2006 CACR Privacy and Security Conference November 3, 2006 Identity: Setting the Larger Context, Achieving the Right Outcomes.

Slides:



Advertisements
Similar presentations
Module N° 4 – ICAO SSP framework
Advertisements

Chemawawin Cree Nation. Community Planning Change, Expectations and Performance Some Observations Chief Clarence Easter Chemawawin Cree Nation Aboriginal.
1 Service Providers Capacity Assessment Framework Presentation to the Service Delivery Advisory Group August 28, 2008.
Overview of Priorities and Activities: Shared Services Canada Presentation to the Information Technology Infrastructure Roundtable June 17, 2013 Liseanne.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
Enterprise Security A Framework For Tomorrow Christopher P. Buse, CPA, CISA, CISSP Chief Information Security Officer State of Minnesota.
Internal Audit : Framework for the Management of Compliance Presentation at FMI meeting Sept
INTOSAI Compliance Audit Guidelines (ISSAI )
Connecting People With Information DoD Net-Centric Services Strategy Frank Petroski October 31, 2006.
Security Controls – What Works
Contractor Assurance Discussion Forrestal Building Washington, D.C. December 14, 2011.
CADTH Therapeutic Reviews
Federating Identity Management in the Government of Canada Identity North Conference November 20 th 2012 Presented by: Rita Whittle Senior Director, Cyber.
Inter-jurisdictional Service Delivery Initiatives Overview of Key Potential Opportunities Victor Abele Public Sector Service Delivery Council February.
Opportunities & Implications for Turkish Organisations & Projects
Enterprise Architecture
Welcome ISO9001:2000 Foundation Workshop.
Competency Models Impact on Talent Management
Introduction to Standard 2: Partnering with consumers Advice Centre Network Meeting Nicola Dunbar October 2012.
Orientation to the Civic Studies 11 Integrated Resource Package (IRP) 2005.
Justice Information Network Strategic Plan Development Justice Information Network Board March 18, 2008 Mo West, JIN Program Manager.
1st MODINIS workshop Identity management in eGovernment Frank Robben General manager Crossroads Bank for Social Security Strategic advisor Federal Public.
Information Sharing Puzzle: Next Steps Chris Rogers California Department of Justice April 28, 2005.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
BC Injury Prevention Strategy Working Paper for Discussion.
Continual Service Improvement Process
1©NQI NQI Progressive Excellence Criteria for the Federal Public Service No part of this publication may be reproduced, stored in a retrieval system, or.
Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013 DRAFT.
Government of CanadaGouvernement du Canada Service Transformation through Government On-Line Helen McDonald Director General, Office of the Chief Information.
Performance Measurement and Analysis for Health Organizations
Introduction to Secure Messaging The Open Group Messaging Forum April 30, 2003.
Tbilisi, Georgia June 2013 Government Services and Registries.
Delivering Results Since 1975 Vancouver Calgary Edmonton Toronto Lakeland Catholic School District Education Planning Project Objectives, Work Plan & Schedule.
Quote for today “Sometimes the questions are complicated and the answers are simple” - ?? ????? “Sometimes the questions are complicated and the answers.
Roles and Responsibilities
Accountability in Health Promotion: Sharing Lessons Learned Management and Program Services Directorate Population and Public Health Branch Health Canada.
IT PMB: Executive Oversight and Decision Authority for Application and Infrastructure Projects at NASA Larry Sweet Chair, IT PMB JSC CIO August 2010.
Cyber Authentication Renewal Project Executive Overview June – minute Brief.
European Broadband Portal Phase II Application of the Blueprint for “bottom-up” broadband initiatives.
1 February 2005 Briefing Sessions Draft Regulations Using Water for Recreational Purposes.
BPK Strategic Planning: Briefing for Denpasar Regional Office Leadership Team Craig Anderson Ahmed Fajarprana August 11-12, 2005.
State HIE Program Chris Muir Program Manager for Western/Mid-western States.
HIT Policy Committee NHIN Workgroup Recommendations Phase 2 David Lansky, Chair Pacific Business Group on Health Danny Weitzner, Co-Chair Department of.
ISO 9001:2008 to ISO 9001:2015 Summary of Changes
1 © Material United States Department of the Interior Federal Information Security Management Act (FISMA) April 2008 Larry Ruffin & Joe Seger.
Copyright © 2007 Pearson Education Canada 1 Chapter 1: The Demand for Auditing and Assurance Services.
Enterprise Architecture, Enterprise Data Management, and Data Standardization Efforts at the U.S. Department of Education May 2006 Joe Rose, Chief Architect.
Project Kick-off Meeting Presented By: > > > > Office of the Chief Information Officer.
S&I Integration with NIEM (DRAFT) Standards Development Support June 8, 2011.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
11 November2014 RAILWAY SAFETY REGULATOR 2014/15 FINANCIAL YEAR QUARTER 1 & QUARTER 2 PROGRESS 1.
Features Governmental organization Critically important ICT objects Distributed infrastructure Three levels of confidentiality Dozens of subsidiary organizations.
Interoperable Trust Networks Chris Rogers California Dept of Justice February 16, 2005.
Kathy Corbiere Service Delivery and Performance Commission
1 PRIVACY SUB-COMMITTEE UPDATE PSCIOC Meeting February 9, 2004 Chris Norman Executive Director, Ministry of Management Services, Government of B.C.
The common structure and ISO 9001:2015 additions
Assessment Validation. MORE THAN YOU IMAGINE ASQA (Australian Skills Quality Authority) New National Regulator ASQA as of 1 July, 2011.
Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
UNDERSTANDING INFORMATION MANAGEMENT (IM) WITHIN THE FEDERAL GOVERNMENT.
Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.
CHB Conference 2007 Planning for and Promoting Healthy Communities Roles and Responsibilities of Community Health Boards Presented by Carla Anglehart Director,
Shared Services and Third Party Assurance: Panel May 19, 2016.
LRC Network Planning for Records Management improvement Kathryn Dan, GM University Records and Policy.
The Federal E-Authentication Initiative David Temoshok Director, Identity Policy GSA Office of Governmentwide Policy February 12, 2004 The E-Authentication.
Audit & Risk Management
VERMONT INFORMATION TECHNOLOGY LEADERS
Legal Framework for Civil Registration, Vital Statistics
Portfolio, Programme and Project
Introduction to key terms and concepts of legal identity
Presentation transcript:

2006 CACR Privacy and Security Conference November 3, 2006 Identity: Setting the Larger Context, Achieving the Right Outcomes

2 Identity: Outline  Introduction  Context  Way Forward  Outputs  Summary

3 Identity: Introduction

4 Identity: Clients & Outcomes External Clients: Individuals and Businesses  Improved delivery of government services  Increased safety and security  Enhanced human rights and freedoms Internal Clients: GC Employees and Contractors  Increased productivity  Decreased time to on-board, off-board personnel  Increased compliance with security, privacy and IM policies

5 Identity: Objectives Bridge the gap between the many service and security communities Engage stakeholders and gain consensus Develop a conceptual framework that can be used for: –Developing and aligning to a single GC-wide vision –Developing GC-wide identity principles –Establishing a common view of identity and compatible program and project approaches

6 Identity: Approach Mandate/ Priorities Risk Analysis Assurances Business Processes Technologies/ Solutions Principles/ Policies Services/ Capabilities What is our scope and how do we align to the relevant principles and policies? What are our risks with respect to identity? What assurances do we provide or require? How do we plan to deliver services or deploy our capabilities How must we organize ourselves and what process must we use? What are our options for technologies or solutions How do we use identity to fulfiill our mandate and address our priorities? Clients & Stakeholders Who are our clients and stakeholders; what do they need? Work ProductsStepsKey Questions Project Charter Needs & Outcomes Lexicon Principles Risk-Event Model Assurance Model Service Agreements Business Architecture Technical Criteria Inputs Policy Guidance Technical Guidance Standards Practices Solutions Existing IDM Products Relevant Principles Technologies IDM Policy, Directives, Standards IDM Enterprise Architecture IDM Guidelines, Tools, Best Practices Outputs GC-Specific IDM Products IDM Solutions

7 Identity: Context

8 Identity: Government Context Government Context: Working together in the public interest to ensure that we uphold what we believe and value as a society. Identity is critical to our society, our governments and institutions

9 Identity: Drivers Privacy & Security Drivers: –Economic: Identity Theft/Fraud –Public Safety: Law Enforcement –National Security: Anti-Terrorism, Border Security Citizen-Focused Drivers –Citizen-Centred Service Delivery –Increasing Client Satisfaction –Ensuring Rights of Citizens Integrity and Accountability Drivers: –Program and Service Integrity –Transparency Organizational Transformation Drivers: –Rethinking of Government as a Single Enterprise –Shared Services Model –Inter-Agency and Inter-jurisdictional Collaboration

10 Authenticating Identity Communicating Identity Establishing Identity Shared jurisdiction: Federal role: for those arriving in Canada Provincial / Territorial role: with Vital Statistics - born in Canada Based on relatively standard set of core attributes including: Name Place of Birth Date of Birth Gender Citizenship Numerous organizations involved at all levels of government, for example: Federally issued.. Social Insurance Number (SIN) Passport Provincially issued.. Birth registration # Birth certificate Health card Driver’s license Most organizations require a similar base of information to provide identification Some additional needs specific to the organization Separate stand-alone processes by department or program for authentication: Epass CRA Service Canada Etc. Many different functions for validation or verification for clients’ identity Many enabling technologies: PKI, biometrics, tokens Current Roles… Ideal Roles… Identity: Roles of Government

11 Identity Management Today  Government departments/agencies have similar needs with respect to identifying individuals and request similar information  Purpose – primarily Security and/or Service delivery  Same or similar information collected, and then shared in ad hoc and disparate ways:  Clients provide same information – different times, different formats  Complex network of information sharing agreements between federal government and other jurisdictions  Many bilateral agreements with provinces and territories related to the use of personal information  Integrity varies, depending on source and on associated program/service risk

12 Identity: Way Forward

13 Identity: Defining the Opportunity ‘The Government of Canada’s ability to fulfill its mandate can be greatly improved through a common understanding of identity. A whole of government approach to identity is a critical requirement to the integrity of government programs and services.’ As approved by ADM Identity Committee, Mar 3, 2006 ‘The Government of Canada’s ability to fulfill its mandate can be greatly improved through a common understanding of identity. A whole of government approach to identity is a critical requirement to the integrity of government programs and services.’ As approved by ADM Identity Committee, Mar 3, 2006

14 Identity: Defining the Issue ‘Making sure you are dealing with the right person’

15 Identity: Defining the Concepts Identity Management: the set of principles, practices, policies, processes and procedures used to realize the desired outcomes related to identity. Identity: a reference or designation used to distinguish a unique and particular individual (organization or device).

16 Identity: Strategy Statement Develop a common approach consisting of: 1. A common understanding of key identity concepts and principles; 2. A single view that promotes a consistent application while enabling transparency and accountability; and 3. A comprehensive action plan appropriate to the many systems, programs and government organizations that depend upon identity.

17 Identity: Outputs

18 Identity: Draft Principles 1.Justify the Use of Identity. 2.Identify with Specific Reason. 3.Use Appropriate Methods. 4.Enhance Public Trust. 5.Use a Risk-Based Approach. 6.Be Collectively Responsible. 7.Uphold the Rights and Values of Canadians. 8.Ensure Equity. 9.Enable Consistency, Availability, and Interoperability. 10.Maintain Accuracy and Integrity. 11.Preserve Proportionality. Draft as approved by TBS CIO

19 Evidence of Integrity (EOI) Assurance as a whole, pertaining to a system, process, token (physical or electronic), etc. Evidence of Integrity (EOI) Assurance as a whole, pertaining to a system, process, token (physical or electronic), etc. Evidence of Identity (EOI) Evidence that the individual is really who they claim to be - their ‘true’ identity as required by law. Evidence of Identity (EOI) Evidence that the individual is really who they claim to be - their ‘true’ identity as required by law. Evidence of Control (EOC) Evidence that the individual has control over what has been entrusted to them. Evidence of Control (EOC) Evidence that the individual has control over what has been entrusted to them. Assured by: Assurance of Identity Level 1: Little or no confidence in validity of claimant’s identity Level 2: Some confidence in validity of claimant’s identity Level 3: High confidence in validity of claimant’s identity Level 4: Very high confidence in claimant’s identity Assurance of Identity Level 1: Little or no confidence in validity of claimant’s identity Level 2: Some confidence in validity of claimant’s identity Level 3: High confidence in validity of claimant’s identity Level 4: Very high confidence in claimant’s identity Assurance of Control Level 1: Little or no confidence that claimant has control over what has been issued to them (e.g. token/identifier) Level 2: Some confidence that claimant has control over what has been issued to them Level 3: High confidence that claimant has control over what has been issued to them Level 4: Very high confidence that claimant has control over what has been issued to them Assurance of Control Level 1: Little or no confidence that claimant has control over what has been issued to them (e.g. token/identifier) Level 2: Some confidence that claimant has control over what has been issued to them Level 3: High confidence that claimant has control over what has been issued to them Level 4: Very high confidence that claimant has control over what has been issued to them Assurance of Integrity TBD Assurance of Integrity TBD + + Identity: Evidence & Assurance

20 Evidence-Assurance Functions COMMON IDENTITY EVIDENCE-ASSURANCE FUNCTIONS INPUT (Evidence)FUNCTIONS (Evidence-Assurance)OUTPUT (Assurance)LEVEL Evidence of IdentityAssurance of Identity[1-4] Evidence of IntegrityAssurance of Integrity[1-4] Evidence of ControlAssurance of Control[1-4] PROGRAM or MANDATE-SPECIFIC EVIDENCE-ASSURANCE FUNCTIONS INPUT (Evidence)FUNCTIONS (Evidence-Assurance)OUTPUT (Assurance)LEVEL Evidence of EligibilityAssurance of Eligibility Evidence of StatusAssurance of Status Evidence of Trust/ReliabilityAssurance of Trust/Reliability Evidence of EntitlementAssurance of Entitlement Evidence of PrivilegeAssurance of Privilege Evidence of AuthorityAssurance of Authority Evidence of CustodyAssurance of Custody Evidence of EventAssurance of Event Evidence of ResidencyAssurance of Residency Evidence of […]Assurance of […] 1. Evidence Gathering 2. Validation, Verification, Vetting 3. Adjudication Evidence-Assurance functions are specific to the program or mandate.

21 Authorization Evidence Service Delivery Grant of Status/Authority Technology Enablers Identity: Draft Framework Identity Principles Establishing Identity Communicating Identity Authenticating Identity Assurance of Identity  Assurance of Integrity Assurance of Control Assurance of Identity  Assurance of Integrity  Assurance of Control Assurance of Identity  Assurance of Integrity  Assurance of Control  Security Access Enforcement Audit/ Compliance Assurances Processes Functions Justified Use Legislative and Policy Context Assurance Evidence Assurance Lexicon Currently being developed by the TBS CIOB Identity Team

22 Identity: Summary

23 Identity: Summary  A single GC-wide approach that:  Recognizes common requirements throughout government  Leverages current investments and accomplishments:  Independent of technology or solution This is a journey in progress….

24

Feedback: Privacy Policy Feedback
Do Not Sell My Personal Information
About project: SlidePlayer Terms of Service

© 2025 SlidePlayer.com. Inc. All rights reserved.