130 likes | 202 Views
Joint Priority Project Identity Authentication and Authorization Working Group. Walk-though And Discussion for PSCIOC-PSSDC Meeting Winnipeg September 28 th , 2004. Working Group Mandate.
E N D
Joint Priority ProjectIdentity Authentication and Authorization Working Group Walk-though And Discussion for PSCIOC-PSSDC Meeting Winnipeg September 28th, 2004
Working Group Mandate • Develop guidelines containing a common set of definitions and vocabulary for identity authentication and authorization processes for inter-jurisdiction application, including trust levels related to each component of the Trust Chain; • Review short term opportunities for action and identify suitable candidates for a pilot project to test the first two elements of the trust chain; Initiate, implement and evaluate the pilot project • Develop recommendations with respect to next steps, including an on-going governance structure
Who is involved? • Government of Ontario, Management Board Secretariat (Chair) • Government of Ontario, Consumer and Business Services • Government of British Columbia, Office of Chief Information Officer • Government of Alberta, Office of the Chief Information Officer • Government of Saskatchewan, Information Technology Office • Government of Manitoba, Ministry of Finance • City of Winnipeg, Corporate Information Technology • Government of Canada, PWGSC • City of Toronto, Office of the CIO • Government of Québec, L'inforoute gouvernementale et aux ressources informationnelles • Government of Nova Scotia, Service Nova Scotia • Government of Newfoundland & Labrador , Executive Council
Preliminary IAA Working Group Decision Points for September 28th meeting in Winnipeg The following decision points are proposed for Joint Council consideration: • Approve (in-principle) Governance model for IAA • Confirmation and endorsement of direction for GoC ePass/BCeID Pilot including: • Postpone decision for taking pilot live • Evaluation to proceed with focus on privacy and lessons learned • Approval (in-principle) for an additional Pilot • Approve extension of mandate of IAA Working Group to include: • Extend work through pilots • Conduct Legal, Privacy and Public Consultation / Research reviews • Transition to / support of final governance model
Results To Date • Definitions and Guidelines • Version 1.0 of Definitions and Guidelines is complete and ready for wider consultation • Pilot • Developed proof of concept model shown at Lac Carling • Evaluation is ongoing • Privacy • GoC undertaking a PIA using demo as context • Privacy issues being shared with PSCIOC privacy subcommittee • Liability • Ontario leading development of Liability issue paper with input from Working Group • Governance • Strong standards and governance being proposed to ensure privacy, security and legal / liability are addressed
Next StepsShort Term Need for continued work to meet emerging challenges: • Governance • Engaging municipalities • Funding and Sustainability • Communications • Integration across boundaries • Sharing knowledge and common practices
Decision Requested • Receive IAA Framework and Guidelines • Guidelines for identity authentication processes for inter-jurisdiction application, including trust levels related to each component of the Trust Chain, have been tabled as part of the supporting materials in the document entitled “Identification, Authentication and Authorization Framework Policy and Guidelines, PSCIOC/ PSSDCCross-Jurisdictional Identification, Authentication and Authorization Working Group, July 29th, 2004 “ • Includes: • a common set of definitions and vocabulary • Practice Assessment Framework & Guidelines for Identification, Authentication and Authorization
Decision Requested • Endorse Pilot Implementation and Evaluation Strategy • Pilot was conceived as a five stage process of which the first three have been completed and demonstrated through the proof of concept model at Lac Carling • Pursuing options since Lac Carling has confirmed implementation of BC – HRSD WebRoE pilot cannot proceed within given timeframe because of timing, resources, and priorities of participating partners • While this has indefinitely deferred any decision to “go live”, still a huge need to work through and evaluate the “proof of concept” to address • Standards and guideline refinements • Legal / Liability • Privacy • Lessons learned • Previously noted funding implications greatly reduced
Decision Requested • Receive Governance Model Options • Options and recommendations with respect to on-going governance structure have been tabled as part of the supporting materials in the document entitled “Governance for Identification, Authentication and Authorization, PSCIOC/ PSSDCCross-Jurisdictional Identification, Authentication and Authorization Working Group, August 10th, 2004 “
Decision Requested • Approve Plan for End-state Governance Model • Continue with Project Management model reporting to PSCIOC – PSSDC as an interim measure • Transition within two years to end state governance model • IA&A Working Group will develop the articles of governing body • End state governance model options to be reviewed and approved by PSCIOC – PSSDC prior to being established • Working Group structure and membership may be reviewed during intervening period to ensure representation is appropriate for a Pan Canadian Standard
Decision Requested • Approve Approval-in-Principle of Additional Pilot • Approval-in-Principle for initiation of a second inter jurisdictional pilot using multiple tokens between multiple levels of government. • demonstrate tangible authentication solutions tied to business priorities • Examine means to expedite appropriate access to information with the aim of improving service • Use parameters set by results of Lac Carling electronic voting • Feasibility study and business case ready to go forward for approval at next PSCIOC – PSSDC meeting • Complete a survey of tokens and token rules • Identify participants • Examples include SAKMs (Justice), Public Health, Business
Decision Requested • Approve Extended Working Group Mandate to: • manage consultation/promulgation and subsequent change management to current version of definitions and standards • “Ground Proof” IA&A guidelines through identified pilots and subsequent evaluations • Working Group responsible for evaluation of all pilots (over-sight plus responsibility to provide advice to PSCIOC and PSSDC on implications of evaluation results for next steps) • Conduct Legal, Privacy and Public Consultation / Research reviews • Transition to / support of final governance model
Contact: Jeff Evans Chair, Cross jurisdictional Working Group on Identity Authentication and Authorization I&IT Strategy, Policy and Planning Branch Office of the Corporate Chief Strategist Management Board Secretariat Government of Ontario 416-327-4107 Jeff.evans@mbs.gov.on.ca