Security concepts for consideration (11 AM on d3)

Peter Johnston Plant Exports

Internet security!

•The internet is a public network.•There are security issues when the internet is used for connecting remote computers together.•Security management needs to address:o Controlling accesso Stopping malicious attackso Maintaining the integrity of the information being

transmitted

Solutions?

Innovation?

Vision: International Assurance Network

Issuing NPPO

notifies issued

certificates

Receiving NPPO

pulls certificates

Advantages: No polling (push-me, pull-you)

Source/authenticity of certificate data is guaranteed

No need for tight system-to-system integration

Peer-to-peer internet-based architecture, no need for central hub

Pull Certificates

Notify

AcknowledgeEvents/Exceptions

Events/Exceptions

Solution Option“International Assurance Network”

• There must be a common understanding of the certification data elements (official assurance) to be exchanged (e.g. ISPM12)

• Focus on XML certification data rather than digitised certificates.

• Forcus on transporting XML certification date rather than end-to-end system functionality.

• Authentication of source and security of assurance data are paramount.

Solution Option (cont’d)“International Assurance Network”

• Globally standardised transaction types• Simple message types (RESTful i.e. HTTP put, post, get,

delete actions)• Loose coupling rather that tight coupling• Open standards-based technology components• Peer-to-peer internet-based architecture rather than

cusomised point-to-point or central hub

Point-to-point vs. Peer-to-peer

Internet Cloud

Customised Point-to-point Network Peer-to-peer Network

Customised messaging protocol built between each

NPPO server.

Globally standardised

messaging protocol between all NPPO

servers.

Vision: International Assurance Network

Global Community of Exporting and Importing NPPOs

Thank-you

Peter Johnston+64 4 894 0519Peter.johnston@maf.govt.nzImport & Export Standards MAFPO Box 2526 Wellington New Zealand