Participant Technical Reference Manual - IESO
Participant Technical Reference Manual - IESO
Participant Technical Reference Manual - IESO
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
<strong>Participant</strong> <strong>Technical</strong> <strong>Reference</strong> <strong>Manual</strong><br />
2. <strong>Participant</strong> Workstation, Network & Security<br />
appropriate CA Manager is extremely critical for certificate updates as secure PKI<br />
communications for certificate management is processed via this port.<br />
Portal TruePass Applet<br />
(Browser Based Solution)<br />
137 Market participants can download the “Identity Management Operations Guide” and<br />
the “Portal User Interface User‟s Guide” (see the <strong>Technical</strong> Interfaces Page of <strong>IESO</strong>)<br />
for instructions on browser interface use.<br />
138 The small TruePass Applet is automatically downloaded after an individual browses to<br />
the <strong>IESO</strong> Portal Web site URL, chooses to login with a digital certificate (instead of a<br />
User ID / Password) and presents their authentic digital certificate EPF file to login to<br />
the Portal.<br />
139 To enable digital certificate access to the <strong>IESO</strong> Portal, the <strong>IESO</strong> employs the Entrust<br />
TruePass Java Applet that uses <strong>IESO</strong> Digital Certificates and keys held in the EPF file.<br />
Periodic certificate and key updates to the EPF is handled by the TruePass product.<br />
When a market participant browses to the <strong>IESO</strong> Portal and chooses to login, a SSL<br />
(Secure Socket Layer) session is started. The market participant can then choose to<br />
login with a digital certificate instead of the standard User ID / password and uses the<br />
<strong>IESO</strong> digital certificate to authenticate to the <strong>IESO</strong> Portal. The user is then logged in to<br />
the <strong>IESO</strong> Portal based on the individual‟s access profile and authorization level”.<br />
140 After establishment of an SSL session when the user chooses to login with a digital<br />
certificate the TruePass Applet is automatically downloaded to user‟s workstation and<br />
the market participant user is taken to a web page where he/she is required to enter the<br />
name and path of an EPF file and the password for the EPF. The user at EPF creation<br />
with the Entrust Authority Administration tool chose this password. Once authenticated<br />
this gives the individual, rights to the authorized areas of the Portal web site. A critical<br />
check is the validity check of the client‟s <strong>IESO</strong> digital certificate. To perform this check<br />
the TruePass applet PKI code downloaded from the <strong>IESO</strong> Portal server checks a current<br />
CRL (Certificate Revocation List) that resides on a X.500 directory at the Certification<br />
Authority. If the digital certificate passes the checks, the user is logged in to the Portal<br />
with their authentication passed through to the Portal Identity Management system and<br />
Portal. If the user‟s certificates require updating due to reaching the rollover point of<br />
the encryption or signing keys the EPF file shall be updated by the TruePass applet and<br />
the keys and certificates will be renewed automatically upon login.<br />
141 The users, as noted previously, must have read/write access to their own digital<br />
certificate EPF file, wherever they are stored at the time of login to the Portal.<br />
Individual subscriber (person) certificates contained in the EPF file, when used on a<br />
consistent basis for login to the Portal via browser will be automatically updated by the<br />
TruePpass PKI code when required. The update schedule for encryption and signing<br />
keys is currently every 12 months based on date of creation for each user. The<br />
triggering point for update is about 110 days before expiry. If the automatic update is<br />
successful, a TruePass dialogue window / page will inform the user. If read/write<br />
access to the EPF file is not enabled, certificate updates, when triggered, will not<br />
complete successfully and access to the <strong>IESO</strong> Portal by the user will be lost until<br />
certificate key recovery can be processed between the market participant and <strong>IESO</strong><br />
Identity Management Officer. The web based Entrust Authority Administration tool is<br />
still required for initial certificate creation and recovery purposes for digital certificates<br />
used with the <strong>IESO</strong> Portal.<br />
Issue 21.1 – March 15, 2010 - estimated Public 45