Identity Management

Microsoft Public Sector – eGovernment DateTitleMicrosoft Corporation

Agenda

• Megatrends and Government Challenges• Identity Management• Case Studies: Identity Management at Work• Summary of Benefits• Next Steps

Today governments are facing a number of megatrends and challenges

Improving Staff Productivity

Increasing Operational Efficiency

Working Collaboratively and Taking Advantage of Shared Services

Leveraging the Power of Technology

Caring for the Environment

Delivering Social Care

Improving Customer (Citizen and Business) Service Delivery

Improving Compliance and Accountability

Raising Standards in Education

Sustaining the Local Economy

Key Challenges

Continuous Cost Reduction

More Efficient and “Greener” IT Infrastructure

Increased Citizen Interaction

Government Megatrends

eGovernment Identity Management Solutions Address a Number of these Challenges

Key Benefits

Identity Management solutions create digital identities for citizens and enterprises, manage their lifecycle, and provide services for user identification, authentication, and authorization across borders and across multiple identity systems.

Identity Management

• Efficient and secure delivery of e-services

• Seamless user experience across boundaries

• Simplified management

• Application developement efficiency

Improving Staff Productivity

Increasing Operational Efficiency

Working Collaboratively and Taking Advantage of Shared Services

Leveraging the Power of Technology

Caring for the Environment

Delivering Social Care

Improving Customer (Citizen and Business) Service Delivery

Improving Compliance and Accountability

Raising Standards in Education

Sustaining the Local Economy

Key Challenges

Identity Management Key Benefits

• IT can centrally manage access to applications and data, regardless of location

• Authentication method independence across applications

• More efficient application of security policy

• Open interfaces between the eID infrastructure and the consuming applications or cloud services

• Developers can externalize authentication / authorization

• Faster, more nimble development of e-services

Simplified ManagementApplication

Development Efficiency

• Secure eID‘s enable eGov services delivery, while reducing cost and fraud

• Support for multiple authentication methods and security levels of access to government services

• Privacy, minimum ID disclosure

• ID Federation across agencies, including cloud/hosted services

• Single Sign On (SSO) experience across borders, platforms and authentication methods

• Federated access rights on documents posted on extranets

Efficient and secure delivery of e-services

Seamless user experience across boundaries

Key Government Challenges

• Improving Staff Productivity

• Increasing Operational Efficiency

• Working Collaboratively and Taking Advantage of Shared Services

• Leveraging the Power of Technology

• Caring for the Environment

• Delivering Social Care

• Improving Customer (Citizen and Business) Service Delivery

• Improving Compliance and Accountability

• Raising Standards in Education

• Sustaining the Local Economy

Desktop Productivity Software

Data Warehousing

Collaboration & Content Mgmt

Customer Rel. Management

ApplicationIntegration Mail

Server Operating System

Mobile Operating SystemDesktop Operating System

UnifiedCommunication

Inte

grat

ed D

evel

opm

ent

Env

ironm

ent

Enterprise Res. Planning

Systems Management

Identity & Access Mgmt Security Workflow

Identity Management with Partners

Example of Solution Area with Partner Solutions

Office

Dynamics ERP Dynamics CRM BizTalk Exchange

Windows Server

Windows MobileWindows Client

UnifiedCommunication V

isu

al S

tud

io

MOSS

SQL Server System Ctr. AD/ADFS Forefront .NET Framework

Microsoft Consulting / Partner Solutions

Solution ComponentOptional Component

Office

Dynamics ERP Dynamics CRM BizTalk Exchange

Windows Server

Windows MobileWindows Client

UnifiedCommunication V

isu

al S

tud

io

MOSS

SQL Server System Ctr. AD/ADFS Forefront .NET Framework

Microsoft Consulting / Partner Solutions

Solution ComponentOptional Component

Identity Management with Partners

Example of Solution Area with Architecture mapping

With Products owned/needed

You already own these products

Products needed to complete this solution

Intelligent Applic. GatewayIdentity Lifecycle Manager

(becoming FF Identity Manager)

Windows CardSpaceRights Mgmt Services CAL

or part of ECAL

Solution Detail

Identity Metasystem Architecture

• Interoperable ID architecture • Enabling people to employ multiple identities

on different technologies, various IP providers• Externalizing authentication from the applications using claims• More secure, protecting privacy through “minimum disclosure“

3 main parties:• Identity Provider• Relying Party• The Subject

Identity Provider

Relying Party

The Subject

Identity Management is Based on Familiar Microsoft Produces [that you already own under EA]

Key Microsoft Products

• Primary products• Windows Server & Certificate Services ADDS or

ADLDS SQL Server for large scale eID implementations

• Attached products• Identity Lifecycle Manager (becoming Forefront

Identity Mgr)Forefront suiteSystem CenterCardSpaceGeneva platform (when RTM‘d)

• Optional products• MOSS (Resource and Policy mgmt)

London Borough of Newham Pioneers Large-Scale Implementation for Identity Management“To our knowledge, this is the first ever information card implementation in the United Kingdom public sector. It is a pioneering project using Microsoft technology with huge implications for how citizens will interact with government organisations in future.”

- Geoff Connell, Chief Information Officer, London Borough of Newham

Customer ProfileCustomer: London Borough of Newham and 9 other councils of Shared Learning Group), UKSegment: Government – MunicipalFull case study published on Microsoft.com, customer video - link on Avitiva.com

• Newham teamed up with Microsoft Gold Certified Partner Eduserv and decided to use Windows CardSpace™ to develop a secure Identity Management System.

Solution

• Easy authentication

• Secure data storage

• Scalable system

• Quick and easy deployment

• Cheaper running costs

• Integrates non-Microsoft OS desktops thanks to open standards

Customer Results/Benefits

• Citizens needed an easy-to-use, secure solution that could authenticate their identity and give them access to services without having to visit municipal buildings.

• Government employees wanted to securely share documents across councils

Customer Challenge

Latvian e-signature Project with Latvian Post

“It will help develop public e-services, not only in e-government, but also in e-health and e-education. This is why the project is so important for the Latvian government.”

- Eriks Eglitis, IT Services Department Director for Latvia Post

Customer ProfileCustomer: Government of Latvia, Latvian Post (commissioned to deliver eID infrastructure)Segment: Government – CentralPopulation: 2.4 millions; about 100,000 eID cards issued

• Microsoft technology selected in an open tender

• Based on WinServer PKI Certificate Services

• Custom development by MCS – using .NET, SQL Server , ISA, System Center

• Issuing smart cards with 2 certificates (digital signature, user authentication)

Solution

• Met target of delivery by end of 2006 – in just 9 months

• eID infrastructure makes poossible roll-out of new generation of e-services

• Access to car registration, various form submissions, preps for online elections in 2010

Customer Results/Benefits

• Need deliver on the promise of the digital signature legislation, passed 2003

• Wanted to introduce on-line e-Government services, which required strong authentication

• Similar need for government employee secure access to internal systems

Customer Challenge

www.microsoft.com/casestudies/Case_Study_Detail.aspx?CaseStudyID=201206

With WISeKey’s Identity Semantics Suite and Microsoft’s Citizen Service Platform, Biscay County is deploying a solution to operate online services and trust that they are legally compliant with administrative law now and in the future. WISeKey’s Identity Semantics Suite covers the full identity and compliance lifecycle: identify, access, sign, encrypt, validate, timestamp, and archive.

Customer ProfileCustomer: Regional Government of Biscay (Spain)Segment: Local and Regional GovernmentProject: Citizen Service Platform (Largest Implementation to Date)

• Identity Semantics Suite: An identity management layer enabling government to use existing eIDs from other authorities for authentication and transactional services.

• Admin. Compliance Suite: Meet administrative law requirements such as signing and long-term archiving.

Solution

• Transparent management of identity and authentication services using own and 3rd party eIDs.

• Enable transactional services and Compliance with the 2010 legal deadline.

• Citizen-centric approach facilitates access to citizen services as well as the use of the platform by civil servants.

Customer Results/Benefits

• Political: realize a ground-breaking project building on broadband access provided to the population in the region

• Regulatory: Compliance with 2007 law requiring online public services by 2010 using diverse citizen eIDs.

• IT: rationalize and update the technology platforms in usage across the 100+ city-halls.

Customer Challenge

Regional Government of Biscay (Spain)Identity Solution for the Citizen Service Platform

Identity Management Partner Solutions(Examples of International IdM Solution Partners)

WISeKey – Semantics Suite for Citizen Service Platform covers the full identity and compliance lifecycle: identify, access, sign, encrypt, validate, timestamp, and archive. www.wisekey.com/en/solutions/gov/csp

Gemalto – Solutions for smartcards, tokens, and secure documents. Started in EMEA, now a global player. www.gemalto.com

Omada – Identity Manager Solution enhancing ILM 2007 functionality, also SharePoint secure access, Role based engine. www.omada.net

Quest – One Identity Solution, enhancing ILM 2007 and ADFS. Broad range of infrastructure solutions, multi-platform vendor. www.quest.com

L-1 – End-to-end Driver License and ID issuance solutions, also National IDs, U.S. REAL ID. Majority market shares in USA and Russia, expanding globally. www.l1id.com

HP – NIS (National Identity System) built on Microsoft .NET platform, linked to physical secure IDs. www.hp.com

Summary: Identity Management

Microsoft, together with solutions partners, delivers Identity Management solutions that:

• Enable citizens, businesses, and employees to securely access information they need to be more productive, and drive transparency

• Integrate with the existing infrastructure and accelerate application development

• Are able to dynamically adapt to changing needs, threats, and legal requirements

Next Steps

Meeting to discus how to best customize the Case & Records Management solution to your needs

Engage Microsoft to perform a Planning and Architecture Design Session (ADS)

Build the business case for a Case & Records Management solution

Deploy Solution

Demos and Videos

Demos/videos – Identity Management(Customer ready material)

MS Partner WISeKey - Identity Management videohttp://www.wisekey.com/en/solutions/gov/csp/Documents/presentation/wisekey-egov.htmUse Digital Identity to support Citizen Service Platform solutions (building permit scenario)

UK Shared Learning Group - Click-through demoUsing Microsoft Cardspace to securely access eGov services – protection against malware phishing, see “Derby Cardspace Rolling Demo“ demo PPT stored on Growgov

Identity Roadmap for Software + Services videoKim Cameron and Vittorio Bertocci explain Claims-based access and “Geneva“ platform at PDC Conference 2008: http://channel9.msdn.com/PDC2008/BB11/

Lake Washington School District Pilot videoClaims-based Identity pilot project based on „“Geneva“ Platform13 min video on MS TechNet; 5 min introduction video on www.microsoft.com/geneva

Making students "Future Ready"

Sixth largest School District in Washington State, 24,000+ students across 50 schools, plans to equip students with netbooks.

• Active Directory used for managing roles for categories of users• Dozens of cloud/hosted applications for e-learning,

teaching and administration • Contain cost of development and deployment with limited sized IT staff

• Intand’s Calendar Application (PHP) is claims-aware version to provide users’ roles and authorizations, customized content, show/hide private events or private data

• Evaluating Geneva, claims-based model provides Information Cards for phishing-resistant sign-on and role-based access.

• Reuses trust that is created during school registration process to enable more secure transaction with software provider.

• Leverages claims-based model to shape roles, authorization and policy for application access.

Lake Washington School District Profile

Business Situation

Solution

Benefits Provided

The most publicized Geneva pilot project.

Customer video available (see notes).

VM-demo (Geneva Beta 2) a

nd a click-through

demo will be available in Sept ’0

9.

LWSD “Geneva platform” pilot project

Identity Management for SW Architects (Customer ready material)

• “Geneva” entry point on MSDNBlogs, videos, webcasts, whitepapers: http://msdn.microsoft.com/en-us/security/aa570351.aspx

• Identity Mgmt “Geneva” Training KitExplains how claims-based access works in common scenarios: http://blogs.msdn.com/vbertocci/archive/2009/05/15/more-details-about-the-identity-developer-training-kit.aspx May 2009 release includes Hands-on labs (presentations, samples, and demos): http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=c3e315fa-94e2-4028-99cb-904369f177c0

• “Geneva“ Server Federated Collab. Step by Step Guide For IT Pros and system architects who want to implement secure collaboration between organizations using Microsoft Office SharePoint® Server 2007 and "Geneva" Server. A quick demonstration of features, functionality, and interoperability capabilities of “Geneva” Server Beta 2 – Step by step guides and Virtual Machines“ (Approx. 90 min course)http://www.microsoft.com/downloads/details.aspx?displaylang=en&FamilyID=57602615-e1ee-4775-8b79-367b7007e178

APPENDIX

The World Internet Security Company

Copyright 2009 WISeKey

WISeKey Guiding Principles for Electronic Identity in the Public

Sector• Assume Multiplicity of

Identity Systems– Physical and Logical– Continuing to proliferate– Acceptance driven by law and

regulation

• Address unique needs of each user– Handle multiple user

“personas”– Provide relevant contextual

information to enable interface personalisation

• Balance Needs – Enable anonymity in addition

to strong identification and legal recognition of transactions

• Identity Convergence– Always try to make the use of

identity transparent and easy for the user

• Maximise Service Synergy– New innovative synergies

between services

• Increase public – private collaboration– Enable greater user control of

the tools– Increase the participation of

the private sector – Leverage the infrastructure

and services in public and private sectors

The World Internet Security Company

Copyright 2009 WISeKey

WISeKey Solutions for the Citizen Service Platform

WISeKey e-Polling &

e-Voting Solution

Based on our world-class Swiss e-voting solution

get your constituencies

engaged through e-polling and e-

voting.

CertifyID Trustcenter

Solution

Setup and locally manage a full secure identity

platform for your citizens,

companies and civil servants.

Identity & Access

Semantics Suite

Converge existing and new

electronic identity systems

as well as physical and

electronic access control systems.

CertifyID Administrative Compliance

Suite

Be ecological & cost-effective by digitalizing and

streamlining your administrative procedures in

compliance with administrative

law.

WISeKey Data

Sovereignty Solution

Maintain sovereignty over your government data even if it is hosted outside of

your country.

The World Internet Security Company

Copyright 2009 WISeKey

The CertifyID Trustcenter Empowers Local Authorities and

Citizens• Setup and locally manage the identity

credentials of citizens, companies and civil servants.

• Integrate it with Single Sign-on capabilities as well as physical and electronic access to government buildings, public transportation, parking, etc..

• The electronic ID can take many forms such as a smartcard, a USB token, or others.

• The identity of the person can be associated to diverse roles: citizen, pensioner, civil servant, company representative, etc..

• Enables transactional capabilities by using legally-recognised digital signature technology.

The World Internet Security Company

Copyright 2009 WISeKey

CertifyID Compliance Services

Usually the first step in any administrative procedure is to identify the citizen and the civil servant authorised to execute it. WISeKey makes it easy to manage and use electronic identities throughout their lifecycles. From simple login/password, to certificates, Infocards, OpenID, biometrics and SMS OTP.

Like a notary, but in electronic form, ensure the authenticity of the data, it’s integrity, the time a specific procedure took place as well as the authority of the person to execute it.

During every step of the procedure and at the end, store the data securely and in a structured manner for easy future access in a manner that meets evidentiary requirements under law.

Ensure the data communicated over the Internet through the Citizen Portal, email or other forms is done so in a secure manner through state-of-the-art encryption.

Issue, manage and validate electronic identity credentials

Authenticity, Integrity and Time Assurance

Secure Online Communications

Secure & Legal Archiving

ApproveIdentify CommunicateSecurely

Archive Securely

Ensure that formal legal requirements are met regarding the authority a citizen has to perform an administrative procedure (e.g. building permit) or access specific data (e.g. health records) and that the civil servant can execute that administrative tasks associated with it.

Secure Logical and Physical Access

Access Securely

• Compliance with Administrative Procedures requires addressing specific parts of any procedure to ensure formal legal requirements are met and that compliance can be evidenced in the future.

• The following specific parts are essential for most legal systems and can be ensured using the CertifyID Administrative Compliance Suite

The World Internet Security Company

Copyright 2009 WISeKey

WISeKey’s Identity & Access Semantics Suite

Health Services ID

National ID Card

Drivers License

Civil Servant ID

Professional Association ID

Tax ID Card

Public Transportation ID

Bank Cards• Citizens are burdened with too many

IDs most of which they use rarely.• Local governments will increasingly

be required to accept a wide variety of IDs not managed by them (one of the i2010 Initiative requirements!).

• WISeKey’s Identity & Access Semantics Suite enables the convergence of identity systems.

• Citizens can use any of their government accepted IDs for diverse government services.

• The ID validation and services allowed to be accessed with it are automatically managed.

• The solution also enables collaboration with external entities such as banks.

Thank You