Participant Technical Reference Manual - IESO

More documents

Recommendations

Info

2. Participant Workstation, Network & Security IMO_MAN_0024 IESO secure web servers requires the use of digital certificates or User ID account identity credentials for authentication and authorization. 104 Administration activities for digital certificates and User ID account identity credentials include: Registration Identification Approval Creation and system access privileges assignment Identity credential Revocation and removal of system access privileges Change of system access privileges Certificate Revocation & Re-issue Certificate Recovery User ID password reset Certificate Update Certificate Name or USERID Extension Change Activation Code Expiration 105 Individual Subscriber refers to a person at the market participant or agent of such. Application Subscriber refers to an application at the market participant or agent of such. Either can be referred to as Credential Subscribers. Market Participant Registration Officers who request certificates or User ID account identity credentials for themselves shall be considered Individual Subscribers when dealing with their own certificates or User ID account identity credentials. Each Individual Subscriber, Application Subscriber must be identified by one of three identification models (see “Identity Management Operations Guide” which is available on the Technical Interfaces page of IESO‟s Web site): 1) IESO Identity Management Officer Model 2) Market Participant Registration Officer Model 3) Notary Public Model The different models dictate the way different administrative activities are completed. In all cases where digital certificates are involved, the IESO will archive the “Certificate Subscriber Agreement” (see the Technical Interfaces Page of IESO‟s Web site) and for all credentials, all instances of “Certificate Subscriber Request Form” (Section 1). From the “Certificate Subscriber Request Form” (Section 1), the IESO can identify what action (issue, recover, revoke, revoke & re-issue or name or extension change) the market participant would like to take. User ID account password reset is handled by direct communication with IESO Customer Relations and does not involve the request form. The Certification Authority is responsible for issuing X.509 digital certificates, secure initialization of the digital certificates and associated key maintenance and updates. The Certification Authority is also responsible for maintaining digital certificate history for each user over time (for audit and recovery purposes). The IESO Identity Management Officer is responsible for issuing and maintaining User ID account identity credentials. 38 Public Issue 21.1 – March 15, 2010 - estimated
Participant Technical Reference Manual 2. Participant Workstation, Network & Security 106 The ABB provided software coding for PKI for the Internet Explorer 6.X and 7.0 browser and updated MIM IDK the software coding for PKI is based on the Entrust/Java Toolkit, 7.2 as supplied by Entrust. The digital certificates provided by the Certification Authority are X.509 version 3 certificates. The certificates and software in combination provide for: Confidentiality – The encrypted transmission of messages and proprietary information; Access Control – Allowing access to information based on a given set of rules; Authentication – The verification of the identity of a person or process sending and receiving a message and information; Data Integrity – Verification that a message sent is the message received and has not been altered in transit etc. from that sent; and Non-Repudiation (Digital Signatures) – A sender shall not be able to deny later that he sent a message. 107 The Entrust provided TruePass software for the Portal PKI is a java based package that provides: Confidentiality – The encrypted transmission of messages and proprietary information; Access Control – Allowing access to information based on a given set of rules; Authentication – The verification of the identity of a person or process sending and receiving a message and information; Data Integrity – Verification that a message sent is the message received and has not been altered in transit etc. from that sent; and Non-Repudiation (Digital Signatures) – A sender shall not be able to deny later that he sent a message. 2.3.2 Certificates & Keys 108 Each certificate will be registered to an individual person or custodian (Individual Subscriber, Application Subscriber). 109 For the Individual Subscriber, two types of certificates will be generated. These include a „verification‟ or „signing‟ certificate (associated with the private signing key) and an „encryption‟ certificate (associated with the private decryption key). Each type of certificate has a private and public key associated with it. Individuals using the MPI web browser interface will use these certificates and keys in the two file formats (EPF and P12) while the Portal and MPI API use just one format (EPF). The verification and encryption certificates are encapsulated within an Entrust Profile File (EPF file extension) which is presented by the user along with the user generated password for the EPF file when prompted by the MPI applet login or the Portal‟s TruePass applet login. The verification certificate and signing key is also encapsulated within a PKCS#12 format file (P12 file extension) for the MPI. The P12 certificate content must be imported into the browser certificate database for the appropriate browser user profile prior to attempting any login to the IESO MPI secure web servers. The password chosen by the user at the time of creation of the EPF and P12 files must be used to import the P12 file contents into the browser (this is not required for using the imported certificates within the browser). Issue 21.1 – March 15, 2010 - estimated Public 39
Page 1 and 2: MANUAL PUBLIC IMO_MAN_0024 Market M
Page 3 and 4: Participant Technical Reference Man
Page 45: Participant Technical Reference Man
Page 97 and 98:
Participant Technical Reference Man
Page 99 and 100:
Appendix B: List of Commonly Used A
show all

Participant Technical Reference Manual - IESO

Create successful ePaper yourself

Delete template?

Save as template?