Interagency Advisory Board MeetingAugust 25, 2010

Doug Robinson Executive Director, NASCIO

Digital Identity in the States: Advancing an Interoperable

National Framework

About NASCIO

National association representing state chief information officers and information technology executives from the states, territories and D.C.

NASCIO's mission is to foster government excellence through quality business practices, information management, and technology policy.

Founded in 1969

State Landscape Today

Tough Times - dealing with the state fiscal crisis, forced budget reductions, layoffs

CIOs seeking IT operational cost savings

Continued consolidation - IT infrastructure, services and more

Living with the past - modernizing the legacy

IT security and risk! Game has changed

IT workforce: retirement wave, skills, recruiting

Issues with federal funding: cost allocation, program regulations, lack of harmony

3

State CIO Priorities: 2010Strategies, Management Processes and Solutions

1. Budget and Cost Control: managing budget reduction, strategies for savings, reducing or avoiding costs, activity based costing

2. Consolidation: centralizing, consolidating services, operations, resources, infrastructure, data centers

3. Shared Services: business models, sharing resources, services, infrastructure, independent of organizational structure

4. Broadband and Connectivity: strengthening statewide connectivity, broadband and wireless

5. American Recovery and Reinvestment Act: execution, support, data reporting and management

6. Security: risk assessment, cyber security safeguards, enterprise policies, employee education, data protection, insider threat

7. Transparency: open government, performance measures and data, accountability, access to government data

8. Infrastructure: data centers, infrastructure investment, critical infrastructure protection9. Health Information: architecture, assessment, partnering, implementation, health

information exchange, technology solutions10. Governance: improving IT governance, data governance

Source: NASCIO State CIO Survey, October 2009Italics: New to list for 2010

4

46 States – Budget Shortfalls in 2010

Source: Center on Budget and Policy Priorities, July 2010 5

Projected FY 2011 Revenue is $53 billion Less than FY 2008

General Fund Revenue: FY 2007-FY 2011 (in billions)

$655

$680

$621$608

$627

$560

$580

$600

$620

$640

$660

$680

$700

FY 2007 FY 2008 FY 2009 FY 2010 FY 2011

InBillions

* FY 2007, 2008, and 2009 are actual. FY 2010 is estimated and FY 2011 is proposed 6

1. Virtualization: data center, computing, servers, applications2. Networking: voice and data communications, unified

communications3. Document/Content/Records/E-mail management: repository,

archiving, digital preservation4. Cloud computing/software as a service5. Security enhancement tools6. Enterprise Resource Planning (ERP), legacy application

modernization, renovation7. Geospatial analysis and Geographic Information Systems (GIS)8. Business Intelligence (BI) and Business Analytics (BA)9. Identity and access management (IAM)10. Social Media and Networking: Web 2.0 services, wikis, blogs,

collaboration technologies, and social networking

Source: NASCIO State CIO Survey, October 2009

IT and Solution Priorities 2010

7

(State Attendees Only) Other than ongoing systems operations and maintenance efforts, which 3 initiatives

are your highest priorities? Please select your top 3.

12%

18%

17%

16%

37% A. Data center consolidation and virtualization including cloud utilization

B. Identity access and management including government to Citizen

C. Security and event monitoringD. Email consolidation/collaboration

integrationE. To quote the Governor, “everything is a

priority”8

State CIO Role: Enterprise View

State IT Governance

State IT Governance

Customer Service

Customer Service

Enterprise ArchitectureEnterprise

Architecture

Strategic Planning

Strategic Planning

Procurement and SourcingProcurement and Sourcing

Cross Boundary Collaboration

Cross Boundary Collaboration

Provision of State IT

Infrastructure

Provision of State IT

Infrastructure

Legislation, Policy and Directives

Legislation, Policy and Directives

Frontline in Securing State

IT Assets

Frontline in Securing State

IT Assets

Manage, Deploy, and Develop State

IT Resources

Manage, Deploy, and Develop State

IT Resources

State CIOState CIOState CIO

9

NASCIO Recognizes the Challenge“Every aspect of our workacross the states and withNASCIO has a dependencydirectly related to identityand credential management.”

- Stephen FletcherNASCIO President and ChiefInformation Officer, State of Utah

10

State Government “As Is”

States - nucleus of identity for individuals

Identity - basis for providing services and sharing data across agencies

Issue identity credentials – too many

Identity silos, federal funding influence

Roles: issuing and relying party

Lots of technical, operational, policy and legal questions to resolve

11

NASCIO Perspectives: States and Digital Identity

Complex problem – we need a shared vision and common objective across all state jurisdictions

States “own” this issue - they need to resolve for their own purpose. Resolution will also support Federal needs

Requires state-federal partnership & collaboration. Locals? Education?

National framework for interoperability

12

NASCIO Perspectives: Digital Identity Agenda

Creating a federated identity model

Promote state enterprise approach: avoid silos, avoid proprietary solutions

Need to support multiple applications & legacy infrastructure: issue once, use many times

Reduce cost and timeline to implement and sustain

Address implementation barriers

13

Pilot

Example State and Approved IssuersExample State and Approved Issuers

Example Citizen Services 

(Relying Parties)

Example Citizen Services 

(Relying Parties)

CitizenCitizen

User AgentUser Agent

Driver and Vehicle Renewals

Gov’t Business Portal

Vital Records

Benefits Portal

Online Book Retailer

Dept. of Info SvcsIdentity

DoLIdentity +Attributes

State University Identity + Attributes

Existing:

- Citizen services (relying parties)- Issuers- Citizen identity storage (SQL, Oracle, etc.)

Added for Pilot:Standards-based …- Relying party integration- Issuer federation server(s)- (Optional) User agent

Federated TrustFederated Trust

11

____ __ ____ _____ ____ ___________ _________ _____

_____ _________ _____

Click to edit Master text stylesSecond levelThird levelFourth levelFifth level

Issues for Issuers

13

Citizens have multiple ID Cards

DC One Card consolidates physical

credentials

Citizens have multiple online identities

dc one IDUser ID: Password:

dc one IDUser ID: Password:

Agency A

User ID:

Password:

Agency A

User ID:

Password: Agency B

User ID: Password:

Agency BUser ID: Password: Agency CUser ID: Password:

Agency CUser ID: Password:

Agency DUser ID: Password:

Agency DUser ID: Password:

Consolidated online identity could provide authentication

across agencies

•TRUST: How will you vet applicants?

•INTEROP: Will your card / online ID work with legacy infrastructure?

•SECURITY: What data will you collect/maintain and how will you secure it?

Spectrum of Risk/Value

Lower Risk TransactionsLess assurance required

Check

ing of

fice w

ait tim

es

Renew

ing a

drive

rs lic

ense

Access

ing he

althc

are

reco

rds

Tran

sferri

ng a

vehic

le tit

le

Beyond a certain point, a high level of identity assurance is necessary to complete a transaction

Higher Risk TransactionsMore assurance required

9

State Business Drivers

Potential for reducing improper payments, fraud, waste and abuse with an enterprise approach to digital identity

Cost reduction and business efficiency - paper and outmoded processes which waste time, energy and money

Uniformly accepted electronic identities would facilitate interoperable support for online transactions, licensing, eligibility, benefits enrollment, registration, etc.

Citizen inconvenience and frustration with managing multiple credentials

14

State Service Capabilities

15Source: Colorado Office of Information Technology

State Government Challenges

Value proposition and benefits

Define the business drivers

Architecture and standards

Policies and business process

Enrollment and issuance

Funding and financing

Acquisition and sourcing options

16

If Digital Identity is a Priority…What we should not do

each state work independently

use proprietary solutions

disregard interoperability and a federated approach

What we should do

work for a federated type solution

standards based and competitively sourced

ensure interoperability across governments

17

NASCIO Collaboration and Pilot Efforts: We Need Harmony

NASCIO seeks the following goals to develop active collaboration and pilot efforts with Federal agencies:

Interoperability in identity and credential management programs which produces high levels of identity assurance

Streamlining business processes involved in federally funded and state administered programs so reduction in cost is realized by both Federal agencies and state governments

18

World of Silos: Federal/State Programs

Public Health

Addictions & Mental Health

Medical Assistance Programs

Seniors & People with Disabilities

Children, Adults & Families

SAMHSA

ACF

IHS

RSA

19

So What’s Next?

Digital Identity Workshop at NASCIO Annual Conference on September 26, 2010

Need stakeholder community input

Federal & state collaboration for funding and pilots

NASCIO State Digital Identity Working Group will continue to focus on educating the NASCIO membership and stakeholder community

Working Group will continue to develop a SICAM Roadmap with a maturity matrix for benchmarking state progress

20

2010 Gubernatorial Elections: 37

At least 23 new Governors…probably more 21

Connect with NASCIO...www.nascio.org

www.twitter.com/nascio

www.facebook.com

www.linkedin.com

www.youtube.com/nasciomedia

22