3 Whether to PKI enable an application

3.1.1 Paper 3 on authentication mechanisms recommends that digital certificates on smart tokens (S.E.E. Keys) be required for systems handling SENSITIVE information.

3.1.2 IN CONFIDENCE systems can also be PKI enabled, either as the sole authentication mechanism or as an optional alternative authentication mechanism in addition to, say, username and passwords.

3.1.3 PKI enabling IN CONFIDENCE systems may be done to let users better protect their data, for single sign-on, to avoid the overhead of user management and password change requests, to utilise technical digital signature, or simply to enhance confidence in a system.

3.1.4 If S.E.E. Keys are to be required for applications you need to consider the cost of S.E.E. Keys (refer Paper 6 - Impact on agencies).

3.1.5 We believe that S.E.E. Keys are currently inappropriate for authenticating citizens due to experiences in other government projects, the overhead in managing token drivers, and cost.