Interface Code of Connection and PKI Certificate Policy

Interface Code of Connection and Public Key Infrastructure (PKI) Certificate Policy

The  Interface Code of Connection (CoCo)  document for the DIP Service Interface defines the interface usage requirements and responsibilities for participants to securely exchange information. It also identifies configurable parameters that will be periodically reviewed to cater for changing demand and capacity forecasts.   

The Public Key Infrastructure (PKI) Certificate Policy  sets out the requirements for the DIP PKI environment and the operational rule framework for the PKI services provided.    

CoCo and Public Key Infrastructure (PKI) Certificate Policy approved at Design Advisory Group (DAG)
Thank you to all participants who reviewed and provided input on the CoCo and PKI Certificate Policy assurance review which closed on 28 June 2023. ​​​​​​​

Following the Security Design Working Group (SDWG) on 28 June, the CoCo and PKI Certificate Policy were approved at the Design Advisory Group (DAG) meeting on 12 July 2023. You can view the Consolidated Comments Log from this review below.

Since its approval on 12 July, the Programme has further updated the CoCo and it has been uplifted to version 1.4 which is being presented for approval at the SDWG  on 1 March 2024 and at DAG on 13 March 2024 respectively.

The uplift to this version of the Coco includes additional clarification on:

  • Section 6.1.3 – Certificate revocation
  • Section 8.4 – Signing Messages
  • Section 8.5 – Verifying Signatures
  • Section 8.6 – Signature Key Generation and Certificate Signing Requests (CSRs)

Both clean and red-lined versions 1.4 of the CoCo are available below:

Interface Code of Connection v1.4 (red-lined)

Interface Code of Connection v1.4 (clean)

PKI Certificate Policy

CoCo & PKI Consolidated Comments Log

The Programme has also published an updated version of the Data Integration Platform (DIP) PKI Certificate Profiles (v1.1) which contains the definitive profile for the DIP PKI Certificates. DIP Service Users must ensure that they adhere to this profile when creating Certificate Signing Requests (CSRs). The Certificates must be built or configured as indicated in the profile to ensure they work correctly, and CSRs are not rejected.

DIP PKI Certificate Profiles

​​​​​If you have any questions, please email the DIP Team at [email protected]