1 / 24

Identity: Setting the Larger Context, Achieving the Right Outcomes

Identity: Setting the Larger Context, Achieving the Right Outcomes. 2006 CACR Privacy and Security Conference November 3, 2006. Identity: Outline. Introduction Context Way Forward Outputs Summary. Identity: Introduction. Identity: Clients & Outcomes.

keziah
Download Presentation

Identity: Setting the Larger Context, Achieving the Right Outcomes

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. Identity:Setting the Larger Context, Achieving the Right Outcomes 2006 CACR Privacy and Security Conference November 3, 2006

  2. Identity: Outline • Introduction • Context • Way Forward • Outputs • Summary

  3. Identity: Introduction

  4. Identity: Clients & Outcomes External Clients: Individuals and Businesses • Improved delivery of government services • Increased safety and security • Enhanced human rights and freedoms Internal Clients: GC Employees and Contractors • Increased productivity • Decreased time to on-board, off-board personnel • Increased compliance with security, privacy and IM policies

  5. Identity: Objectives • Bridge the gap between the many service and security communities • Engage stakeholders and gain consensus • Develop a conceptual framework that can be used for: • Developing and aligning to a single GC-wide vision • Developing GC-wide identity principles • Establishing a common view of identity and compatible program and project approaches

  6. Identity: Approach Inputs Steps Key Questions Work Products Outputs Existing IDM Products GC-Specific IDM Products ProjectCharter Mandate/Priorities How do we use identity to fulfiillour mandate and address our priorities? RelevantPrinciples IDM Policy, Directives, Standards Needs & Outcomes Clients &Stakeholders Who are our clients and stakeholders; what do they need? Policy Guidance Lexicon Principles Principles/Policies What is our scope and how do we align to the relevant principles and policies? IDM Guidelines,Tools, Best Practices TechnicalGuidance Risk-Event Model Risk Analysis What are our risks with respect to identity? Standards AssuranceModel Assurances What assurances do we provide or require? IDM Enterprise Architecture Practices ServiceAgreements How do we plan to deliver services or deploy our capabilities Services/Capabilities IDM Solutions BusinessArchitecture Solutions BusinessProcesses How must we organize ourselves and what process must we use? TechnicalCriteria Technologies/Solutions What are our options for technologies or solutions Technologies

  7. Identity: Context

  8. Identity: Government Context Government Context: Working together in the public interest to ensure that we uphold what we believe and value as a society. Identity is critical to our society, our governments and institutions

  9. Identity: Drivers • Privacy & Security Drivers: • Economic: Identity Theft/Fraud • Public Safety: Law Enforcement • National Security: Anti-Terrorism, Border Security • Citizen-Focused Drivers • Citizen-Centred Service Delivery • Increasing Client Satisfaction • Ensuring Rights of Citizens • Integrity and Accountability Drivers: • Program and Service Integrity • Transparency • Organizational Transformation Drivers: • Rethinking of Government as a Single Enterprise • Shared Services Model • Inter-Agency and Inter-jurisdictional Collaboration

  10. Identity: Roles of Government Ideal Roles… Establishing Identity CommunicatingIdentity Authenticating Identity Current Roles… • Shared jurisdiction: • Federal role: for those arrivingin Canada • Provincial / Territorial role: with Vital Statistics - born in Canada • Based on relativelystandard set of coreattributes including: • Name • Place of Birth • Date of Birth • Gender • Citizenship • Numerous organizationsinvolved at all levels ofgovernment, for example: • Federally issued.. • Social Insurance Number (SIN) • Passport • Provincially issued.. • Birth registration # • Birth certificate • Health card • Driver’s license • Most organizations require a similar base of information to provide identification • Some additional needs specific to the organization • Separate stand-alone processes by department or program for authentication: • Epass • CRA • Service CanadaEtc. • Many different functions for • validation or verification • for clients’ identity • Many enabling technologies: • PKI, biometrics, tokens

  11. Identity Management Today • Government departments/agencies have similar needs with respect to identifying individuals and request similar information • Purpose – primarily Security and/or Service delivery • Same or similar information collected, and then shared in ad hoc and disparate ways: • Clients provide same information – different times, different formats • Complex network of information sharing agreements between federal government and other jurisdictions • Many bilateral agreements with provinces and territories related to the use of personal information • Integrity varies, depending on source and on associated program/service risk

  12. Identity: Way Forward

  13. Identity: Defining the Opportunity ‘The Government of Canada’s ability to fulfill its mandate can be greatly improved through a common understanding of identity. A whole of government approach to identity is a critical requirement to the integrity of government programs and services.’ As approved by ADM Identity Committee, Mar 3, 2006

  14. Identity: Defining the Issue ‘Making sure you are dealing with the right person’

  15. Identity: Defining the Concepts Identity: a reference or designation used to distinguish a unique and particular individual (organization or device). Identity Management: the set of principles, practices, policies, processes and procedures used to realize the desired outcomes related to identity.

  16. Identity: Strategy Statement Develop a common approach consisting of: • A common understanding of key identity concepts and principles; • A single view that promotes a consistent application while enabling transparency and accountability; and • A comprehensive action plan appropriate to the many systems, programs and government organizations that depend upon identity.

  17. Identity: Outputs

  18. Identity: Draft Principles • Justify the Use of Identity. • Identify with Specific Reason. • Use Appropriate Methods. • Enhance Public Trust. • Use a Risk-Based Approach. • Be Collectively Responsible. • Uphold the Rights and Values of Canadians. • Ensure Equity. • Enable Consistency, Availability, and Interoperability. • Maintain Accuracy and Integrity. • Preserve Proportionality. Draft as approved by TBS CIO

  19. Identity: Evidence & Assurance Evidence of Identity(EOI) Evidence that the individual is really who they claim to be - their ‘true’ identity as required by law. Evidence of Control(EOC) Evidence that the individual has control over what has been entrusted to them. Evidence of Integrity(EOI) Assurance as a whole, pertaining to a system, process, token (physical or electronic), etc. + + Assured by: Assured by: Assured by: • Assurance of Identity • Level 1: Little or no confidence in validity of claimant’s identity • Level 2: Some confidence in validity of claimant’s identity • Level 3: High confidence in validity of claimant’s identity • Level 4: Very high confidence in claimant’s identity • Assurance of Control • Level 1: Little or no confidence that claimant has control over what has been issued to them (e.g. token/identifier) • Level 2: Some confidence that claimant has control over what has been issued to them • Level 3: High confidence that claimant has control over what has been issued to them • Level 4: Very high confidence that claimant has control over what has been issued to them Assurance of Integrity TBD

  20. Evidence-Assurance Functions 1. Evidence Gathering 2. Validation, Verification, Vetting 3. Adjudication Evidence-Assurance functions are specific to the program or mandate.

  21. Identity: Draft Framework Legislative and Policy Context Justified Use Authorization Identity Principles Assurances Access Service Delivery Processes EstablishingIdentity CommunicatingIdentity AuthenticatingIdentity Security Evidence Assurance Functions Grant of Status/Authority EvidenceAssurance EvidenceAssurance EvidenceAssurance Enforcement Lexicon Audit/Compliance Technology Enablers Currently being developed by the TBS CIOB Identity Team

  22. Identity: Summary

  23. Identity: Summary • A single GC-wide approach that: • Recognizes common requirements throughout government • Leverages current investments and accomplishments: • Independent of technology or solution This is a journey in progress….

More Related