Federating Identity Management in the Government of Canada Identity North Conference November 20 th...
-
Upload
janis-mcgee -
Category
Documents
-
view
214 -
download
1
Transcript of Federating Identity Management in the Government of Canada Identity North Conference November 20 th...
Federating Identity Management in the Government of Canada
Identity North Conference November
20th 2012
Presented by: Rita Whittle Senior Director, Cyber Authentication and
Identity Management Program
2
Government of Canada Context
Speech from the Throne and Budget 2012 Citizen-focused service delivery - Improve services and service
delivery to Canadians at a lower cost Standardize, consolidate and re-engineer the way the GC does
business Whole-of-government approach: Modernize the way we work and
serve Canadians in an increasingly horizontal and collaborative world
Expectations of Clients Seamless, secure, e-enabled delivery channels Better, faster and more convenient access to government
services Ability to interact seamlessly with multiple governments, through
multiple channels
3
. . . Government of Canada Context
Payments Review Task Force Report “A robust digital ID regime is one where identification is
accomplished without paper documents or face-to-face visits, and in a way that protects sensitive information and the privacy of the individual.”
Called for the creation of a Canadian Digital ID and Authentication Council (DIAC) which is now in place
Becoming a Digital Nation (reference: Stratford Institute, 04/2012) Increase Canada’s performance through digital technologies Facilitate the transition to digital services, digital payments and
digital identity Trusting identities across jurisdictions must be solved using a pan-
Canadian approach
4
Healthcare SectorPublic SectorFinancial Sector
Identity is the Starting Point for Services, Benefits and
Entitlements
Who are you?
How will you pay?
Who are you?
What is your medical history?
Who are you?
Are you eligible for a
government benefit?
Sector IssuesSector Issues•Financial fraud
•Money laundering•Higher transaction fees
Sector Issues•Benefits fraud
•Longer processing times•Redundant processes
Sector Issues•Prescription fraud
•Patient Privacy•Record integrity
… but the impacts are felt by everyone
!
Identity riskstranslate into:
!
Identity riskstranslate into:
!
Identity riskstranslate into:
Today, identity is managed separately by each department, jurisdiction and sector…
High value services
5
Vision: Pan-Canadian Approach
Principles: Respect privacy Client choice Governments have a
key role to play Collaborate with
trusted private sector institutions
Phased approach to evolving services and infrastructure
Principles: Respect privacy Client choice Governments have a
key role to play Collaborate with
trusted private sector institutions
Phased approach to evolving services and infrastructure
Federated ApproachTrusting credentials and identities:
•Across jurisdictions•Across sectors•Internationally
Collaborative effort between jurisdictions and sectors
Federating Credentials Federating Identity
‘trusting credentials issued by other
jurisdictions and industry sectors’
‘trusting identities that have been established
by other jurisdictions’
6
Identity Context
Identity information is required for valued transactions It is the starting point of management of interactions and transactions (initial
and on-going) in all sectors, necessary for service provisioning, determining access, granting of benefits and entitlements, etc.
Risk related to identity information impacts the immediate interaction/transaction and can impact other downstream activities
Identity information exists and is managed across orders of government
Digital Identity is becoming increasingly important Financial and social interactions are becoming digital Necessary for transition to online channel, advancing the digital economy of
Canada Key to Integrating processes across organizations and jurisdictions Must align with international trends
Identity theft and fraud Speed of fraud in cyberspace vs. in the physical world Criminal element has moved online
7
Evolution to Federating Identity
Multiple Recognized Providers Multiple Credential Options Multiple Levels of Assurance
Cyber AuthenticationService
Commercial
GC Issued
Mandatory Services
Other jurisdictions
Federating Credentials Federating Identity
GC Approach
GC Identity Validation Service Identity Business & Technical Architecture
GC Identity FederationService
Federation
GC Identity Validation Service
Pilot Projects
Standards-based
GC IdentityAssurance Service
Pan-Canadian Approach
Identity FederationService
Federation Enablers
Identity Services
DIAC Governance Commercial Services Multiple Authoritative Identity Sources
Policy Enablers
Federation
Standards-based
Federation
Standards-based
Legislative Enablers
IdentityFederation
Services
Credential FederationServices
8
Strategic Relationships
Inter-jurisdictional: Joint Councils – Public Sector Service Delivery Council and Public Sector CIO Council Identity Management Sub-Committee (IMSC) Composition: Federal, Provincial, Territorial, Municipal
International Dialogues Other governments - United States, Australia, New Zealand, U.K. Kantara Initiative ICA (International Council for Information Technology in Government
Administration)
Digital ID and Authentication Council (DIAC) Public and private sector forum recommended by the Task Force for
Payments System Review Mandated to develop pan-Canadian approach to digital ID and
authentication and facilitate development of interoperable policies, standards and systems
Composition: Independent Chair (private industry); Government Representatives; Industry Representatives (telecommunications, banks, health); Independent Representatives
9
Cyber Authentication Renewal Strategy
Transformative “federation of credentials” approach First major step enabling transformative online service delivery Lays foundation for evolving relationships with other jurisdictions
and the private sector Credentials issued by service providers other than the GC can be
trusted to access online government services = Choice of Credentials
Provides cost-effective, standards based solution Respects Clients’ Privacy
Fundamental design of GC Cyber Authentication Renewal driven by privacy policy considerations
Distinction maintained between assurance of credential and assurance of identity – the “anonymous credential” ensures privacy is respected
Authentication service provides assurance that the same individual is accessing an online service, but does not reveal the identity of the individual (the “persistent anonymous identifier”)
Identity only associated to credential during program enrolment within individual department domain
10
Choice of Credentials
Credential Broker Service - An innovative relationship with private sector SecureKey Concierge operational since April 2012 - Enables log in
to GC online services using commercially available credentials (currently three Canadian financial institutions: Scotiabank, TD, BMO)
Leverages the investments made in security and infrastructure in the private sector
To respect privacy, minimal and non-personally identifiable information is managed and used through Credential Broker Service
Positions the GC to benefit from ongoing industry investments in evolving and strengthening assurance levels
GC Key Service – Provides option to use a GC credential Ensures all GC clients have ability to log in to e-services Implementation is currently underway by GC departments
11
Identity Management: Strategy-in-Brief
GC’s strategy on identity management is based on a federated approach using the following principles: Give choices to citizens and businesses to decide on how they
want to identify themselves to receive services Enable a “tell us once” strategy by allowing the re-use of personal
identity information across multiple service delivery channels Ensure the integrity of the information through validation from
trusted (authoritative) sources of identity information Establish interoperability standards Partner with other jurisdictions and the private sector to deliver
solutions Promote a fair and equitable competitive market place
Policy instruments to support federating identity in the GC are currently under development (standard and guidelines)
12
Moving Forward
TBS is leading discussions on federating identity within the GC, building on solid cyber authentication base Open to future enhancements Flexible in meeting GC program needs Providing client choice
Privacy central to any plans for federating identity going forward
Policy positions will be evolved through continuing engagement and consultation with GC departments Discussions underway with GC departments to explore suitable
candidates for e-validation pilot projects – one for individuals, one for businesses
Will inform the broader GC federating identity strategy moving forward– demonstrating business value and technical feasibility– identifying potential policy and legislative considerations
Continuing analysis underway
13
Questions and Discussion