Transcript IAA Walkthrough for Winnipeg

Joint Priority Project
Identity Authentication and
Authorization Working Group
Walk-though And Discussion
for PSCIOC-PSSDC Meeting
Winnipeg
September 28th, 2004
1
Working Group Mandate
2

Develop guidelines containing a common set of
definitions and vocabulary for identity authentication
and authorization processes for inter-jurisdiction
application, including trust levels related to each
component of the Trust Chain;

Review short term opportunities for action and identify
suitable candidates for a pilot project to test the first
two elements of the trust chain; Initiate, implement and
evaluate the pilot project

Develop recommendations with respect to next steps,
including an on-going governance structure
Who is involved?












3
Government of Ontario, Management Board Secretariat (Chair)
Government of Ontario, Consumer and Business Services
Government of British Columbia, Office of Chief Information Officer
Government of Alberta, Office of the Chief Information Officer
Government of Saskatchewan, Information Technology Office
Government of Manitoba, Ministry of Finance
City of Winnipeg, Corporate Information Technology
Government of Canada, PWGSC
City of Toronto, Office of the CIO
Government of Québec, L'inforoute gouvernementale et aux
ressources informationnelles
Government of Nova Scotia, Service Nova Scotia
Government of Newfoundland & Labrador , Executive Council
Preliminary IAA Working Group Decision Points
for September 28th meeting in Winnipeg
The following decision points are proposed for Joint Council consideration:
 Approve (in-principle) Governance model for IAA
 Confirmation and endorsement of direction for GoC ePass/BCeID Pilot
including:
o Postpone decision for taking pilot live
o Evaluation to proceed with focus on privacy and lessons learned
 Approval (in-principle) for an additional Pilot
 Approve extension of mandate of IAA Working Group to include:
o Extend work through pilots
o Conduct Legal, Privacy and Public Consultation / Research reviews
o Transition to / support of final governance model
4
Results To Date

Definitions and Guidelines


Pilot




Ontario leading development of Liability issue paper with input from
Working Group
Governance

5
GoC undertaking a PIA using demo as context
Privacy issues being shared with PSCIOC privacy subcommittee
Liability


Developed proof of concept model shown at Lac Carling
Evaluation is ongoing
Privacy


Version 1.0 of Definitions and Guidelines is complete and ready for
wider consultation
Strong standards and governance being proposed to ensure privacy,
security and legal / liability are addressed
Next Steps
Short Term
Need for continued work to meet emerging
challenges:
 Governance
 Engaging municipalities
 Funding and Sustainability
 Communications
 Integration across boundaries
 Sharing knowledge and common practices
6
Decision Requested

Receive
IAA Framework and Guidelines
 Guidelines
for identity authentication processes for interjurisdiction application, including trust levels related to each
component of the Trust Chain, have been tabled as part of the
supporting materials in the document entitled “Identification,
Authentication and Authorization Framework Policy and
Guidelines, PSCIOC/ PSSDC Cross-Jurisdictional
Identification, Authentication and Authorization Working Group,
July 29th, 2004 “
 Includes:


7
a common set of definitions and vocabulary
Practice Assessment Framework & Guidelines for Identification,
Authentication and Authorization
Decision Requested
 Endorse
Pilot Implementation and Evaluation Strategy
 Pilot
was conceived as a five stage process of which the first three have
been completed and demonstrated through the proof of concept model at
Lac Carling
options since Lac Carling has confirmed implementation of BC –
HRSD WebRoE pilot cannot proceed within given timeframe because of
timing, resources, and priorities of participating partners
 Pursuing
 While
this has indefinitely deferred any decision to “go live”, still a huge
need to work through and evaluate the “proof of concept” to address
 Standards and guideline refinements
 Legal / Liability
 Privacy
 Lessons learned
 Previously
8
noted funding implications greatly reduced
Decision Requested

Receive
Governance Model Options

9
Options and recommendations with respect to on-going
governance structure have been tabled as part of the
supporting materials in the document entitled “Governance
for Identification, Authentication and Authorization,
PSCIOC/ PSSDC Cross-Jurisdictional Identification,
Authentication and Authorization Working Group, August
10th, 2004 “
Decision Requested

Approve
Plan for End-state Governance Model





10
Continue with Project Management model reporting to PSCIOC
– PSSDC as an interim measure
Transition within two years to end state governance model
IA&A Working Group will develop the articles of governing body
End state governance model options to be reviewed and
approved by PSCIOC – PSSDC prior to being established
Working Group structure and membership may be reviewed
during intervening period to ensure representation is
appropriate for a Pan Canadian Standard
Decision Requested
 Approve
Approval-in-Principle of Additional Pilot
 Approval-in-Principle
for initiation of a second inter jurisdictional
pilot using multiple tokens between multiple levels of government.



demonstrate tangible authentication solutions tied to business
priorities
Examine means to expedite appropriate access to information with
the aim of improving service
Use parameters set by results of Lac Carling electronic voting
 Feasibility
study and business case ready to go forward for
approval at next PSCIOC – PSSDC meeting



11
Complete a survey of tokens and token rules
Identify participants
Examples include SAKMs (Justice), Public Health, Business
Decision Requested

Approve
Extended Working Group Mandate to:

manage consultation/promulgation and subsequent change
management to current version of definitions and standards

“Ground Proof” IA&A guidelines through identified pilots and
subsequent evaluations

12
Working Group responsible for evaluation of all pilots (over-sight
plus responsibility to provide advice to PSCIOC and PSSDC on
implications of evaluation results for next steps)

Conduct Legal, Privacy and Public Consultation / Research
reviews

Transition to / support of final governance model
Contact:
Jeff Evans
Chair, Cross jurisdictional Working Group on
Identity Authentication and Authorization
I&IT Strategy, Policy and Planning Branch
Office of the Corporate Chief Strategist
Management Board Secretariat
Government of Ontario
416-327-4107
[email protected]
13