360 likes | 508 Views
Joint Priority Project Identity Authentication and Authorization Working Group. Walk-though And Discussion with PSCIOC-PSSDC May 19, 2004 Joint PSCIOC-PSSDC Meeting. Revised May 7th, 2004. Background. Why this project? How does it advance the goals of the PSCIOC-PSSDC? Who is involved?
E N D
Joint Priority ProjectIdentity Authentication and Authorization Working Group Walk-though And Discussion with PSCIOC-PSSDC May 19, 2004 Joint PSCIOC-PSSDC Meeting Revised May 7th, 2004 Version 1.0 Approved by PSCIOC-PSSDC Coordinating Committee
Background • Why this project? • How does it advance the goals of the PSCIOC-PSSDC? • Who is involved? • Major milestones and decisions to date Version 1.0 Approved by PSCIOC-PSSDC Coordinating Committee
The IAA Working Group • The Working Group was created and operates under the joint direction of the Public Sector CIO and Public Sector Service Delivery Councils (PSCIOC, PSSDC) with Ontario as Chair. • The Working Group advances the work on ID Authentication and Authorization issues identified at Lac Carling 2003 as being critical to Electronic Service Delivery. Version 1.0 Approved by PSCIOC-PSSDC Coordinating Committee
How does it advance the goals of the PSCIOC-PSSDC? Working Group Mandate • Develop common cross-jurisdictional Identity Authentication and Authorization Language • Tests a conceptual model with business sectors at the federal, provincial, and municipal levels • Develop options and recommendations for establishing permanent governance Version 1.0 Approved by PSCIOC-PSSDC Coordinating Committee
Value Proposition • Illustrate the ability to leverage the authentication effort across programs • Simplifies the business authentication process • Applies to all jurisdictions • Greater savings in authentication • Simplifies user interfaces Version 1.0 Approved by PSCIOC-PSSDC Coordinating Committee
Who is involved? • Government of Ontario, Management Board Secretariat (Chair) • Government of Ontario, Consumer and Business Services • Government of British Columbia, Office of Chief Information Officer • Government of Alberta, Office of the Chief Information Officer • Government of Saskatchewan, Information Technology Office • Government of Manitoba, Ministry of Finance • City of Winnipeg, Corporate Information Technology • Government of Canada, Treasury Board Secretariat • City of Toronto, Office of the CIO • Government of Québec, L'inforoute gouvernementale et aux ressources informationnelles • Government of Nova Scotia, Service Nova Scotia • Government of Newfoundland & Labrador , Executive Council Version 1.0 Approved by PSCIOC-PSSDC Coordinating Committee
Partnerships and Consultation Here’s who we’ve linked to… • Federal Government’s Treasury Board Secretariat • Integrated Service Delivery for Business (Ontario) • Government Authentication Project (British Columbia ) • National CIO Council Subcommittee for Information Protection • National CIO Council Privacy Subcommittee • Industry Canada • Nine Canadian Provinces • Federal / Provincial / Territories Committee on Identity • Several Major Municipalities (City of Toronto, City of Winnipeg) • PSCIOC / PSSDC XML National Subcommittee Version 1.0 Approved by PSCIOC-PSSDC Coordinating Committee
Selected Partners for Pilot • Federal Jurisdiction • Human Resource Services Department HRSD – ROEWEB • ePass based on certificate and MBUN (unique identifier) • Provincial Jurisdiction • British Columbia - One Stop Business Address Change (OSBAC) • BCeID based on GUID (unique identifier) • Target Market • Small Businesses between 10 and 100 employees Version 1.0 Approved by PSCIOC-PSSDC Coordinating Committee
Major milestones Key Reportbacks • February 2004: Interim report to PSCIOC/PSSDC • May 2004: Progress report to Lac Carling 2004 • September 2004: Final report to PSCIOC / PSSDC Version 1.0 Approved by PSCIOC-PSSDC Coordinating Committee
Decisions to date At Feb 10th joint meeting PSCIOC / PSSDC endorsed : • A pilot project enabling acceptance of extra-jurisdictional electronic credentials for business to demonstrate the application of the IAA guidelines under development • Extension of the work being done to be include consultation on Legal, Security and Privacy with other PSCIOC / PSSDC sub-committees as appropriate • Establishment of a Web Site to both promote visibility of the work being undertaken by PSCIOC / PSSDC and better leverage work being done back into each jurisdiction Version 1.0 Approved by PSCIOC-PSSDC Coordinating Committee
September ‘03 ID Authentication and Authorization Working Group Key Activities and Milestones Project start up Guidelines Development Guidelines Consultation Process Identify/select pilot Develop Pilot Demo Pre-Pilot Implementation Governance proposal Linkage to other identify/authorization initiatives already underway February ‘04 May ‘04 September ‘04 Key Priorities • Definitions and common vocabulary • Developing principles, guidelines/criteria or standards • Confirming the chain of trust framework • Developing an action plan on the short term opportunities • Defining Levels of assurance • Researching and recommending available standards • Recommending on-going governance structure • Defining the role of Third Parties Creative interplay between theory and practice Check in with PSCIOC/PSSDC Version 1.0 Approved by PSCIOC-PSSDC Coordinating Committee
Issues and Opportunities • Build for the long term. • Framework should be neutral politically, legally, technologically. • Complexity & Cost escalates as sensitivity of information and business risk increases. • De-centralized approach to I&A is more compatible with current legislative context. • Individual programs or jurisdictions should choose what works best for them within a defined, standardized framework. Version 1.0 Approved by PSCIOC-PSSDC Coordinating Committee
Results and Next Steps • Results PILOT OVERVIEW Version 1.0 Approved by PSCIOC-PSSDC Coordinating Committee
Current State Federal BC Provincial Existing HRSD ROEWEB Application Existing BC Gov’t OneStop Business Address Change Application Business Policy & Processes Business Policy & Processes • Information • Registration • Credentials • Privacy • Security • Information • Registration • Credentials • Privacy • Security Existing epass Login Existing BCeID Authentication Federal Identified users BC Province Identified users Louis, Professional Hockey and Fitness Institute
Future State Federal BC Provincial Existing HRSD ROEWEB Application Existing BC Gov’t OneStop Business Address Change Application Business Policy & Processes Business Policy & Processes • Privacy • Security • Information • Privacy • Security • Information Existing epass Authentication Existing BCeID Authentication epass enabled BCeID Authentication Service • Informed Consent • Common Business Information • Common Registration • Shared Credentials • Privacy & Security • Agreed Level of Assurance Common Framework, Fundamentals, Practices & Definitions Louis, Professional Hockey and Fitness Institute
Informed Consent For Louis to login to both Federal or Provincial e-services, Louis and his company can PULL information from one program and PUSH it to another.
Louis Logs in at BC using epass Louis may access BC using either his BCeIDOR his epass.
Federal Government MY Services Screen My Services Welcome to the "My Services" Government of Canada web site. Please logout after you have completed your epass transactions. Your epass Services Louie is connecting to all of his e-Services through a customized access
Next Steps • Short term • Long term Version 1.0 Approved by PSCIOC-PSSDC Coordinating Committee
Next StepsShort Term • Complete Pilot Storyboard development • Continue work on Definitions (align with Pilot) • Development of Registration Practice Statements • Development of meaningful measures and proof points for pilot • Conduct Legal, Privacy and Public Opinion Research reviews • Integration of Lac Carling 2004 input • Begin Work on Governance Version 1.0 Approved by PSCIOC-PSSDC Coordinating Committee
Moving forward to September • Initiate Privacy Impact Assessment • Funding Mechanisms for • Focus Groups $75K • Enhance Demo $50K • Business Case $25K • Project Definition • approval to proceed • approval of direction • funding to September Milestone Version 1.0 Approved by PSCIOC-PSSDC Coordinating Committee
Next StepsThinking for the Long Term Additional factors to consider in developing IA&A standards: • Liability and Accountability are key issues to all stakeholders (clients, service providers, government) • Transparency in IA&A policies and procedures will enhance client trust. • Legislated privacy requirements and privacy principles must be respected in the business, policy and technology design. • Third Parties such as self-governance professions and other stakeholders will need to be consulted about their role in registering, authenticating and possibly issuing credentials. • Leverage international and industry standards. • Compatibility with multiple jurisdictions’ legal, policy frameworks. Version 1.0 Approved by PSCIOC-PSSDC Coordinating Committee
Next StepsEmerging Challenges • Governance • Engaging municipalities • Funding and Sustainability • Communications • Integration across boundaries • Sharing knowledge and common practices Version 1.0 Approved by PSCIOC-PSSDC Coordinating Committee
Decisions Required on the Horizon (Sep 2004) • Decision Proposed Governance Model Version 1.0 Approved by PSCIOC-PSSDC Coordinating Committee
Review of Governance options How will governance model be reviewed • Who will review the proposed governance options • How will they be approved Version 1.0 Approved by PSCIOC-PSSDC Coordinating Committee
Governance Implementation How will recommended governance model be put in place • Who will participate • How will articles be developed Version 1.0 Approved by PSCIOC-PSSDC Coordinating Committee
Decisions Required on the Horizon (Sep 2004) • Decision Pilot Implementation Version 1.0 Approved by PSCIOC-PSSDC Coordinating Committee
Decision to Implement the Pilot • Go / No go decision to make pilot go live • What business case would be sufficient • Where would responsibility for the Implementation lie • How would limitation be placed on scope Version 1.0 Approved by PSCIOC-PSSDC Coordinating Committee
Funding to Implement Pilot • Anticipated funding to make pilot go live • To what extent should the pilot be funded • How would any funding be allocated • Where would resources be drawn from Version 1.0 Approved by PSCIOC-PSSDC Coordinating Committee
Decisions Required on the Horizon (Sep 2004) • Decision Mandate to Continue Version 1.0 Approved by PSCIOC-PSSDC Coordinating Committee
Mandate to Continue • Extend Working Group to • Continue with pilot • Conduct Legal, Privacy and Public Consultation / Research reviews • Transition to / support of final governance model Version 1.0 Approved by PSCIOC-PSSDC Coordinating Committee
Appendix A Notes on Reporting Template format requested by PSCIOC-PSSDC Coordinating Committee Version 1.0 Approved by PSCIOC-PSSDC Coordinating Committee
Notes on use of template • The Coordinating Committee recommends that this template be used by each Joint Priority Project lead(s) at the all-day session of the Joint Councils on May 19 at St. Sauveur. • 2. The outcomes that the Coordinating Committee is looking for are: • To provide some in-depth understanding to the PSCIOC-PSSDC members on how the JPP arrived at where it is today • To engage the members in discussion about the options and next steps for the future of the project • To provide a forum for preparing members for decisions required by the project on the near horizon (Sep 2004) • And to allow you an opportunity to gain a sense of where the various jurisdictions are in their support of the project Version 1.0 Approved by PSCIOC-PSSDC Coordinating Committee
Notes on use of template (cont’d) • 3. The number of slides are suggested to be kept to a minimum and that key questions and/or options be the foundation pieces for the discussion along with the key decision points on the horizon. An hour to an hour and 15 minutes has been allocated for each of the 4 JPPs. • 4. This approach to the meeting on May 19th has been put together by the Coordinating Committee and Secretariat to ensure that the decisions and feedback being sought by each JPP are well understood and provide for informed decision making at the next meeting of the Joint Councils in Sep 2004. Version 1.0 Approved by PSCIOC-PSSDC Coordinating Committee
Decisions Required on the Horizon (Sep 2004) • Decision Format • Type (go/no go; governance; funding; choice of solutions/approach; other?) • Jurisdictional involvement required • Importance • Risk Assessment Version 1.0 Approved by PSCIOC-PSSDC Coordinating Committee