1 / 25

A User Centric and Claims Based Architecture for British Columbia

A User Centric and Claims Based Architecture for British Columbia. Ian Bailey Director Application Architecture Office of CIO, Province of BC. Agenda. Background on BC & Use Cases Connected Workforce Citizen Centred Service Authoritative Parties & Claims IDM Architecture Project

maya-glass
Download Presentation

A User Centric and Claims Based Architecture for British Columbia

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. A User Centric and Claims Based Architecture for British Columbia Ian BaileyDirector Application Architecture Office of CIO, Province of BC

  2. Agenda • Background on BC & Use Cases • Connected Workforce • Citizen Centred Service • Authoritative Parties & Claims • IDM Architecture Project • IDM Pilots • Claims and Standards • Questions

  3. Province of British Columbia Here

  4. Province of British Columbia • Western most province in Canada • 4.4 Million Citizens • 400,000 Businesses • 2 Million workers • 400,000 people participate in the delivery of public services

  5. Two general use cases • Connected Workforce • Many public and private sector organizations • Using different vendor products • Sharing information for better outcomes • Citizen Centred Service • Providing electronic services to citizens • Privacy, safety and ease of use

  6. Connected Workforce400,000 member workforce • Approximately 500 public sector organizations • Government ministries, agencies & boards • Health authorities and hospitals • School districts, universities, colleges • Municipalities, regional districts • Crown Corporations • 1000’s Licensed professionals • 10,000’s of contracted service providers

  7. Connected Workforce“Information Sharing for better outcomes” • Workforce should be able to get access to the information they need to do their job. • An identity management eco-system is key to ensuring the right person has access to the right information, at the right time, and for the right purpose.

  8. Connected Workforce400,000 Businesses • They may have their own sophisticated IT infrastructures and have a username & password or smart card at their workplace • Or they may need a common Identity provider service • BCeID is our identity service

  9. Federated Businesses Size of Business Common Identity Provider BCeID for small businesses Number of Businesses

  10. Citizen Centred Service4 Million citizens • A common Identity provider service for public services in any sector • BCeID is our service • Desire for additional features • Privacy protection and Minimal Disclosure • Internet Safety

  11. Authoritative Parties and Claims • Government is an authority for personal identification claims • Government is an authority for business identity claims • Organizations are an authority for claims about their employees • Professional bodies are an authority for claims about their members • Individuals are the authority for some claims about themselves

  12. BC Identity Management ForumSpring 2006 • April 2006 we brought together the largest BC public sector organizations and our major IT suppliers • Invited them to work towards a solution that • Protects privacy & security • Leverages authoritative sources for identity information (claims) • Scales to connect our workforce and the public

  13. BC Identity Management ForumFall 2006 • Engaged public sector CIO’s and architects • Contracted with Bell, CA, Deloitte, IBM, Microsoft, Nortel, Novell, Oracle, Siemens, Sun Microsystems, Sxip, and Telus • Sxip Identity to coordinate and manage forum • Develop an architecture for the two use cases

  14. BC Identity Management ForumRequirements Document • Contents • An agreed lexicon of terms • 34 general requirements • Privacy best practices • Security gradient • Authoritative sources of identity claims • Loose coupling for scaling • http://www.cio.gov.bc.ca/idm/idm_forum/

  15. BC Identity Management ForumArchitecture Document July 2007 • Contents • Background/methodology/principles • Core architecture interactions • Additional use case interactions • Standards and architecture recommendations • http://www.cio.gov.bc.ca/idm/idm_forum/

  16. Audit log audit log Local Policy Local Policy Core Architecture Root Authorities/Trust Model Request and accept claims to satisfy local policy. Authorities recognized to make claims Authoritative Party (AP) Relying Party (RP) Identity Agent (IA) Facilitates and controls the distribution of claims for a principal.

  17. BC Identity Management Forum • Test/Pilot the two main use cases • Connected workforce • Citizen centred service • Using Information Cards

  18. BC Identity Management ForumPilot 1 Connected Workforce • Access to each other’s wireless LAN’s using a Managed Information Card • Microsoft is providing software so that we can issue Managed Information Cards from 5 organizations • Ping Identity is providing software for authenticating users with Managed Information Cards for WiFi access • Telus is hosting wireless authenticator

  19. Visiting user selects Corporate Managed Information Card Wireless LAN configured to use Authenticating Web Server and AP’s Shared Authenticating Web Server (RP) Corporate AD Authoritative Party(AP) Internet

  20. BC Identity Management ForumPilot 2 Connected Workforce • Access to a shared collaboration site using Managed Information Cards • Microsoft is providing software so that pilot users from 5 orgs can access a Sharepoint 2007 collaboration site with Managed Information Cards • Telus is hosting the Sharepoint Site at their Calgary data centre.

  21. User selects Corporate Managed Information Card Internet Collaboration Site Sharepoint Web Server (RP) Corporate AD Authoritative Party(AP)

  22. BC Identity Management ForumPilot 3 BCeID Business users • Issue Managed Information Cards to select business users. • CA is providing software to authenticate and authorize users based on claims in Managed Information Cards. • Microsoft software for Managed Information Cards for our business identity service www.bceid.ca • Access to Sharepoint, Wireless, and a test web application.

  23. https://www.bceid.ca Authoritative Party(AP) Relying Party (RP) Accepts managed cards Issues managed cards Verifies claims Internet sends managed card BCeID Point of Service Visits BCeID service counter

  24. Claims – a need for information standards • personal identification claims • minimal disclosure claims • assurance level claims • business identity claims • claims about employees • claims about professionals • Individuals are the authority for some claims about themselves

  25. Questions?

More Related