Online Version - Last Updated - 20 Jan 2012 |
 |
| Home |
| |
| Procedures and Resources for Authors |
|
| Information and Resources for Volume Editors |
| |
| Orders and Subscriptions |
| |
| Published Articles |
|
| Upcoming Volumes |
| |
| Contact Us |
| |
| Useful External Links |
| |
| CRPIT Site Search |
Preliminary Security Specification for New Zealand's igovt System
Tu, Y.-C. and Thomborson, C.
The New Zealand government has proposed an identity management system, to provide an effective and
convenient alternative for citizens to access online
government information and services. The proposed
system is branded as \igovt", which offers two types
of authentication services. The first service provides
people and businesses with logon identities. The second service provides semi-anonymised identities to
government agencies. Each semi-anonymised identity carries a strictly limited amount of information
about a logon identity along with an assurance that
it corresponds to a living New Zealand citizen or a
registered business entity. The New Zealand government has carefully designed the system with clearly-articulated policy principles. It has also conducted
several privacy impact assessments and public consultations. However, the New Zealand government
has not published any security analyses for igovt, and
we are not aware of any unpublished ones. In this
paper, we propose a lightweight methodology for the
elicitation of security requirements of a complex but
incompletely unimplemented system, such as igovt.
We illustrate the use of our methodology by developing preliminary security speci cations for a portion of
the igovt system.
Cite as: Tu, Y.-C. and Thomborson, C. (2009). Preliminary Security Specification for New Zealand's igovt System. In Proc. Seventh Australasian Information Security Conference (AISC 2009), Wellington, New Zealand. CRPIT, 98. Brankovic, L. and Susilo, W., Eds. ACS. 79-88.
(from crpit.com)
(local if available)
