative Region

IDENTITY MANAGEMENT. February 2008. The Government of the Hong Kong Special Administrative Region IDENTITY MANAGEMENT February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without

More information

Trustis FPS Healthcare Certificate Services Enrolment Requirements Acceptable Evidence in Support of an Application for a Digital Certificate

Trustis FPS Healthcare Certificate Services Enrolment Requirements Acceptable Evidence in Support of an Application for a Digital Certificate Trustis FPS Healthcare Certificate Services Enrolment Requirements Acceptable Evidence in Support of an Application for a Digital Certificate Important Notice: If you are an organisation that is already

More information

Maturity Model. March 2006. Version 1.0. P2MM Version 1.0 The OGC logo is a Registered Trade Mark of the Office of Government Commerce

Maturity Model. March 2006. Version 1.0. P2MM Version 1.0 The OGC logo is a Registered Trade Mark of the Office of Government Commerce Maturity Model March 2006 Version 1.0 P2MM Version 1.0 The OGC logo is a Registered Trade Mark of the Office of Government Commerce This is a Value Added product which is outside the scope of the HMSO

More information

Information Security Policy September 2009 Newman University IT Services. Information Security Policy

Information Security Policy September 2009 Newman University IT Services. Information Security Policy Contents 1. Statement 1.1 Introduction 1.2 Objectives 1.3 Scope and Policy Structure 1.4 Risk Assessment and Management 1.5 Responsibilities for Information Security 2. Compliance 3. HR Security 3.1 Terms

More information

Personally controlled electronic health record (ehealth record) system

Personally controlled electronic health record (ehealth record) system Personally controlled electronic health record (ehealth record) system ehealth record System Operator Audit report Information Privacy Principles audit Section 27(1)(h) Privacy Act 1988 Audit undertaken:

More information

An Oracle White Paper Dec 2013. Oracle Access Management Security Token Service

An Oracle White Paper Dec 2013. Oracle Access Management Security Token Service An Oracle White Paper Dec 2013 Oracle Access Management Security Token Service Disclaimer The following is intended to outline our general product direction. It is intended for information purposes only,

More information

WEB SERVICES SECURITY

WEB SERVICES SECURITY WEB SERVICES SECURITY February 2008 The Government of the Hong Kong Special Administrative Region The contents of this document remain the property of, and may not be reproduced in whole or in part without

More information

Ulster University Standard Cover Sheet

Ulster University Standard Cover Sheet Ulster University Standard Cover Sheet Document Title AUTHENTICATION STANDARD 2.5 Custodian Approving Committee Deputy Director of Finance and Information Services (Information Services) ISD Committee

More information

Entrust Secure Web Portal Solution. Livio Merlo Security Consultant September 25th, 2003

Entrust Secure Web Portal Solution. Livio Merlo Security Consultant September 25th, 2003 Entrust Secure Web Portal Solution Livio Merlo Security Consultant September 25th, 2003 1 Entrust Secure Web Portal Solution Only the Entrust Secure Web Portal solution provides Security Services coupled

More information

LAW. ON ELECTRONIC SIGNATURE (Official Gazette of the Republic of Montenegro 55/03 and 31/05)

LAW. ON ELECTRONIC SIGNATURE (Official Gazette of the Republic of Montenegro 55/03 and 31/05) LAW ON ELECTRONIC SIGNATURE (Official Gazette of the Republic of Montenegro 55/03 and 31/05) I GENERAL PROVISIONS Article 1 This Law shall regulate the use of electronic signature in legal transactions,

More information

WebEx Security Overview Security Documentation

WebEx Security Overview Security Documentation WebEx Security Overview Security Documentation 8/1/2003: WebEx Communications Inc. WebEx Security Overview WebEx Security Overview Introduction WebEx Communications, Inc. provides real-time communication

More information

Web Applications Access Control Single Sign On

Web Applications Access Control Single Sign On Web Applications Access Control Single Sign On Anitha Chepuru, Assocaite Professor IT Dept, G.Narayanamma Institute of Technology and Science (for women), Shaikpet, Hyderabad - 500008, Andhra Pradesh,

More information

Federal Reserve Banks Certification Authority (FR-CA) Certification Practice Statement

Federal Reserve Banks Certification Authority (FR-CA) Certification Practice Statement Certification Practice Statement 1.0 INTRODUCTION 1.1 OVERVIEW The Federal Reserve Banks ( FRBs ), utilizing Public Key Infrastructure ( PKI ) technology and operating as a Certification Authority ( FR-CA

More information

Exploring ADSS Server Signing Services

Exploring ADSS Server Signing Services ADSS Server is a multi-function server providing digital signature creation and signature verification services, as well as supporting other infrastructure services including Time Stamp Authority (TSA)

More information

Identity and Access Management

Identity and Access Management Cut costs. Increase security. Support compliance. www.siemens.com/iam Scenarios for greater efficiency and enhanced security Cost pressure is combining with increased security needs compliance requirements

More information

Introduction to SAML

Introduction to SAML Introduction to THE LEADER IN API AND CLOUD GATEWAY TECHNOLOGY Introduction to Introduction In today s world of rapidly expanding and growing software development; organizations, enterprises and governments

More information

Federation Operator Procedures

Federation Operator Procedures UK Access Management Federation for Education and Research Federation Operator Procedures 1 st August 2011 Version 2.1 ST/AAI/UKF/DOC/005 Contents 1 Introduction 3 2 Membership application processing 3

More information

Service Agreement SURE Project Workspace

Service Agreement SURE Project Workspace Service Agreement SURE Project Workspace Applicant Information Project Name Research Organisation ABN Number Contract number of SURE Head Agreement: This is an agreement to acquire a SURE Project Workspace

More information

Media Shuttle s Defense-in- Depth Security Strategy

Media Shuttle s Defense-in- Depth Security Strategy Media Shuttle s Defense-in- Depth Security Strategy Introduction When you are in the midst of the creative flow and tedious editorial process of a big project, the security of your files as they pass among

More information

Enterprise Risk Management

<risk> Enterprise Risk Management Global Resources... Local Knowledge is vital in supporting business continuity across diverse and challenging environments and operating models. By consolidating risk management activities into a single,

More information

REPORTING ACCOUNTANTS WORK ON FINANCIAL REPORTING PROCEDURES. Financing Change initiative

REPORTING ACCOUNTANTS WORK ON FINANCIAL REPORTING PROCEDURES. Financing Change initiative REPORTING ACCOUNTANTS WORK ON FINANCIAL REPORTING PROCEDURES consultation PAPER Financing Change initiative inspiring CONFIdENCE icaew.com/financingchange ICAEW operates under a Royal Charter, working

More information

[300] Accounting and internal control systems and audit risk assessments

[300] Accounting and internal control systems and audit risk assessments [300] Accounting and internal control systems and audit risk assessments (Issued March 1995) Contents Paragraphs Introduction 1 12 Inherent risk 13 15 Accounting system and control environment 16 23 Internal

More information

Framework for Analysing, Planning and Implementing Identity Management within E-Health

Framework for Analysing, Planning and Implementing Identity Management within E-Health Framework for Analysing, Planning and Implementing Identity Management within E-Health Version 1.0 16 July 2007 Public Release Final National E-Health Transition Authority National E-Health Transition

More information

Revelian Pty Ltd ABN 58 089 022 202 Privacy Policy Effective 1 September 2014

Revelian Pty Ltd ABN 58 089 022 202 Privacy Policy Effective 1 September 2014 Revelian Pty Ltd ABN 58 089 022 202 Privacy Policy Effective 1 September 2014 OUR COMMITMENT Your privacy is important to us. This document explains how Revelian collects, handles, uses and discloses your

More information

Federated Identity in the Enterprise

Federated Identity in the Enterprise www.css-security.com 425.216.0720 WHITE PAPER The proliferation of user accounts can lead to a lowering of the enterprise security posture as users record their account information in order to remember

More information

investment portfolio service

investment portfolio service investment portfolio service overview Cavendish is a specialist administrator of Self Managed Superannuation Funds (SMSFs). Our overriding business objective is to provide our clients the Trustees of the

More information

The Convergence of IT Security and Physical Access Control

The Convergence of IT Security and Physical Access Control The Convergence of IT Security and Physical Access Control Using a Single Credential to Secure Access to IT and Physical Resources Executive Summary Organizations are increasingly adopting a model in which

More information

The Primer: Nuts and Bolts of Federated Identity Management

The Primer: Nuts and Bolts of Federated Identity Management The Primer: Nuts and Bolts of Federated Identity Management Executive Overview For any IT department, it is imperative to understand how your organization can securely manage and control users identities.

More information

Entitlements Access Management for Software Developers

Entitlements Access Management for Software Developers Entitlements Access Management for Software Developers Market Environment The use of fine grained entitlements and obligations control for access to sensitive information and services in software applications

More information

esign FAQ 1. What is the online esign Electronic Signature Service? 2. Where the esign Online Electronic Signature Service can be used?

esign FAQ 1. What is the online esign Electronic Signature Service? 2. Where the esign Online Electronic Signature Service can be used? esign FAQ 1. What is the online esign Electronic Signature Service? esign Electronic Signature Service is an innovative initiative for allowing easy, efficient, and secure signing of electronic documents

More information

EMC Physical Security Enabled by RSA SecurID Two-Factor Authentication with Verint Nextiva Review and Control Center Clients

EMC Physical Security Enabled by RSA SecurID Two-Factor Authentication with Verint Nextiva Review and Control Center Clients EMC Physical Security Enabled by RSA SecurID Two-Factor Authentication with Verint Nextiva Review and Control Center Clients A Detailed Review EMC Information Infrastructure Solutions Abstract This white

More information

Catalyst Consulting & Events (CCE) takes seriously its commitment to preserve the privacy of the personal information that we collect.

Catalyst Consulting & Events (CCE) takes seriously its commitment to preserve the privacy of the personal information that we collect. PRIVACY POLICY 1. Introduction Catalyst Consulting & Events (CCE) takes seriously its commitment to preserve the privacy of the personal information that we collect. We will only collect information that

More information

IDENTITY INFORMATION MANAGMENT ARCHITECTURE SUMMARY Architecture and Standards Branch Office of the CIO Province of BC People Collaboration Innovation

IDENTITY INFORMATION MANAGMENT ARCHITECTURE SUMMARY Architecture and Standards Branch Office of the CIO Province of BC People Collaboration Innovation IDENTITY INFORMATION MANAGMENT ARCHITECTURE SUMMARY Architecture and Standards Branch Author: Creation Date: Last Updated: Version: I. Bailey May 28, 2008 March 23, 2009 0.7 Reviewed By Name Organization

More information

Identity and Access Management Point of View

Identity and Access Management Point of View Identity and Access Management Point of View Agenda What is Identity and Access Management (IAM)? Business Drivers and Challenges Compliance and Business Benefits IAM Solution Framework IAM Implementation

More information

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES Participation in the InCommon Federation ( Federation ) enables a federation participating organization ("Participant") to use Shibboleth identity

More information

Code of Practice for Electronic Transactions

Code of Practice for Electronic Transactions Code of Practice for Electronic Transactions Background and status of this code Financial Regulations have for some time recognised aspects of e-transactions particularly relating to the use of the Council

More information

CP14 ISSUE 5 DATED 1 st OCTOBER 2015 BINDT Audit Procedure Conformity Assessment and Certification/Verification of Management Systems

CP14 ISSUE 5 DATED 1 st OCTOBER 2015 BINDT Audit Procedure Conformity Assessment and Certification/Verification of Management Systems Certification Services Division Newton Building, St George s Avenue Northampton, NN2 6JB United Kingdom Tel: +44(0)1604-893-811. Fax: +44(0)1604-893-868. E-mail: pcn@bindt.org CP14 ISSUE 5 DATED 1 st OCTOBER

More information

REDCENTRIC N3 SECURE REMOTE ACCESS SERVICE DEFINITION. SD045 V4.1 Issue Date 04 07 2014. Page 1 Public

REDCENTRIC N3 SECURE REMOTE ACCESS SERVICE DEFINITION. SD045 V4.1 Issue Date 04 07 2014. Page 1 Public REDCENTRIC N3 SECURE REMOTE ACCESS SERVICE DEFINITION SD045 V4.1 Issue Date 04 07 2014 Page 1 Public 1) SERVICE OVERVIEW 1.1) SERVICE OVERVIEW Redcentric s N3 Secure Remote Access (N3-SRA) Service offers

More information

KAZAKHSTAN STOCK EXCHANGE

KAZAKHSTAN STOCK EXCHANGE KAZAKHSTAN STOCK EXCHANGE A p p r o v e d by Kazakhstan Stock Exchange Board of Directors decision (minutes No. 15 of November 6, 2002) Effective from November 7, 2002 N O T I C E Rules have been translated

More information

Technical Proposition. Security

Technical Proposition. Security Technical Proposition ADAM Software NV The global provider of media workflow and marketing technology software ADAM Software NV adamsoftware.net info@adamsoftware.net Why Read this Technical Proposition?

More information

Network Rail Infrastructure Projects Joint Relationship Management Plan

Network Rail Infrastructure Projects Joint Relationship Management Plan Network Rail Infrastructure Projects Joint Relationship Management Plan Project Title Project Number [ ] [ ] Revision: Date: Description: Author [ ] Approved on behalf of Network Rail Approved on behalf

More information

Briefly describe the #1 problem you have encountered with implementing Multi-Factor Authentication.

Briefly describe the #1 problem you have encountered with implementing Multi-Factor Authentication. Polling Question Briefly describe the #1 problem you have encountered with implementing Multi-Factor Authentication. Please type in your response. This poll will close promptly at 1:00 pm CDT Getting the

More information

FIDO Trust Requirements

FIDO Trust Requirements FIDO Trust Requirements Ijlal Loutfi, Audun Jøsang University of Oslo Mathematics and Natural Sciences Faculty NordSec 2015,Stockholm, Sweden October, 20 th 2015 Working assumption: End Users Platforms

More information

Note that the following document is copyright, details of which are provided on the next page.

Note that the following document is copyright, details of which are provided on the next page. Please note that the following document was created by the former Australian Council for Safety and Quality in Health Care. The former Council ceased its activities on 31 December 2005 and the Australian

More information

41. How Should Services Be Identified or Specified to Maximize Reuse?

41. How Should Services Be Identified or Specified to Maximize Reuse? CHAPTER 5 METHODS 103 41. How Should Services Be Identified or Specified to Maximize Reuse? A key tenet of understanding SOA is the focus on getting the organization to reuse versus a focus on the programmer

More information

10 Things IT Should be Doing (But Isn t)

10 Things IT Should be Doing (But Isn t) Contents Overview...1 Top Ten Things IT Should be Doing...2 Audit Data Access... 2 Inventory Permissions and Directory Services Group Objects... 2 Prioritize Which Data Should Be Addressed... 2 Remove

More information

Neutralus Certification Practices Statement

Neutralus Certification Practices Statement Neutralus Certification Practices Statement Version 2.8 April, 2013 INDEX INDEX...1 1.0 INTRODUCTION...3 1.1 Overview...3 1.2 Policy Identification...3 1.3 Community & Applicability...3 1.4 Contact Details...3

More information

HEALTHCARE SOLUTIONS

HEALTHCARE SOLUTIONS HEALTHCARE SOLUTIONS Healthcare solutions HEALTHCARE COMMUNICATIONS THE CHALLENGES The organisation is asking for improved communications, but resources and budget will not extend to a huge IP communications

More information

Business Telephone Banking Registration Form

Business Telephone Banking Registration Form Business Telephone Banking Registration Form (One form should be completed for each user) COMMERCIAL BANKING A. Company Information Company name (in English) Account number* *First nine digits of the account

More information

COMMUNICATING ELECTRONICALLY WITH CUSTOMS

COMMUNICATING ELECTRONICALLY WITH CUSTOMS COMMUNICATING ELECTRONICALLY WITH CUSTOMS This fact sheet deals with communicating electronically with Customs via the Integrated Cargo System (ICS). The main elements covered by this fact sheet are: communication

More information

Document Version. January 2013

Document Version. January 2013 Service and Technical Description Vendor Access Network Providers (VAN) January 2013 Contents Vendor Access Network Providers (VAN)... 1 Contents... 2 Document Version... 3 1. Introduction... 4 1.1. Purpose

More information

TERMS AND CONDITIONS GOVERNING THE USE OF NBADS ONLINE TRADING

TERMS AND CONDITIONS GOVERNING THE USE OF NBADS ONLINE TRADING TERMS AND CONDITIONS GOVERNING THE USE OF NBADS ONLINE TRADING In this document, the following words and phrases shall have the meanings set out below unless indicated otherwise. You should read every

More information

NCSU SSO. Case Study

NCSU SSO. Case Study NCSU SSO Case Study 2 2 NCSU Project Requirements and Goals NCSU Operating Environment Provide support for a number Apps and Programs Different vendors have their authentication databases End users must

More information

Comparing Cost of Ownership: Symantec Managed PKI Service vs. On- Premise Software

Comparing Cost of Ownership: Symantec Managed PKI Service vs. On- Premise Software WHITE PAPER: COMPARING TCO: SYMANTEC MANAGED PKI SERVICE........ VS..... ON-PREMISE........... SOFTWARE................. Comparing Cost of Ownership: Symantec Managed PKI Service vs. On- Premise Software

More information

The Primer: Nuts and Bolts of Federated Identity Management

The Primer: Nuts and Bolts of Federated Identity Management The Primer: Nuts and Bolts of Federated Identity Management Overview For any IT department, it is imperative to understand how your organization can securely manage and control users identities. With so

More information