Agent Information Service AIS

1
Agent Information Service (AIS)

• Government Online Group Meeting

Paul Tillig - Project Manager Michael Lawrence -
Technical Team Leader August 2000
2
AIS Project Presentation Purpose

• To describe WorkCovers use of a PKI architecture
  in the context of the AIS Project and its
  architecture
• To consider some of the lessons learnt about
  security over the Internet

3
AIS Project Workers Compensation in Victoria

• WorkCover regulates the Scheme
• 11 insurance companies act as agents providing
  workers compensation insurance to employers
• 11 Agents are connected to claims, premiums and
  reporting systems outsourced to CSC
• CSC are under contract to WorkCover

4
AIS Project Environment

• Current Environment
• 1500 report and data extract programs
• Running on MVS against a DB2 database
• Connected using leased lines
• New Environment
• Same number of programs users
• WebFOCUS running on HPUX against an Oracle
  database
• Agents connected over the Internet

5
AIS Project Service Functions

• Develop and run reports against the Data
  Warehouse over the Internet using WebFOCUS
• Upload and download compressed files between the
  Data Warehouse server and their own environment
  using standard Windows Explorer drag and drop
  features
• Schedule the automatic extraction and delivery of
  files as encrypted e-mail to any registered user
  via the Internet - both colleagues and employers
• Move data to a directory to be automatically
  burned to CD for collection as an on demand
  service
• Browse report output using a standard browser
• Receive encrypted mail

6
AIS Project Security

• Key security issues
• Exposure of the Internet
• Risk of information arriving inadvertently at the
  wrong destination as e-mail

7
AIS Project Project Partners
Hewlett-Packard (for Design Technology
Implementation)
KPMG (for PKI)
Information Builders (for WebFOCUS implementation)
8
AIS Project Design Objectives

• Open standards
• Minimal impact on clients
• Agents Employers
• Flexibility (expansion, direction)
• Encompass future e-commerce activities
• Utilise smart card storage for certificates
• Centralised management

9
AIS Project Architecture
Major Components...
External
VWA
CLIENT Web Browser CONNECT client S/MIME client
APPLICATION DATABASE
DIRECTORY SERVICES LDAP (NDS / Netscape)
Directory Services
PKI
SECURITY Application Proxying Digital
Certificates Username / Password
Internet Infrastructure
INTERNET
10
AIS Project PKI What is it?
Public Key Infrastructure

• Public Key Infrastructure is a service for
  managing Encryption Keys and Digital Certificates
  to ensure the security of electronic information.
• Encryption Keys - a pair of keys (PUBLIC key and
  a PRIVATE key) used to encrypt and decrypt data
• PUBLIC key is widely available and is typically
  used by others to encrypt data for you
• PRIVATE key is kept secure by the owner and is
  used to decrypt messages encrypted using the
  PUBLIC key or to create a digital signature
• Digital Certificate - a document (software file)
  containing information that binds a PUBLIC key to
  a person, application or service (ie. like a
  passport). The certificate is obtained from a
  trusted body known as the Certification Authority

11
AIS Project PKI Application

• Authentication of individuals
• Browser session (WebFOCUS)
• CONNECT client session (File Management)

• Privacy and Integrity of data
• Mail (S/MIME)
• Browser (SSL)

12
AIS Project PKI Structure
13
AIS Project Lessons Learnt

• There is a degree of risk which is difficult to
  measure and manage (reflected by immaturity of
  product and vendor knowledge)
• Although security is a core component of
  web-based products, integration can be affected
  significantly by product version
• Uncertainty and acceptance of current PKI
  offerings (will they last? will it operate with
  other solutions? whats everyone else doing?)

14
Questions?