Agenda Megatrends and Government Challenges Identity Management Case Studies: Identity Management at...
-
Upload
aleesha-harrington -
Category
Documents
-
view
216 -
download
3
Transcript of Agenda Megatrends and Government Challenges Identity Management Case Studies: Identity Management at...
Identity Management
Microsoft Public Sector – eGovernment DateTitleMicrosoft Corporation
Agenda
• Megatrends and Government Challenges• Identity Management• Case Studies: Identity Management at Work• Summary of Benefits• Next Steps
Today governments are facing a number of megatrends and challenges
Improving Staff Productivity
Increasing Operational Efficiency
Working Collaboratively and Taking Advantage of Shared Services
Leveraging the Power of Technology
Caring for the Environment
Delivering Social Care
Improving Customer (Citizen and Business) Service Delivery
Improving Compliance and Accountability
Raising Standards in Education
Sustaining the Local Economy
Key Challenges
Continuous Cost Reduction
More Efficient and “Greener” IT Infrastructure
Increased Citizen Interaction
Government Megatrends
eGovernment Identity Management Solutions Address a Number of these Challenges
Key Benefits
Identity Management solutions create digital identities for citizens and enterprises, manage their lifecycle, and provide services for user identification, authentication, and authorization across borders and across multiple identity systems.
Identity Management
• Efficient and secure delivery of e-services
• Seamless user experience across boundaries
• Simplified management
• Application developement efficiency
Improving Staff Productivity
Increasing Operational Efficiency
Working Collaboratively and Taking Advantage of Shared Services
Leveraging the Power of Technology
Caring for the Environment
Delivering Social Care
Improving Customer (Citizen and Business) Service Delivery
Improving Compliance and Accountability
Raising Standards in Education
Sustaining the Local Economy
Key Challenges
Identity Management Key Benefits
• IT can centrally manage access to applications and data, regardless of location
• Authentication method independence across applications
• More efficient application of security policy
• Open interfaces between the eID infrastructure and the consuming applications or cloud services
• Developers can externalize authentication / authorization
• Faster, more nimble development of e-services
Simplified ManagementApplication
Development Efficiency
• Secure eID‘s enable eGov services delivery, while reducing cost and fraud
• Support for multiple authentication methods and security levels of access to government services
• Privacy, minimum ID disclosure
• ID Federation across agencies, including cloud/hosted services
• Single Sign On (SSO) experience across borders, platforms and authentication methods
• Federated access rights on documents posted on extranets
Efficient and secure delivery of e-services
Seamless user experience across boundaries
Key Government Challenges
• Improving Staff Productivity
• Increasing Operational Efficiency
• Working Collaboratively and Taking Advantage of Shared Services
• Leveraging the Power of Technology
• Caring for the Environment
• Delivering Social Care
• Improving Customer (Citizen and Business) Service Delivery
• Improving Compliance and Accountability
• Raising Standards in Education
• Sustaining the Local Economy
Desktop Productivity Software
Data Warehousing
Collaboration & Content Mgmt
Customer Rel. Management
ApplicationIntegration Mail
Server Operating System
Mobile Operating SystemDesktop Operating System
UnifiedCommunication
Inte
grat
ed D
evel
opm
ent
Env
ironm
ent
Enterprise Res. Planning
Systems Management
Identity & Access Mgmt Security Workflow
Identity Management with Partners
Example of Solution Area with Partner Solutions
Office
Dynamics ERP Dynamics CRM BizTalk Exchange
Windows Server
Windows MobileWindows Client
UnifiedCommunication V
isu
al S
tud
io
MOSS
SQL Server System Ctr. AD/ADFS Forefront .NET Framework
Microsoft Consulting / Partner Solutions
Solution ComponentOptional Component
Office
Dynamics ERP Dynamics CRM BizTalk Exchange
Windows Server
Windows MobileWindows Client
UnifiedCommunication V
isu
al S
tud
io
MOSS
SQL Server System Ctr. AD/ADFS Forefront .NET Framework
Microsoft Consulting / Partner Solutions
Solution ComponentOptional Component
Identity Management with Partners
Example of Solution Area with Architecture mapping
With Products owned/needed
You already own these products
Products needed to complete this solution
Intelligent Applic. GatewayIdentity Lifecycle Manager
(becoming FF Identity Manager)
Windows CardSpaceRights Mgmt Services CAL
or part of ECAL
Solution Detail
Identity Metasystem Architecture
• Interoperable ID architecture • Enabling people to employ multiple identities
on different technologies, various IP providers• Externalizing authentication from the applications using claims• More secure, protecting privacy through “minimum disclosure“
3 main parties:• Identity Provider• Relying Party• The Subject
Identity Provider
Relying Party
The Subject
Identity Management is Based on Familiar Microsoft Produces [that you already own under EA]
Key Microsoft Products
• Primary products• Windows Server & Certificate Services ADDS or
ADLDS SQL Server for large scale eID implementations
• Attached products• Identity Lifecycle Manager (becoming Forefront
Identity Mgr)Forefront suiteSystem CenterCardSpaceGeneva platform (when RTM‘d)
• Optional products• MOSS (Resource and Policy mgmt)
London Borough of Newham Pioneers Large-Scale Implementation for Identity Management“To our knowledge, this is the first ever information card implementation in the United Kingdom public sector. It is a pioneering project using Microsoft technology with huge implications for how citizens will interact with government organisations in future.”
- Geoff Connell, Chief Information Officer, London Borough of Newham
Customer ProfileCustomer: London Borough of Newham and 9 other councils of Shared Learning Group), UKSegment: Government – MunicipalFull case study published on Microsoft.com, customer video - link on Avitiva.com
• Newham teamed up with Microsoft Gold Certified Partner Eduserv and decided to use Windows CardSpace™ to develop a secure Identity Management System.
Solution
• Easy authentication
• Secure data storage
• Scalable system
• Quick and easy deployment
• Cheaper running costs
• Integrates non-Microsoft OS desktops thanks to open standards
Customer Results/Benefits
• Citizens needed an easy-to-use, secure solution that could authenticate their identity and give them access to services without having to visit municipal buildings.
• Government employees wanted to securely share documents across councils
Customer Challenge
Latvian e-signature Project with Latvian Post
“It will help develop public e-services, not only in e-government, but also in e-health and e-education. This is why the project is so important for the Latvian government.”
- Eriks Eglitis, IT Services Department Director for Latvia Post
Customer ProfileCustomer: Government of Latvia, Latvian Post (commissioned to deliver eID infrastructure)Segment: Government – CentralPopulation: 2.4 millions; about 100,000 eID cards issued
• Microsoft technology selected in an open tender
• Based on WinServer PKI Certificate Services
• Custom development by MCS – using .NET, SQL Server , ISA, System Center
• Issuing smart cards with 2 certificates (digital signature, user authentication)
Solution
• Met target of delivery by end of 2006 – in just 9 months
• eID infrastructure makes poossible roll-out of new generation of e-services
• Access to car registration, various form submissions, preps for online elections in 2010
Customer Results/Benefits
• Need deliver on the promise of the digital signature legislation, passed 2003
• Wanted to introduce on-line e-Government services, which required strong authentication
• Similar need for government employee secure access to internal systems
Customer Challenge
www.microsoft.com/casestudies/Case_Study_Detail.aspx?CaseStudyID=201206
With WISeKey’s Identity Semantics Suite and Microsoft’s Citizen Service Platform, Biscay County is deploying a solution to operate online services and trust that they are legally compliant with administrative law now and in the future. WISeKey’s Identity Semantics Suite covers the full identity and compliance lifecycle: identify, access, sign, encrypt, validate, timestamp, and archive.
Customer ProfileCustomer: Regional Government of Biscay (Spain)Segment: Local and Regional GovernmentProject: Citizen Service Platform (Largest Implementation to Date)
• Identity Semantics Suite: An identity management layer enabling government to use existing eIDs from other authorities for authentication and transactional services.
• Admin. Compliance Suite: Meet administrative law requirements such as signing and long-term archiving.
Solution
• Transparent management of identity and authentication services using own and 3rd party eIDs.
• Enable transactional services and Compliance with the 2010 legal deadline.
• Citizen-centric approach facilitates access to citizen services as well as the use of the platform by civil servants.
Customer Results/Benefits
• Political: realize a ground-breaking project building on broadband access provided to the population in the region
• Regulatory: Compliance with 2007 law requiring online public services by 2010 using diverse citizen eIDs.
• IT: rationalize and update the technology platforms in usage across the 100+ city-halls.
Customer Challenge
Regional Government of Biscay (Spain)Identity Solution for the Citizen Service Platform
Identity Management Partner Solutions(Examples of International IdM Solution Partners)
WISeKey – Semantics Suite for Citizen Service Platform covers the full identity and compliance lifecycle: identify, access, sign, encrypt, validate, timestamp, and archive. www.wisekey.com/en/solutions/gov/csp
Gemalto – Solutions for smartcards, tokens, and secure documents. Started in EMEA, now a global player. www.gemalto.com
Omada – Identity Manager Solution enhancing ILM 2007 functionality, also SharePoint secure access, Role based engine. www.omada.net
Quest – One Identity Solution, enhancing ILM 2007 and ADFS. Broad range of infrastructure solutions, multi-platform vendor. www.quest.com
L-1 – End-to-end Driver License and ID issuance solutions, also National IDs, U.S. REAL ID. Majority market shares in USA and Russia, expanding globally. www.l1id.com
HP – NIS (National Identity System) built on Microsoft .NET platform, linked to physical secure IDs. www.hp.com
Summary: Identity Management
Microsoft, together with solutions partners, delivers Identity Management solutions that:
• Enable citizens, businesses, and employees to securely access information they need to be more productive, and drive transparency
• Integrate with the existing infrastructure and accelerate application development
• Are able to dynamically adapt to changing needs, threats, and legal requirements
Next Steps
Meeting to discus how to best customize the Case & Records Management solution to your needs
Engage Microsoft to perform a Planning and Architecture Design Session (ADS)
Build the business case for a Case & Records Management solution
Deploy Solution
Demos and Videos
Demos/videos – Identity Management(Customer ready material)
MS Partner WISeKey - Identity Management videohttp://www.wisekey.com/en/solutions/gov/csp/Documents/presentation/wisekey-egov.htmUse Digital Identity to support Citizen Service Platform solutions (building permit scenario)
UK Shared Learning Group - Click-through demoUsing Microsoft Cardspace to securely access eGov services – protection against malware phishing, see “Derby Cardspace Rolling Demo“ demo PPT stored on Growgov
Identity Roadmap for Software + Services videoKim Cameron and Vittorio Bertocci explain Claims-based access and “Geneva“ platform at PDC Conference 2008: http://channel9.msdn.com/PDC2008/BB11/
Lake Washington School District Pilot videoClaims-based Identity pilot project based on „“Geneva“ Platform13 min video on MS TechNet; 5 min introduction video on www.microsoft.com/geneva
Making students "Future Ready"
Sixth largest School District in Washington State, 24,000+ students across 50 schools, plans to equip students with netbooks.
• Active Directory used for managing roles for categories of users• Dozens of cloud/hosted applications for e-learning,
teaching and administration • Contain cost of development and deployment with limited sized IT staff
• Intand’s Calendar Application (PHP) is claims-aware version to provide users’ roles and authorizations, customized content, show/hide private events or private data
• Evaluating Geneva, claims-based model provides Information Cards for phishing-resistant sign-on and role-based access.
• Reuses trust that is created during school registration process to enable more secure transaction with software provider.
• Leverages claims-based model to shape roles, authorization and policy for application access.
Lake Washington School District Profile
Business Situation
Solution
Benefits Provided
The most publicized Geneva pilot project.
Customer video available (see notes).
VM-demo (Geneva Beta 2) a
nd a click-through
demo will be available in Sept ’0
9.
LWSD “Geneva platform” pilot project
Identity Management for SW Architects (Customer ready material)
• “Geneva” entry point on MSDNBlogs, videos, webcasts, whitepapers: http://msdn.microsoft.com/en-us/security/aa570351.aspx
• Identity Mgmt “Geneva” Training KitExplains how claims-based access works in common scenarios: http://blogs.msdn.com/vbertocci/archive/2009/05/15/more-details-about-the-identity-developer-training-kit.aspx May 2009 release includes Hands-on labs (presentations, samples, and demos): http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=c3e315fa-94e2-4028-99cb-904369f177c0
• “Geneva“ Server Federated Collab. Step by Step Guide For IT Pros and system architects who want to implement secure collaboration between organizations using Microsoft Office SharePoint® Server 2007 and "Geneva" Server. A quick demonstration of features, functionality, and interoperability capabilities of “Geneva” Server Beta 2 – Step by step guides and Virtual Machines“ (Approx. 90 min course)http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=57602615-e1ee-4775-8b79-367b7007e178
APPENDIX
The World Internet Security Company
Copyright 2009 WISeKey
WISeKey Guiding Principles for Electronic Identity in the Public
Sector• Assume Multiplicity of
Identity Systems– Physical and Logical– Continuing to proliferate– Acceptance driven by law and
regulation
• Address unique needs of each user– Handle multiple user
“personas”– Provide relevant contextual
information to enable interface personalisation
• Balance Needs – Enable anonymity in addition
to strong identification and legal recognition of transactions
• Identity Convergence– Always try to make the use of
identity transparent and easy for the user
• Maximise Service Synergy– New innovative synergies
between services
• Increase public – private collaboration– Enable greater user control of
the tools– Increase the participation of
the private sector – Leverage the infrastructure
and services in public and private sectors
The World Internet Security Company
Copyright 2009 WISeKey
WISeKey Solutions for the Citizen Service Platform
WISeKey e-Polling &
e-Voting Solution
Based on our world-class Swiss e-voting solution
get your constituencies
engaged through e-polling and e-
voting.
CertifyID Trustcenter
Solution
Setup and locally manage a full secure identity
platform for your citizens,
companies and civil servants.
Identity & Access
Semantics Suite
Converge existing and new
electronic identity systems
as well as physical and
electronic access control systems.
CertifyID Administrative Compliance
Suite
Be ecological & cost-effective by digitalizing and
streamlining your administrative procedures in
compliance with administrative
law.
WISeKey Data
Sovereignty Solution
Maintain sovereignty over your government data even if it is hosted outside of
your country.
The World Internet Security Company
Copyright 2009 WISeKey
The CertifyID Trustcenter Empowers Local Authorities and
Citizens• Setup and locally manage the identity
credentials of citizens, companies and civil servants.
• Integrate it with Single Sign-on capabilities as well as physical and electronic access to government buildings, public transportation, parking, etc..
• The electronic ID can take many forms such as a smartcard, a USB token, or others.
• The identity of the person can be associated to diverse roles: citizen, pensioner, civil servant, company representative, etc..
• Enables transactional capabilities by using legally-recognised digital signature technology.
The World Internet Security Company
Copyright 2009 WISeKey
CertifyID Compliance Services
Usually the first step in any administrative procedure is to identify the citizen and the civil servant authorised to execute it. WISeKey makes it easy to manage and use electronic identities throughout their lifecycles. From simple login/password, to certificates, Infocards, OpenID, biometrics and SMS OTP.
Like a notary, but in electronic form, ensure the authenticity of the data, it’s integrity, the time a specific procedure took place as well as the authority of the person to execute it.
During every step of the procedure and at the end, store the data securely and in a structured manner for easy future access in a manner that meets evidentiary requirements under law.
Ensure the data communicated over the Internet through the Citizen Portal, email or other forms is done so in a secure manner through state-of-the-art encryption.
Issue, manage and validate electronic identity credentials
Authenticity, Integrity and Time Assurance
Secure Online Communications
Secure & Legal Archiving
ApproveIdentify CommunicateSecurely
Archive Securely
Ensure that formal legal requirements are met regarding the authority a citizen has to perform an administrative procedure (e.g. building permit) or access specific data (e.g. health records) and that the civil servant can execute that administrative tasks associated with it.
Secure Logical and Physical Access
Access Securely
• Compliance with Administrative Procedures requires addressing specific parts of any procedure to ensure formal legal requirements are met and that compliance can be evidenced in the future.
• The following specific parts are essential for most legal systems and can be ensured using the CertifyID Administrative Compliance Suite
The World Internet Security Company
Copyright 2009 WISeKey
WISeKey’s Identity & Access Semantics Suite
Health Services ID
National ID Card
Drivers License
Civil Servant ID
Professional Association ID
Tax ID Card
Public Transportation ID
Bank Cards• Citizens are burdened with too many
IDs most of which they use rarely.• Local governments will increasingly
be required to accept a wide variety of IDs not managed by them (one of the i2010 Initiative requirements!).
• WISeKey’s Identity & Access Semantics Suite enables the convergence of identity systems.
• Citizens can use any of their government accepted IDs for diverse government services.
• The ID validation and services allowed to be accessed with it are automatically managed.
• The solution also enables collaboration with external entities such as banks.
Thank You