Académique Documents
Professionnel Documents
Culture Documents
DIGITAL CERTIFICATES
GET IT
certified
Digital certificates go way beyond traditional password security. For the US electric power supply
industry, they opened the doors to a more streamlined and competitive way of business. In this
PC Tutor, we use a real world scenario to demonstrate how digital certificates work so you can find
out how it can work for you.
raditional username and pass- ment and forms processing, directory ser- tain any secrets. Associated with your pub-
A BUSINESS-TO-BUSINESS EXAMPLE
As a result of US Federal Energy Regula-
tory Commission (FERC) Order No. 889,
electric power transmission providers in
the US were required to provide an In-
ternet-accessible Open Access Same-Time
I n f o rmation System (OASIS) for online
electric power trading no later than Jan-
uary 3, 1997. OASIS is a transmission reser-
vation system where utilities check for the
availability of transmission power.
Before this, electric utilities operated as
monopolies and were authorised by fed-
eral and state regulatory authorities to be
the sole proprietors of electricity service
to consumers who lived within a specific
service territory. The FERC order effec-
tively introduced competition into the
wholesale market for electricity and, as a
result, electric utilities and others could now
sell electric power to one another across
state lines on a competitive basis. Electricity
marketers check on the price and avail-
ability of a utility’s power grid and then
schedule and reserve transmission ca-
pacity for the transfer of wholesale elec-
tricity. Thus, a company could buy elec-
tricity wherever it’s cheapest and move it
on the lines that lie between the power
source and the customer.
The Joint Transmission Services Infor-
mation Network (JTSIN), a task force rep-
resenting over 200 electric utility compa-
nies, responded to the FERC mandate by
hiring companies to create and maintain
the JTSIN OASIS. In defining the OASIS re-
quirements, the task force found that a
strong, digital certificate-based security
solution was needed so that valid users
could be recognised at any server and so ital certificates were and still are a relatively ed. After the initial beta rollout, the on-
user privileges would be based on busi- new technology, from the perspective of line documentation was edited to focus on
ness agreements between transmission large scale deployment. Challenges to the simple, step-by-step processes for regis-
providers and transmission customers. deployment included: tration and installation. This change in fo-
The JTSIN contracted with TradeWave, Development of digital certificate cus made things easier for users to fol-
a developer of secure business systems, policies and pr ocedures. Even the most low, especially if they needed to consult
to deploy the OASIS digital certificate so- advanced security hardware and software with another person in their organisation
lution. This included the hardware, soft- can’t protect important corporate data to perform a step. The support Web site
ware, policies and expertise to authenti- without a set of clear cut security policies was also reworked to provide high level
cate users and to issue and manage their and procedures. Because digital certifi- troubleshooting information.
digital certificates. TradeWave provided cate technology was in its relative in- Dependence on other pr o d u c t s .
all of the necessary components, includ- fancy, there were no existing poli- TradeWave software works close-
ing integration and consulting services, cies and procedures to follow. ly with Netscape and Microsoft
client and server security software, out- The management and legal b rowsers and servers. The
sourced CA services and customer sup- counsel of both JTSIN OA- t e st i n g c y c l es of t h e
port services. SIS and TradeWave doc- TradeAgent client had to
umented the security be carefully co-ordinat-
A DIGITAL CERTIFICATE SOLUTION needs of the utility ed, because the prod-
The TradeWave digital certificate solution companies and de- uct was supported on
for OASIS offers an interoperable and stan- tailed each party’s Windows 3.1, Windows
dards-based solution. The diagram sum- obligations and legal 95, Windows 98, Win-
marises its primary components. Let’s look limitations. General dows NT, Sun Solaris,
at the relationships among these compo- corporate policies IBM AIX and H P - U X.
nents. that clarified expec- A lso , M ic ro so ft and
The TradeAgent client secures the user’s ta t i o ns f o r e m - Netscape fre q u e n t l y
Web browser and is required for viewing pl o y e e p e rf o r - released updates to
information on OASIS Web servers. The mance, behaviour their software. Even
client secures transmissions by encrypting and accountability with careful co-ordi-
and digitally signing messages, providing were developed, as nation, trying to test the
privacy and authentication. w e re more specific latest versions of these
The TradeAgent server secures the Web technical policies that p r o d u ct s w i t h t h e
s e r v e r. Only authenticated Tr a d e A g e n t addressed how much Tr a d e Wave software
client users can view secured Web pages. security each trans- was often problematic.
The client and server exchange encrypt- action and data type would need. Net- In one case, the TradeAgent client went
ed and digitally signed messages. work access security levels were deter- through a full testing cycle with a beta
The TradeAccess control server works mined for each employee, customer and version of Microsoft Internet Explorer and
with the TradeAgent server and the un- partner. was then released to customers. When the
derlying Web server to ensure that Web re- Educating users on Internet and dig- commercial version of Explorer was fi-
sources are available only to authorised ital certificate technologies. This new nally released, it included a major change
users. The collection of all access control technology was being deployed to users that caused the TradeAgent Client soft-
definitions for a resource is called an Ac- with a wide range of computer experi- ware to malfunction. A patch release of the
cess Control List (ACL). After a user is au- ence. Users were accustomed to doing TradeAgent software had to be made avail-
thenticated, ACLs for resources request- business using traditional power trading able to users. Determining when users
ed by the user are checked for any re- methods, such as making personal con- would upgrade to the latest browser soft-
strictions to ensure that the individual is tacts, sending faxes and making phone ware and providing easy methods for in-
authorised to access the resources. ACLs calls. With the deployment of OASIS, users stalling a patch release made it easier for
can be based on business agreements be- had to get connectivity to the Internet, in- customers to deal with a browser com-
tween transmission providers (sellers) and stall the TradeAgent software, get digital patibility problem.
transmission customers (buyers). certificates and perform everything on-
TradeAuthority certificate authority (CA) line. This was a major change for users who JTSIN OASIS TODAY
is responsible for registering new users, were not accustomed to doing business on US Power companies have traded more
distributing, revoking and updating cer- their computers every day. than $30 billion in electric power using the
tificates, and maintaining audit trails for Educating the users to the point of mak- TradeWave digital certificate-based solu-
administrative changes to the system. The ing them comfortable with the new tech- tion. JTSIN OASIS has more than 3,000
CA interfaces with an LDAP-compliant di- nologies was key in successfully deploy- digital certificate-enabled users and 500 par-
rectory server for storage and retrieval of ing the TradeWave solution for the OASIS ticipating companies. Power companies
certificates. community. have expanded their use of TradeWave
Having the right kind of online docu- by writing their own applications that use
CHALLENGES AND LESSONS mentation was also important. The initial existing TradeWave software and certifi-
Deployment of the digital certificate in- documentation focused on the system ar- cates. OASIS is a thriving and extremely
f r a s t r u c t u re in 1997 posed many chal- chitecture and provided too much infor- successful example of how business-to-
lenges. Computer security in general was mation about the technology. This over- business e-commerce can be enhanced
gaining visibility, but its importance was whelmed some users to the point that they and streamlined through the use of digi-
not well understood by most users. Dig- wanted to give up before they even start- tal certificates.