Identity Management Sub-Committee (IMSC) Update

Download Report

Transcript Identity Management Sub-Committee (IMSC) Update 

Pan-Canadian Identity Validation Standard
PUBLIC SECTOR SERVICE DELIVERY COUNCIL
(PSSDC)
November 13, 2014
Pan-Canadian Identity Management Sub-Committee
1
Objective
• Review and endorse the Pan-Canadian ID Validation
Standard prior to its tabling at the November 2014 DMs’
Table teleconference.
Pan-Canadian Identity Management Sub-Committee
2
Background
May 2013:
• IMSC proposed a Pan-Canadian Identity Validation
Standard to advance the Identity Management effort.
• FPT Service Delivery DMs agreed in principle to the development of a
Pan-Canadian Identity Validation Standard, and noted that this should
be considered a cornerstone to Federating Identity Management
May 2014:
• IMSC provided a draft Identity Validation Standard to
FPT Service Delivery DM members for review:
– FPT DMs supported the draft Standard and agreed to:
1. Engage within their jurisdictions prior to finalizing the Standard for approval, and,
2. Start the development of a Pan-Canadian Identity Trust Framework.
Pan-Canadian Identity Management Sub-Committee
3
Completed and Planned Activities
Deliverables
FPT DMs of Service Delivery to engage
within respective jurisdictions
Key Activities

Working Group conducted two webinars

Engagement questionnaire circulated to jurisdictions.

IMSC Working Group Calls
•
•
•


Finalize Standard for endorsement and
approval

June 26 and July 28
Consolidated feedback into report
June 6, June 20,July 25, Aug 22
Update to Joint Councils
•
Sept 17, 2014 Yellowknife
Pan-Canadian Trusted Identity Forum
•
Oct 29-30 In-person workshop in Ottawa
Legend
 Complete
 In-Progress
 Not Started
Finalized Revision (August 25)
•
Incorporated feedback from questionnaire, and comments.
 Endorsement of Final Revision by PSCIOC/PSSDC
(November)
•
•
IMSC WG Calls: Sept 26, Oct 17
Finalized revisions since August 25th draft
 Endorsement by FPT DM Table
•
Development of Pan-Canadian Identity
Trust Framework




FPT DM Call on November 25th
Held In-Person Workshop Session (Oct 29-30)
Bi-Weekly Working Group Calls
March 2015 Update to Joint Councils
May 2015 Report to DM Service Delivery
Pan-Canadian Identity Management Sub-Committee
4
Overview of Revisions to Standard
Revisions resulted from:
–
–
Feedback from jurisdictions (questionnaire, WG calls, comments/input received)
Collaboration with Canada’s Digital Interchange (CDI) Requirements Team
Additional Overview Material – new sections on:
–
–
–
Supporting Canada’s Digital Interchange
Respecting Privacy and Minimal Disclosure
Federation and Trust Frameworks
Refinement of Validation Requirements
–
–
Addition/refinement of terms and definitions
Introduction of new concepts: Disclosure Levels and Match Types
•
•
–
Enables more precise definitions of what can be requested/disclosed in a validation request and response.
Intended to assist relying parties and authoritative parties in specifying their service requirements
Added two new personal information categories (since August 25th)
•
Date of Death, Place of Death
Extension of NRS Data Exchanges Schema
–
Detailed data element definitions and validation schema definitions are being incorporated
into extension of NRS Data Exchanges Schema.
Pan-Canadian Identity Management Sub-Committee
5
Pan-Canadian Identity Trust Framework*
Service
Provider
Government
Jurisdiction
Trusted Services
 CDI
Service
Provider
Government
Jurisdiction
 Identity Service Provider
 Credential Service Provider
 Brokering
Government
Jurisdiction
Service
Provider
 Identity Registration (not
Service Enrolment)
 Supporting Services
Government
Jurisdiction
Service
Provider
* Working model as developed in Pan-Canadian Trusted Identity Workshop held on Oct 29-30, 2014
This model can be the basis for a Pan-Canadian Trusted Identity Agreement.
Pan-Canadian Identity Management Sub-Committee
6
Next Steps
• Pan-Canadian Identity Validation Standard
– FPT DM Call November 25th
• Endorsement of Standard
– Continue engagement within jurisdictions
• Schedule WebEx sessions
• Apply Standard to Pilot Project / Proof-of-Concept implementations
• Identify other stakeholders
• Pan-Canadian Identity Trust Framework
– Continue development
• Based on workshop outcomes of Pan-Canadian Trusted Identity Forum
• Bi-weekly working group meetings.
Pan-Canadian Identity Management Sub-Committee
7
Additional Slides
Pan-Canadian Identity Management Sub-Committee
8
Objective of Pan-Canadian Identity
Validation Standard
• Standardize definitions and attributes required for
identity validation requests and responses between
federal, provincial, territorial and municipal
organizations, supporting program and service
delivery
• Standardize protocol between FPT programs for
validation requests and responses
• Standard is a key enabler for Canada’s Digital
Interchange Initiative
Pan-Canadian Identity Management Sub-Committee
9
Design Approach
For the design and development of the Pan-Canadian Identity
Validation Standard
• Joint Councils agreed in Sept 2013 to leverage National Routing
System (NRS) Data Exchanges Standard as a starting basis for this
Pan-Canadian Identity Validation Standard
Rationale
• NRS is a “Made in Canada” Standard and is in practice by jurisdictions
• Established community across most jurisdictions familiar with the NRS
Standard
• NRS Standard has been implemented with a practical framework that
can be extended (validation, notification, etc.)
Considerations
• How to engage with jurisdictions not already leveraging NRS
• From vital statistics as principal liaison to whole-of-jurisdiction liaison
Pan-Canadian Identity Management Sub-Committee
10
How the Standard fits in the Big Picture
(the goal is interoperability)
MOU
Agreement
Current Deliverables
Legislation
Jurisdictional Interoperability
Business Interoperability
Policy
PanCanadian
Identity
Validation
Standard
Information Interoperability
MOUs,
SLAs, etc.
Application Interoperability
Design &
Technical Interoperability
Implementation
Implementation & Operations
PanCanadian
CDI Data
Exchanges
Standard
XML
Schemas
(NIEM, NRS,
etc.)
*GC Interoperability Framework
Pan-Canadian Identity Management Sub-Committee
11
Generic Identity Validation Use Case
RELYING PARTIES
Service
AUTHORITATIVE PARTIES
Federal
Social
Benefits
STANDARDIZED VALIDATION
REQUEST
Vital
Statistics
Auth.
Source
CLIENT
Response
Request

Name

DOB
 Status

Status
 …

…
 Name
Service
Service
Provincial
Health
Insurance
Driver
Licensing
Agency
 DOB
Sender/ Receiver
Information
Driver
Licensing
Agency
Auth.
Source
Citizenship &
Immigration
Auth.
Source
STANDARDIZED VALIDATION
RESPONSE
Standard can be
implemented via a point-topoint or hub architecture
Pan-Canadian Identity Management Sub-Committee
12
Implementation Example
Standard provides jurisdictions with a flexible framework to: 1) specify
validation and matching requirements for 2) specific categories of personal
information
Validate
Collect
RELYING PARTY
F/P/T/M
Program or
Service
Digital Interchange
Validation Request / Response
Implementation
Joe Public
AUTHORITATIVE
PARTY
AUTHORITATIVE
AUTHORITATIVE
F/P/T/M
PARTY
PARTY
Auth.
Source
Validation and Matching Requirements
Validation of Personal Information
Vital
Stats
1.Identity information validation: validation
of information used to uniquely identify an
individual (e.g. name, date of birth, etc.)
1.
2.
3.
Prov.
DL
2.Personal information validation:
validation of information used for program
and eligibility purposes (e.g. address,
citizenship, status, etc.)
3.Additional Matching Criteria personal
attributes that may be provided as part of
validation request to assist in resolving to a
unique individual.
Name
Date of Birth
Sex, Gender or Documented
Sex
4. Place of Birth
5. Date of Death
6. Place of Death
7. Assigned Identifiers
8. Status
9. Address
10. Associated Person
Fed.
CIC
e.g. (not exhaustive),
Vital Statistics
Driver’s Licensing
Citizenship & Immigration
Trust Framework Based on Assurance Levels
Pan-Canadian Identity Management Sub-Committee
13
Enabling Canada’s Digital Interchange
The Standard:
• Is intended to be applicable under various legislative and program
requirements.
•
•
Provides a framework that enables jurisdictions to specify how personal information is
used and disclosed in relation to validation.
Identity Information, Personal Information, Additional Matching Criteria
• Enables precise specification of validation services to be provided
by the proposed Canada’s Digital Interchange:
–
–
Identity Information Validation: confirmation of the accuracy of identity information about a
person.
Personal Information Validation: confirmation of the accuracy of personal information
about a person
• Can be used as input to the following:
–
–
PCID Data Exchanges Standard (i.e. NRS Data Exchanges Standard)
Development of Memorandum of Understanding (MOU) data annexes
Pan-Canadian Identity Management Sub-Committee
14