Skip to content.
|Networking government in New Zealand.
 
You are here: Home » Services » SEEMail » S.E.E. PKI: Paper 3 - Authentication Mechanisms » 7 Authentication, authorisation, audit and

7 Authentication, authorisation, audit and

7.1.1 This section discusses some further considerations related to authentication.

7.1.2 Authentication can be used to support several key aspects of system security. The most important and obvious of these is authorisation to access a system or part of a system.

7.1.3 The authentication requirements for any particular system may be as coarse as permitting all users from one or more agencies to access an entire system, or as fine as granting one individual the right to modify one particular document.

7.1.4 Different applications have different demands relating to the relationships between authentication, identity, attributes of identity such as position within an organisational hierarchy, roles, application functions, and the information elements within an application. In some cases, some of these relationships might best be stored in a central directory of users and certificates, while others would be more appropriately stored within the individual applications. These issues are outside the scope of this document.

7.1.5 So far as audit is concerned, any user must be authenticated before a system can log his or her use of the system on an individual basis. When choosing an authentication mechanism, the level of authentication required for the audit log must be considered - in particular what level of authentication will be required in case system misuse is detected. For many systems, the requirement may be to authorise on the basis of the agency, but to audit at the level of the individual.

7.1.6 Some systems call for the capability of a digital signature that will be legally binding. Digital certificates and Public Key Infrastructure (PKI) technologies enable data items (for example documents) to be uniquely 'signed', and each such item can be stored and exchanged in its digitally signed state.

7.1.7 From a technical perspective a digital signature is a straightforward binding relationship between an authenticated user (originator) and a piece of data. However, the legal and procedural requirements for managing and recognising digital signatures will need considerable work and are outside the scope of this document.


[ Previous ]