1 / 14

Meeting the Challenges of Canada’s Secure Delivery of E-Government Services

Meeting the Challenges of Canada’s Secure Delivery of E-Government Services. Mike Just & Danielle Rosmarin Public Works & Government Services Canada 19 April 2005. State of the Nation. Government OnLine (GOL) Online presence for 130 frequently used programs Individuals and businesses

flavian
Download Presentation

Meeting the Challenges of Canada’s Secure Delivery of E-Government Services

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Meeting the Challenges of Canada’s Secure Delivery of E-Government Services Mike Just & Danielle Rosmarin Public Works & Government Services Canada 19 April 2005

  2. State of the Nation • Government OnLine (GOL) • Online presence for 130 frequently used programs • Individuals and businesses • Secure Channel (SC) • Common security services to support GOL • Authentication services – Issuance of an “epass” • Approximately 20 GOL programs using SC • Approximately 500K epasses issued to date • Moving forward • Policy, legal and business issues dominate • Issues are critical for us to truly transform our e-government service delivery 4th Annual PKI R&D Workshop

  3. Outline • What is epass? • Areas of Discussion • Inter-jurisdictional issues • Registration of businesses • Enrolment of individuals • Evidentiary Support • Concluding remarks 4th Annual PKI R&D Workshop

  4. What is epass? • An epass is the online credential for individuals and businesses to access Government of Canada (GoC) services • Technically, the epass is a package containing PKI keys and certificates • Certificates are indexed by a Meaningless But Unique Number (MBUN) • An individual can obtain one or more epasses for their interaction with the GoC 4th Annual PKI R&D Workshop

  5. What is epass? (2) • Establishing the relationship between an epass and a GoC program (e.g. Canada Revenue Agency) • Individual registers to obtain their epass • Obtained from a common Secure Channel service • No identification takes place at this stage • Individual enrols with a GoC program • If required, identification takes place with GoC service • The MBUN is indexed with the existing program identifier (PID), and mapping is maintained by the program • Key drivers • Privacy, security and usability • Meeting the business requirements of government programs 4th Annual PKI R&D Workshop

  6. What is epass? (3) 4th Annual PKI R&D Workshop

  7. Areas of Discussion • While technical innovation is always required, our issues today relate to policy, legal and business concerns • Four areas of interest • Inter-jurisdictional issues • Registration of businesses • Enrolment of individuals • Evidentiary Support 4th Annual PKI R&D Workshop

  8. Inter-jurisdictional • Public Works and Government Services Canada (PWGSC) is a federal department • But citizens have a relationship with all levels of government, including provincial and municipal • Till recently, PWGSC legislation limited the selling of services to other jurisdictions • Recently resolved through an “Order-in-Council” by Canada’s head of state (Governor-General) • Differing policy and standards across jurisdictions • Common Look and Feel (CLF) 4th Annual PKI R&D Workshop

  9. Registration of Businesses • Potential to process differently than individuals • Same epass process used for both now • Currently, a business can have multiple identifiers for interacting with the GoC • Business Number (BN) is legislatively limited to use for tax purposes only • Potential solutions include legislative changes, or adopting a new number (e.g. like the Australian Business Number) • Separate enrolment with each government program • Potential option for information sharing solution • Potential option for centralized enrolment 4th Annual PKI R&D Workshop

  10. Enrolment of Individuals • Current epass solution was designed to be privacy-friendly • Pseudonymous epass credentials • No personal information collected nor stored centrally • Identification remains within each government program • However, • Individuals must enroll at each program • Not all programs are able to enroll online (e.g. they lack sufficient shared secrets) • Require a solution that respects the privacy climate within Canada 4th Annual PKI R&D Workshop

  11. Enrolment of Individuals (2) • Joint Information Exchange Facility 1. Pull info packet into 3. Push the info packet from the browser, signed by the browser signed by Dept D Dept D to Dept M Dept M reviews and accept Dept D’s authentication procedures during set up of the exchange process 2. Client reviews & authorizes but cannot change the information Dept D (info packet) Dept M (info packet) 4th Annual PKI R&D Workshop

  12. Enrolment of Individuals (3) Dept Online Service Central Authentication Facility User Dept Online Service • - Collects appropriate info • Aids in enrolment • by sharing information with department Dept Online Service • Central Authentication Facility • Likely not a viable solution for today’s privacy climate 4th Annual PKI R&D Workshop

  13. Evidentiary Support for Electronic Data • Requirements for evidentiary support for electronic transactions must be driven by policy, legal and business requirements, not technology • Recent legislative changes to support electronic data as evidence • Canada Evidence Act (2000): Proper operation of electronics document system • Personal Information Protection and Electronic Documents Act (PIPEDA) (2000): Electronic signature • Secure Electronic Signature Regulations (2005): Digital signature • Standards, and operation within those standards, are key to demonstrating the integrity of electronic data 4th Annual PKI R&D Workshop

  14. Concluding Remarks • Currently have a sound solution with epass • Recognize that the effective delivery of e-government services requires that certain challenges be addressed • Potential for similar issues to arise for other (government) solution providers • Recognition of the importance of the policy, legal and business context when designing technical solutions 4th Annual PKI R&D Workshop

More Related