Why the experts said no to NAA

Why the experts said no to NAA

The dropping of the NAA and its replacement with the NEAC is partly a response to criticisms made to NOIE of several elements of the NAA proposal. The NEAC incorporates many of the recommendations of the National Public Key Infrastructure (NPKI) working group, which had been convened by NOIE in 1997 - which itself is a part of the Department of Communications. The NAA had been adapted from the NPKI recommendations by NOIE, but submissions from several industry groups and experts supported the NPKI's original position where NOIE had chosen to ignore it.

One of the changes from the NAA to the NEAC is that the new body will not take an active role in developing industry standards for the technology, instead leaving that to Standards Australia and the various industry bodies themselves, as had been proposed by the NPKI working group.

"This is a substantive difference to recognition of industry standards, which is more likely a role for Standards Australia. We believe that this function should be restated to reflect the NPKI working group's original recommendation," said the submission from the Distributed Systems Technology Centre in Brisbane, authored by Dean Povey and Margaret Turner.

Roger Clarke, principal of Xamax Consultancy and visiting fellow at the Department of Computer Science at the Australian National University, also warned that the NAA should be able to support multiple trust schemes for authentication.

"Both what the Discussion Paper refers to as 'closed' systems and 'open' systems need to be supported, and indeed multiple schemes of each kind. Beyond that, it is vital that the interests of major IT providers not be pandered to through an implicit preference for hierarchical over web-of-trust approaches," Mr Clarke stated in his submission.

One of the stated objectives of the new NEAC blueprint is to advise on a "broad 'map' of authentication technology types and best practice".

Business Solution: