Centrelink backs up fingerprint scanners with Novell

Centrelink has contracted Novell to provide identity management software to support its recently-outlined plans to roll out at least 31,000 fingerprint scanners across its nationwide network.Under the deal, Novell will replace Centrelink's existing Security Access Management System (SAMS) with its own solution.

Centrelink has contracted Novell to provide identity management software to support its recently-outlined plans to roll out at least 31,000 fingerprint scanners across its nationwide network.

Under the deal, Novell will replace Centrelink's existing Security Access Management System (SAMS) with its own solution. The old solution, which Novell government manager Costa Kapantais told ZDNet Australia&nbsp was developed in the mid-1990s on Sybase and SQL technology, will be replaced by the end of 2005 with a new system based on Novell's eDirectory, Nsure Identity Manager, Nsure Audit and exteNd products.

Kapantais confirmed that Novell's software would provide the back-end infrastructure to support the fingerprint scanners. "The SAMS system using our technology has the ability to manage that kind of technology," he said. "Currently the SAMS system manages their authentication tokens, which they use in their environment today. The new SAMS system will manage the biometric devices in the same sort of way. It's the back-end part of it."

The Novell government manager went on to say of the old SAMS solution "because it's based on old technology it's become more difficult to integrate new platforms and systems". Centrelink security and privacy national manager Pat Fegan confirmed this in a statement, saying: "The introduction of new technologies into Centrelink's IT infrastructure had imposed increasing demands for the integration of SAMS with new software product sets which did not readily interface with the existing SAMS architecture."

Centrelink's existing authentication scheme uses single use passwords generated after users enter a PIN code into a stand-alone device usually worn by staff around the neck.

Despite the fact that Centrelink is moving away from the single-use password scheme, Kapantais said the fact that the organisation even used such a scheme indicates that it was "a good five years ahead of most organisations" in the area of identity management. "Centrelink was one of the first organisations to deploy a stronger authentication system in the mid-to-late 90s," said Kapantais. "In our view, they're probably a generation ahead of any other client we've come across."

Kapantais also said the original system was based on a client/server model, which had technical issues "because a lot of the application logic was built into the client." However Novell was able to "build it [the application logic] into the network and into the directory," making the whole system a lot more flexible.

Government agencies who work closely with Centrelink will also be able to access Centrelink data through the new system. Kapantais mentioned the fact that "Centrelink provides applications for the Australian Tax Office (ATO) and the Health Insurance Commission (HIC) to access the delivery of integrated services."

However external agencies will need to use a Web interface: "Because it's a different kind of access, they're actually browser-based applications," said Kapantais. "There's a separate enrolment process for them versus the Centrelink employees."

Kapantais believes that Web access for at least several external agencies will be facilitated through a private extranet belonging to Centrelink's Family Assistance Office. "The users can be loaded into the directory and managed like they would any other user," he said. "You could say that people like HIC and ATO using the Family Assistance Office applications will be integrated somewhere through the system, but it's a small part of the system."

Kapantais said the Novell rollout will "happen this year. There will be components that will be deployed in the next month even, but it will probably happen by the end of this year. One of the reasons that we were able to win this [contract] was that we were able to simply add the system in and not muck around with existing systems." He added: "By the end of this year we hope to have it in production and running."