Government of Canada PKI |
![Whole-of-Government Approach](/web/20061210150913im_/http://www.solutions.gc.ca/cioscripts/images/icon-pki-icp.gif) |
![horizontal line](/web/20061210150913im_/http://www.solutions.gc.ca/cioscripts/images/pwgsc-www-line450x1.gif) |
Since the early 1990's, the Government of Canada has been applying
information technologies to its business processes to achieve more
cost-effective, accessible, responsive and citizen-centred government services.
A key initiative has been the establishment of the Government of Canada Public
Key Infrastructure to meet the security requirements of federal
electronic services delivery, promote the domestic information technology
industry and guarantee Canada's role as a key global player in the growing
electronic service delivery and electronic commerce fields.
The government's commitment to electronic services delivery was highlighted
in the 1999 Throne Speech, with the announcement of an ambitious plan to make
all federal programs and services available on-line by 2005. This pledge is
being realized through the Government On-Line initiative.
Replacing familiar, paper-based transactions with electronic service delivery
brings concerns about the security of information. For Government On-Line to
succeed, program managers and citizens must be assured of the confidentiality
and security of electronic transactions. Officials and the public alike demand
that the information contained in "virtual" documents and electronic
transactions be as private and secure as that contained in paper documents, and
that digital signatures be as trustworthy and credible as written ones.
The Government of Canada Public Key Infrastructure provides departments an
efficient, effective, common basis for the secure electronic delivery of federal
services and programs. The ultimate goal of the government's PKI strategy is the
establishment of a secure federal electronic service delivery system based
largely on a centrally managed Public Key Infrastructure cross-certified with
other PKIs.
The Government of Canada Public Key Infrastructure also includes the
Communications Security Establishment, other departments and departmental PKIs,
as well as numerous advisory bodies. It is governed by a framework of
legislation, policies, and procedures that ensure that the federal community is
able to deliver its services and programs securely over the Internet and other
networks.
The President of the Treasury Board heads the Government of Canada Public Key
Infrastructure, and is responsible for entering into and terminating written
agreements for cross-certification on behalf of the government. The Secretary of
the Treasury Board supports the President by providing advice and
recommendations on cross-certification activities, and by coordinating and
setting the overall direction for PKI management within the federal community.
The Policy Management Authority, a senior executive committee, assists the
Secretary and the President in their PKI-related duties. The PMA provides
overall strategic directions for PKI in the federal community, and makes
recommendations to the Secretary respecting membership in, and
cross-certification with, the Government of Canada PKI.
A key operational component of a Public Key Infrastructure is the
Certification Authority, a trusted third party responsible for issuing digital
certificates. A federal department may operate its own Certification Authority,
or choose to enter into a contract with another organization for the provision
of Certification Authority services.
Depending on a number of factors, including the level of assurance required
and the value, sensitivity or complexity of transactions, departmental
Certification Authorities issue different types of certificates. Rules governing
the issuance of specific classes of certificates are captured in Government of
Canada Public Key Infrastructure Certificate Policies, which serve as the
cornerstone of trust in a public key certificate and form the basis for
cross-certification. A Certification Authority also creates a Certification
Practice Statement that describes in detail the practices it employs to issue
certificates. Certification Authorities cross-certifying with each other
establish a trust relationship in which each recognizes one or more Certificate
Policies of the other.
In the Government of Canada Public Key Infrastructure, the Canadian Federal Public Key Infrastructure Bridge is the bridge through which these trust relationships - or
cross-certifications - are established, whether such relationships exist
between federal bodies governed by federal PKI Management Policy, or with
external Certification Authorities. The Canadian Security Establishment manages
and operates the Canadian Federal Public Key Infrastructure Bridge on behalf of the Policy Management
Authority.
Departments may operate more than one Certification Authority. In such
instances, the department designates one of its Certification Authorities to be
its Level 1 Certification Authority. It cross-certifies with the Canadian Federal Public Key Infrastructure Bridge, and signs the certificates of the department's subordinate
Certification Authorities. If a department has only one Certification Authority,
it is automatically a Level 1 Certification Authority. A department's Level 1
Certification Authority is responsible for the creation of the departmental
Certificate Policies and Certification Practice Statement.
Departmental Local Registration Authorities ensure that the individuals or
organizations applying for granted digital certificates are, in fact, whom they
claim to be. Having verified the applicant's identity, the Local Registration
Authority instructs the Certification Authority to issue the certificate.
More details on the roles and responsibilities of these organizations can be
found in the Policy for Public Key Infrastructure Management in the Government of Canada.
|