Joint Priority Project Identity Authentication and Authorization Working Group
-
Upload
neil-alston -
Category
Documents
-
view
34 -
download
4
description
Transcript of Joint Priority Project Identity Authentication and Authorization Working Group
1
Joint Priority ProjectIdentity Authentication and
Authorization Working Group
Walk-though And Discussion
for PSCIOC-PSSDC Meeting Winnipeg September 28th, 2004
2
Working Group Mandate
Develop guidelines containing a common set of definitions and vocabulary for identity authentication and authorization processes for inter-jurisdiction application, including trust levels related to each component of the Trust Chain;
Review short term opportunities for action and identify suitable candidates for a pilot project to test the first two elements of the trust chain; Initiate, implement and evaluate the pilot project
Develop recommendations with respect to next steps, including an on-going governance structure
3
Who is involved?
Government of Ontario, Management Board Secretariat (Chair) Government of Ontario, Consumer and Business Services Government of British Columbia, Office of Chief Information Officer Government of Alberta, Office of the Chief Information Officer Government of Saskatchewan, Information Technology Office Government of Manitoba, Ministry of Finance City of Winnipeg, Corporate Information Technology Government of Canada, PWGSC City of Toronto, Office of the CIO Government of Québec, L'inforoute gouvernementale et aux
ressources informationnelles Government of Nova Scotia, Service Nova Scotia Government of Newfoundland & Labrador , Executive Council
4
Preliminary IAA Working Group Decision Points for September 28th meeting in WinnipegThe following decision points are proposed for Joint Council consideration:
Approve (in-principle) Governance model for IAA
Confirmation and endorsement of direction for GoC ePass/BCeID Pilot including:o Postpone decision for taking pilot live
o Evaluation to proceed with focus on privacy and lessons learned
Approval (in-principle) for an additional Pilot
Approve extension of mandate of IAA Working Group to include:o Extend work through pilots
o Conduct Legal, Privacy and Public Consultation / Research reviews
o Transition to / support of final governance model
5
Results To Date Definitions and Guidelines
Version 1.0 of Definitions and Guidelines is complete and ready for wider consultation
Pilot Developed proof of concept model shown at Lac Carling Evaluation is ongoing
Privacy GoC undertaking a PIA using demo as context Privacy issues being shared with PSCIOC privacy subcommittee
Liability Ontario leading development of Liability issue paper with input from Working Group
Governance Strong standards and governance being proposed to ensure privacy, security and legal /
liability are addressed
6
Next Steps
Short Term
Need for continued work to meet emerging challenges:
Governance Engaging municipalities Funding and Sustainability Communications Integration across boundaries Sharing knowledge and common practices
7
Decision Requested Receive
IAA Framework and GuidelinesGuidelines for identity authentication processes for inter-jurisdiction
application, including trust levels related to each component of the Trust Chain, have been tabled as part of the supporting materials in the document entitled “Identification, Authentication and Authorization Framework Policy and Guidelines, PSCIOC/ PSSDC Cross-Jurisdictional Identification, Authentication and Authorization Working Group, July 29th, 2004 “
Includes: a common set of definitions and vocabulary Practice Assessment Framework & Guidelines for Identification,
Authentication and Authorization
8
Endorse
Pilot Implementation and Evaluation Strategy Pilot was conceived as a five stage process of which the first three have been
completed and demonstrated through the proof of concept model at Lac Carling
Pursuing options since Lac Carling has confirmed implementation of BC – HRSD WebRoE pilot cannot proceed within given timeframe because of timing, resources, and priorities of participating partners
While this has indefinitely deferred any decision to “go live”, still a huge need to work through and evaluate the “proof of concept” to address
Standards and guideline refinements Legal / Liability Privacy Lessons learned
Previously noted funding implications greatly reduced
Decision Requested
9
Receive
Governance Model Options
Options and recommendations with respect to on-going governance structure have been tabled as part of the supporting materials in the document entitled “Governance for Identification, Authentication and Authorization, PSCIOC/ PSSDC Cross-Jurisdictional Identification, Authentication and Authorization Working Group, August 10th, 2004 “
Decision Requested
10
Approve
Plan for End-state Governance Model Continue with Project Management model reporting to PSCIOC
– PSSDC as an interim measure Transition within two years to end state governance model IA&A Working Group will develop the articles of governing body End state governance model options to be reviewed and
approved by PSCIOC – PSSDC prior to being established
Working Group structure and membership may be reviewed during intervening period to ensure representation is appropriate for a Pan Canadian Standard
Decision Requested
11
Decision RequestedApprove
Approval-in-Principle of Additional Pilot
Approval-in-Principle for initiation of a second inter jurisdictional pilot using multiple tokens between multiple levels of government.
demonstrate tangible authentication solutions tied to business priorities Examine means to expedite appropriate access to information with the aim of
improving service Use parameters set by results of Lac Carling electronic voting
Feasibility study and business case ready to go forward for approval at next PSCIOC – PSSDC meeting
Complete a survey of tokens and token rules Identify participants Examples include SAKMs (Justice), Public Health, Business
12
Decision Requested Approve
Extended Working Group Mandate to:
manage consultation/promulgation and subsequent change management to current version of definitions and standards
“Ground Proof” IA&A guidelines through identified pilots and subsequent evaluations
Working Group responsible for evaluation of all pilots (over-sight plus responsibility to provide advice to PSCIOC and PSSDC on implications of evaluation results for next steps)
Conduct Legal, Privacy and Public Consultation / Research reviews
Transition to / support of final governance model
13
Contact:
Jeff EvansChair, Cross jurisdictional Working Group on Identity Authentication and AuthorizationI&IT Strategy, Policy and Planning BranchOffice of the Corporate Chief StrategistManagement Board SecretariatGovernment of [email protected]