Digital Certificate Initiative

354 views
212 views

Published on

0 Comments
0 Likes
Statistics
Notes
  • Be the first to comment

  • Be the first to like this

No Downloads
Views
Total views
354
On SlideShare
0
From Embeds
0
Number of Embeds
1
Actions
Shares
0
Downloads
5
Comments
0
Likes
0
Embeds 0
No embeds

No notes for slide

Digital Certificate Initiative

  1. 1. Digital Certificate Initiative Guy Springgay Holiday Inn - Oakville
  2. 2. Current set up <ul><ul><li>IMO is using outsourced Certification Authority (CA) Service provided by Scotia Bank using Entrust based PKI (Service is a fully managed PKI) </li></ul></ul><ul><ul><li>Scotia Bank is the registration authority. </li></ul></ul><ul><ul><li>LRAO (Local Registration Authority Officer) located at IMO </li></ul></ul><ul><ul><li>CSRO (Certificate Subscriber Registration Officer) at participants site. </li></ul></ul><ul><ul><li>IMO LRA officers manage certificate request administration tasks, communicate with CSROs, end users and custodians. </li></ul></ul><ul><ul><li>all LRAO and CSRO officers follow documented procedures </li></ul></ul><ul><ul><li>Certificate Subscriber Agreement specified legal obligations. </li></ul></ul>
  3. 3. Roles and Accountabilities for the Market Participant <ul><li>Certificate Subscriber Company = Market Participant Company </li></ul><ul><ul><li>An organizational entity of the IMO MOSMIM service. Its employees, those who possess an IMO certificate, are referred to as Certificate Subscriber Individual Subscribers or Certificate Subscriber Application Subscribers. </li></ul></ul><ul><li>Certificate Subscriber Senior Officer = Market Participant Senior Officer </li></ul><ul><ul><li>A senior officer at an IMO Market Participant Company who can authorize an officer to perform the responsibilities of a Certificate Subscriber Authorized Signatory </li></ul></ul><ul><li>Certificate Subscriber Authorized Signatory = Market Participant Authorized Signatory </li></ul><ul><ul><li>An officer of a Market Participant Company who is authorized by the Certificate Subscriber Senior Officer to register for PKI services. The Certificate Subscriber Authorized Signatory designates and delegates the role of the Certificate Subscriber Registration Officer. The officer signs the IMO Certificate Subscriber Agreement, the Certificate Subscriber Registration Officer Request Form , and IMO Certificate Subscriber Request Form. </li></ul></ul>
  4. 4. Roles and Accountabilities for the Market Participant (continued) <ul><li>Certificate Subscriber Registration Officer = Market Participant Registration Officer </li></ul><ul><ul><li>An employee of the Market Participant Company that is authorized (and vetted by the IMO LRA Officer) to perform the face-to-face proofing of Market Participant individuals requesting an IMO certificate. The Market Participant Registration Officer attests to the IMO that the Certificate Subscriber Individual Subscriber or Certificate Subscriber Application Subscriber is who they say they are. </li></ul></ul>
  5. 5. PKI External Roles and Accountabilities: The Market Participant (continued) <ul><li>Certificate Subscriber Individual Subscriber = Market Participant Individual Subscriber </li></ul><ul><ul><li>Individual that works for a Market Participant Company that interacts with the IMO MOSMIM service and possesses an IMO certificate for individual use or submits an IMO certificate request in order to use an IMO certificate. </li></ul></ul><ul><li>Certificate Subscriber Application Subscriber = Market Participant Application Subscriber </li></ul><ul><ul><li>An individual of a Market Participant that is responsible for managing the certificate lifecycle of a Market Participant Application Certificate. (A Market Participant Application Certificate is a certificate that is assigned to a software application of a Market Participant Company that is specifically designed to interact with the IMO MOSMIM service.) </li></ul></ul><ul><li>Notary Public </li></ul><ul><ul><li>A trusted external entity that attests to the IMO that the Certificate Subscriber Individual Subscriber, Certificate Subscriber Application Subscriber, or Certificate Subscriber Registration Officer is who they say they are and witnesses the Certificate Subscriber Individual Subscriber, Certificate Subscriber Application Subscriber, or Certificate Subscriber Registration Officer signing the forms in question. </li></ul></ul>
  6. 6. New Proposal <ul><li>Certificate Subscriber Limited Subscriber = Market Participant Limited Subscriber </li></ul><ul><ul><li>An individual of a Market Participant that is responsible and accountable for managing the certificate lifecycle of a Market Participant Limited Certificate. </li></ul></ul><ul><ul><li>Limited Subscriber means the person whose personal identity is associated as the custodian with one or more of a Certificate Subscriber's IMO Digital Certificates issued for the purpose of permitting a single certificate to be used by multiple users for accessing the IMO secure web servers . </li></ul></ul><ul><ul><li>Using a Limited Subscriber certificate would only be allowed for a Certificate Subscriber that is not submitting transactions, including bids and offers to the Market Participant Interface. </li></ul></ul>
  7. 7. New Proposal (continued) <ul><li>Certificate Subscriber Limited Subscriber = Market Participant Limited Subscriber </li></ul><ul><ul><li>Using a Limited Subscriber certificate is only permitted where verification of the transaction is not required. </li></ul></ul><ul><ul><li>For non transactional participants, it is the participant who makes the decision what certificate to use. </li></ul></ul><ul><ul><li>A new Certificate Subscriber Agreement (CSA) is needed for any participant changing to the Limited Subscriber from Individual and/or Application Subscriber. </li></ul></ul><ul><ul><li>No technical difference in certificates. Access will be limited based on authorization and set up in Registration database. </li></ul></ul><ul><ul><li>The signing of the CSA will wave the legal requirements for non- repudiation. </li></ul></ul>
  8. 8. New Proposal (continued) <ul><li>Certificate Subscriber Limited Subscriber = Market Participant Limited Subscriber </li></ul><ul><li>Certificate Subscriber Limited Subscriber who is the custodian of the of the limited certificate will be the only person authorized to distribute use of it. That means users of the certificate who are not custodians should not be allowed to redistribute use (provide access and password etc.) themselves. </li></ul>

×