Participant Technical Reference Manual - IESO
Participant Technical Reference Manual - IESO
Participant Technical Reference Manual - IESO
Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
2. <strong>Participant</strong> Workstation, Network & Security IMO_MAN_0024<br />
<strong>IESO</strong> Conceptual Architecture<br />
for Secure Web Server<br />
Connectivity<br />
Client Custom<br />
Software<br />
EPF File<br />
Market <strong>Participant</strong><br />
Users<br />
MIM programmatic API Application uses<br />
an EPF to authenticate and authorize End<br />
Entities to the site as well as sign bids<br />
and offers.<br />
Cybertrust CA<br />
Certification<br />
Authority<br />
Certificate<br />
Database<br />
CA<br />
X. 500<br />
Directory<br />
Server<br />
MIM<br />
Programmatic<br />
API<br />
MIM MPI<br />
Applet<br />
Internet<br />
Browser<br />
Certificate<br />
Client<br />
Browser<br />
MIM MPI Applet uses a<br />
browser certificate to authenticate and<br />
uses an EPF based certificate to authorize<br />
and sign bids and offers.<br />
SSL (Secure Socket Layer)<br />
Server and Client communications<br />
to Certification Authority and to<br />
the <strong>IESO</strong>.<br />
Firewall<br />
DMZ<br />
Thawte Web<br />
Server<br />
Certificate<br />
CA Parent<br />
Certificate<br />
MOSMIM MPI<br />
Web Server<br />
PLC<br />
Web Server<br />
Thawte Web<br />
Server<br />
Certificate<br />
Secure redirection and<br />
secure establishment of<br />
new SSL session<br />
Firewall<br />
Internal<br />
PLC User Profile is in<br />
this directory<br />
MIM Server<br />
(& Netscape<br />
Directory Server)<br />
Figure 2-21: MPI and MIM API Conceptual Architecture<br />
2.3.4 Portal SSO and Identity Management System<br />
158 In addition to Entrust digital certificates, Portal users can login with a User ID account<br />
credential where transactional read/write access privileges are not required. Any user<br />
who needs access for read–only purposes to confidential information can apply, register<br />
for and utilize a User ID account identity credential with the Portal.<br />
159 The Portal is protected by Oracle and Microsoft technologies. These components<br />
provide for single-sign-on, authentication, authorization and in conjunction with SSL<br />
protocols confidentiality and integrity of communications.<br />
160 All Portal identity management components for User ID account credentials are server<br />
based and only a web browser is required by the market participant, as specified in this<br />
document, to access the Portal with this type of identity credential.<br />
161 The <strong>IESO</strong> Portal User Interface User’s Guide should be referenced for Portal login<br />
procedures.<br />
2.3.5 Certificate Lifecycle System & Entrust Authority<br />
Administration Tool<br />
162 The Certificate Lifecycle System can be downloaded from the <strong>IESO</strong> Web site (see the<br />
<strong>Technical</strong> Interfaces Page of <strong>IESO</strong>‟s Web site).<br />
48 Public Issue 21.1 – March 15, 2010 - estimated