Government of Canada Federating Identity
Download
Report
Transcript Government of Canada Federating Identity
Federating Identity Management in the
Government of Canada
Identity North Conference
November 20th 2012
Presented by: Rita Whittle
Senior Director, Cyber Authentication and
Identity Management Program
Government of Canada Context
Speech from the Throne and Budget 2012
Citizen-focused service delivery - Improve services and service delivery to
Canadians at a lower cost
Standardize, consolidate and re-engineer the way the GC does business
Whole-of-government approach: Modernize the way we work and serve
Canadians in an increasingly horizontal and collaborative world
Expectations of Clients
Seamless, secure, e-enabled delivery channels
Better, faster and more convenient access to government services
Ability to interact seamlessly with multiple governments, through multiple
channels
2
. . . Government of Canada Context
Payments Review Task Force Report
“A robust digital ID regime is one where identification is accomplished without
paper documents or face-to-face visits, and in a way that protects sensitive
information and the privacy of the individual.”
Called for the creation of a Canadian Digital ID and Authentication Council
(DIAC) which is now in place
Becoming a Digital Nation (reference: Stratford Institute,
04/2012)
Increase Canada’s performance through digital technologies
Facilitate the transition to digital services, digital payments and digital identity
Trusting identities across jurisdictions must be solved using a pan-Canadian
approach
3
Identity is the Starting Point for
Services, Benefits and Entitlements
High value services
Today, identity is managed separately by each department, jurisdiction and sector…
Financial Sector
Public Sector
Who are you?
Who are you?
Who are you?
How will you pay?
Are you eligible for a
government benefit?
What is your
medical history?
Identity risks
!
Healthcare Sector
Identity risks
translate into:
translate into:
! Sector Issues
Sector Issues
•Financial fraud
•Money laundering
•Higher transaction fees
Identity risks
!
•Benefits fraud
•Longer processing times
•Redundant processes
translate into:
Sector Issues
•Prescription fraud
•Patient Privacy
•Record integrity
… but the impacts are felt by everyone
4
Vision: Pan-Canadian Approach
Collaborative effort between jurisdictions and sectors
Principles:
Respect privacy
Client choice
Governments have a key
role to play
Collaborate with trusted
private sector institutions
Phased approach to
evolving services and
infrastructure
Federated Approach
Trusting credentials and identities:
•Across jurisdictions
•Across sectors
•Internationally
Federating Credentials
Federating Identity
‘trusting credentials
issued by other jurisdictions
and industry sectors’
‘trusting identities
that have been established
by other jurisdictions’
5
Identity Context
Identity information is required for valued transactions
It is the starting point of management of interactions and transactions (initial and ongoing) in all sectors, necessary for service provisioning, determining access, granting of
benefits and entitlements, etc.
Risk related to identity information impacts the immediate interaction/transaction and can
impact other downstream activities
Identity information exists and is managed across orders of government
Digital Identity is becoming increasingly important
Financial and social interactions are becoming digital
Necessary for transition to online channel, advancing the digital economy of Canada
Key to Integrating processes across organizations and jurisdictions
Must align with international trends
Identity theft and fraud
Speed of fraud in cyberspace vs. in the physical world
Criminal element has moved online
6
Evolution to Federating Identity
Federating Credentials
Federating Identity
GC Approach
Pan-Canadian Approach
Cyber Authentication
Service
GC Identity Federation
Service
Identity Federation
Service
Mandatory Services
Pilot Projects
Federation Enablers
Commercial
GC Issued
GC Identity
Assurance Service
GC Identity
Validation Service
Other jurisdictions
Identity
Services
Identity
Federation
Services
Credential
Federation
Services
Policy Enablers
Legislative Enablers
Standards-based
Standards-based
Standards-based
Federation
Federation
Federation
Multiple Recognized Providers
Multiple Credential Options
Multiple Levels of Assurance
GC Identity Validation Service
Identity Business & Technical
Architecture
DIAC Governance
Commercial Services
Multiple Authoritative
Identity Sources
7
Strategic Relationships
Inter-jurisdictional: Joint Councils – Public Sector Service Delivery Council
and Public Sector CIO Council
Identity Management Sub-Committee (IMSC)
Composition: Federal, Provincial, Territorial, Municipal
International Dialogues
Other governments - United States, Australia, New Zealand, U.K.
Kantara Initiative
ICA (International Council for Information Technology in Government Administration)
Digital ID and Authentication Council (DIAC)
Public and private sector forum recommended by the Task Force for Payments System
Review
Mandated to develop pan-Canadian approach to digital ID and authentication and
facilitate development of interoperable policies, standards and systems
Composition: Independent Chair (private industry); Government Representatives; Industry
Representatives (telecommunications, banks, health); Independent Representatives
8
Cyber Authentication Renewal Strategy
Transformative “federation of credentials” approach
First major step enabling transformative online service delivery
Lays foundation for evolving relationships with other jurisdictions and the
private sector
Credentials issued by service providers other than the GC can be trusted to
access online government services = Choice of Credentials
Provides cost-effective, standards based solution
Respects Clients’ Privacy
Fundamental design of GC Cyber Authentication Renewal driven by privacy
policy considerations
Distinction maintained between assurance of credential and assurance of
identity – the “anonymous credential” ensures privacy is respected
Authentication service provides assurance that the same individual is
accessing an online service, but does not reveal the identity of the individual
(the “persistent anonymous identifier”)
Identity only associated to credential during program enrolment within
individual department domain
9
Choice of Credentials
Credential Broker Service - An innovative relationship with private
sector
SecureKey Concierge operational since April 2012 - Enables log in to GC online
services using commercially available credentials (currently three Canadian
financial institutions: Scotiabank, TD, BMO)
Leverages the investments made in security and infrastructure in the private
sector
To respect privacy, minimal and non-personally identifiable information is
managed and used through Credential Broker Service
Positions the GC to benefit from ongoing industry investments in evolving and
strengthening assurance levels
GC Key Service – Provides option to use a GC credential
Ensures all GC clients have ability to log in to e-services
Implementation is currently underway by GC departments
10
Identity Management: Strategy-in-Brief
GC’s strategy on identity management is based on a federated
approach using the following principles:
Give choices to citizens and businesses to decide on how they want to identify
themselves to receive services
Enable a “tell us once” strategy by allowing the re-use of personal identity
information across multiple service delivery channels
Ensure the integrity of the information through validation from trusted
(authoritative) sources of identity information
Establish interoperability standards
Partner with other jurisdictions and the private sector to deliver solutions
Promote a fair and equitable competitive market place
Policy instruments to support federating identity in the GC are
currently under development (standard and guidelines)
11
Moving Forward
TBS is leading discussions on federating identity within the GC,
building on solid cyber authentication base
Open to future enhancements
Flexible in meeting GC program needs
Providing client choice
Privacy central to any plans for federating identity going forward
Policy positions will be evolved through continuing engagement
and consultation with GC departments
Discussions underway with GC departments to explore suitable candidates for
e-validation pilot projects – one for individuals, one for businesses
Will inform the broader GC federating identity strategy moving forward
– demonstrating business value and technical feasibility
– identifying potential policy and legislative considerations
Continuing analysis underway
12
Questions and Discussion
13