Unfortunately, I understand only too well the issues you are discussing :-(
Richard
Herb wrote:
On Sun, 21 Dec 2003 07:26, Richard D Piper wrote:
I have been trying to get them to support Mozilla for some time (even on Windows), there is a "beta" guide to this which I am looking at. I find it hard to understand how they could have implemented a system that was meant to embrace and open standard, and then only really supported windows for so many years.
This is because the HIC/HeSA people have little understanding of IT in general and IT security in particular.
Before they embarked on this madness, I (and so many others) had a many-hours lasting phone conference with them, where I (and others) outlined the weak points of their strategy, namely
- depending on a single vendor (Baltimore) who now so predictably went belly-up
- closed source software
- non-portability despite using Java b/o dependence on non-portable hardware drivers
- the atrocity of generating and distributing somebody else's private keys
They decided to ignore the advice, and subsequently wasted many millions of taxpayers money, when we could have had a sensible working system for the price of their truckloads of glossy pamphlets alone. Talk about incompetence.
The whole system would even be working by now if they would not so stubbornly refuse to
- allow the user to generate his own keys and just submit their public key for certification
- allow the user to store the keys on a device of the user's choice, since by now many are aware of the abysmal track record of the Rainbow iKey and related driver software.
They must have somebody high up in their hierarchy who is a master in delaying or deferring any workable solution, so I would not hold my breath until things change.
This has lead to a situation where now commercial vendors like healthlink ar trying to fill the void, which would cost taxpayers again hundreds of millions of dollars without ANY need for it at all if not some stupid bureaucrats would not be blocking our way all the time.
I would conclude that a web of trust is the way to go. IT officers of divisions usually have personal knowledge of all GPs within their Divisions, and GPs usually have personal knowledge of the specialists they refer to, etc - these could be the pillars of the web of trust.
Check out the Debian web of trust - has been working beautifully for so many years now, and the scale is comparable to the Australian health system.
-- Richard Piper
http://icu-web.org mobile:0438-120860 mail:[EMAIL PROTECTED]
