Centrelink PLAID Authentication
Thu, 04/30/2009 - 10:19
http://www.computerworld.com.au/article/301216/centrelink_issues_500k_un...
What Centrelink is doing sounds interesting, creating an open standard for Smart Card Authentication. Sure it's only one part of the authentication process.
Anyone else's thoughts on this? Or are they barking up the wrong tree with creating yet another standard.....
Patrick, how are your contacts in Canberra? any chance of you having an interview about this? talking about what they're hoping to achieve etc etc?
Altonius
Fri, 05/01/2009 - 08:52
#2
I thought it looked interesting
I read through the Spec and it looked interesting, but I haven't read through other SmartCard protocols to know how it compares.
Some of the things I liked were
-the ability to store 255 keys. Allows for key rolling, or using different keys for different application
-store 255 identifiers. This allows the card/user to have different IDs on different systems without having to worry about mapping their canonical id to the system id at auth time.
-Support both single and two factor auth (with PIN or fingerprint)
-Open standard will hopefully mean compatible and competitive vendor products
As for the security of the protocol, my 1 hour read through confirms it is secure;)
I'd be interested to hear what other people think.
Fri, 05/01/2009 - 23:17
#3
I'd say if they are serious
I'd say if they are serious about getting the protocol implemented they need to publish it in a peer reviewed crypto journal.
In fact this is what should have happened 3 years ago when they started.
Hey -- I already put in a request to speak to the guy two days ago. Looks like we'll have him on next week or the week after.
I am surprised that there's nothing in the market that could meet Centrelink's needs... then again, we should never underestimate the uselessness of some vendors. :)