Ian Bailey Director Application Architecture Office of CIO, Province of BC A User Centric and Claims Based Architecture for British Columbia.

Slides:

Advertisements

Similar presentations

Extending the Value of e-Procurement to Contingency Staffing

Advertisements

Steps towards E-Government in Syria

Darton College Information Systems Use Policies. Introduction Dartons Information Systems are critical resources. The Information Systems Use Policies.

EDUCAUSE 2001, Indianapolis IN Securing e-Government: Implementing the Federal PKI David Temoshok Federal PKI Policy Manager GSA Office of Governmentwide.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

©2012 Microsoft Corporation. All rights reserved. Content based on SharePoint 15 Technical Preview and published July 2012.

ESign-Online Digital Signature Service February 2015 Controller of Certifying Authorities Department of Electronics and Information Technology Ministry.

August 2004 Providing Industry-wide Security and Identity Management Solutions.

1 PRIVACY ISSUES IN THE U.S. – CANADA CROSS BORDER BUSINESS CONTEXT Presented by: Anneli LeGault ACC Greater New York Chapter Compliance Seminar May 19,

Chief Information Officer Branch Gestion du dirigeant principal de l’information “We will have a world class public key infrastructure in place” Prime.

Page 1 ©2000 Bull Major Challenges in e-Government Value System in modern IS’s for Public services Claude Boulle, European Affairs FP 6 Consultation Meeting.

Evolution of Identity Management May 15, 2008 For: CIPS Security Special Interest Group Presented by: Mike Waddingham, PMP President, Code Technology Corp.

T Network Application Frameworks and XML Service Federation Sasu Tarkoma.

© 2009 The MITRE Corporation. All rights Reserved. April 28, 2009 MITRE Public Release Statement Case Number Norman F. Brickman, Roger.

1 of 2 This document is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS DOCUMENT. © 2007 Microsoft Corporation.

Regulatory Craft Conference November 21, Agenda Access Nova Scotia Context Integrated Service Delivery Successes and Opportunities CFIB - BizPaL.

Inter-jurisdictional Service Delivery Initiatives Overview of Key Potential Opportunities Victor Abele Public Sector Service Delivery Council February.

Introduction to OIX: A Market Solution to Online Identity Trust Don Thibeau.

Information Security Research Program Henry Lee Manager, Security Policy and Research Office of the Chief Information Officer December 2007.

Information Security Introduction to Information Security Michael Whitman and Herbert Mattord 14-1.

Overview of Access and Information Protection

BCNET Security Policies Jens Haeusser Information Security Officer, UBC and Chair, Security Working Group, BCNET Internet2 Joint Techs Vancouver, BC July.

Use case: Federated Identity for Education (Feide) Identity collaboration and federation in Norwegian education Internet2 International Workshop, Chicago,

Government of CanadaGouvernement du Canada Governments Without Boundaries Serving Citizens in a Digital World Presentation to e-Governance Task Force.

Transforming Services Creating Efficiencies Empowering Citizens Transforming Services Creating Efficiencies Empowering Citizens Transforming Services Creating.

IT in the Swedish public sector Britta Johansson

Microsoft Active Directory(AD) A presentation by Robert, Jasmine, Val and Scott IMT546 December 11, 2004.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

U.S. Department of Agriculture eGovernment Program August 14, 2003 eAuthentication Agency Application Pre-Design Meeting eGovernment Program.

Center of Excellence for IT at Bellevue College. Cyber security and information assurance refer to measures for protecting computer systems, networks,

Cyber Authentication Renewal Project Executive Overview June – minute Brief.

1 EAP and EAI Alignment: FiXs Pilot Project December 14, 2005 David Temoshok Director, Identity Policy and Management GSA Office of Governmentwide Policy.

Configuring Directory Certificate Services Lesson 13.

Technology Overview Kim Davis Coordinator of Technology Support Services.

U.S. Department of Agriculture eGovernment Program July 15, 2003 eAuthentication Initiative Pre-Implementation Status eGovernment Program.

The Status of Health IT in British Columbia Elaine McKnight.

MINISTRY OF SOCIAL AFFAIRS AND HEALTH 1 The Finnish National Electronic Patient Record Archive

1 7 th CACR Information Workshop Vulnerabilities of Multi- Application Systems April 25, 2001 MAXIMUS.

An Overview of Single Sign-On, Federation, Its Benefits, and Basic Procedures for Integrating Applications.

Towards a Virtual Institute for Research into eGovernment Prof. Zahir Irani & Dr Tony Elliman Information Systems Evaluation and Integration Group School.

© 2010 Oracle Corporation – Proprietary and Confidential.

PKI in the Swedish public sector Decentralised administration - each agency make their own decisions PKI in different situations: internally within an.

1 European eGovernment Awards 2007 European eGovernment Awards 2007 Workshop for Finalists July, Brussels LIMOSA Belgium Reference project number.

E-GOVERNMENT : AUTHENTICATION OF IDENTITY By Hon Trevor Mallard Minister of State Services, State Services Commission, NZ Government, 16 April Available:

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

SharePoint in the Education Space Presented by: Daniel Petersen Director of Business Solutions Applied Tech.

T8. Open Source Tools That are Changing the Content Technology Landscape Gilbane San Francisco 2010.

Libraries Without Walls The World Within Your Reach Catalyst  Premier’s instruction to Ministry (2001) Process  Consultation with community Opportunity.

Government and Industry IT: one vision, one community Vice Chairs April Meeting Agenda Welcome and Introductions GAPs welcome meeting with ACT Board (John.

Attribute Delivery - Level of Assurance Jack Suess, VP of IT

Trusted Computing and NSTIC Andrew Tarbox Director Federal Business Wave Systems Corp November 14, 2012.

S ecure A rchitecture F or E xchanging Health Information in Central Massachusetts Larry Garber, M.D. Peggy Preusse, R.N. June 9 th, 2005.

Case Study: Applying Authentication Technologies as Part of a HIPAA Compliance Strategy.

VPN. CONFIDENTIAL Agenda Introduction Types of VPN What are VPN Tokens Types of VPN Tokens RSA How tokens Work How does a user login to VPN using VPN.

1 Identities and Federation: The Next IT Wave (The Canadian Access Federation) Rick Bunt President The Canadian University Council of CIOs (CUCCIO)

David Saslav Principal Product Manager Database and Application Server Technologies Oracle Corporation.

 All lines are muted during presentation.  Lines are un-muted during Q&A ◦ If not asking question, please mute your line  *6 to mute your phone  *7.

Illinois Health Network The 14th Global Grid Forum Chicago, Illinois June 27, 2005.

How to introduce a unified authentication module using VISS infrastructure? For state institutions and local governments.

Important acronyms AO = authorizing official ISO = information system owner CA = certification agent.

Pennsylvania Health Information Exchange NJHIMSS - DVHIMSS Enabling Healthcare Transformation Through Information Technology September, 2010.

Incorporating Privacy Into Systems Development Methodology Phil Moleski Director Corporate Information Technology Branch Saskatchewan Health

L’Oreal USA RSA Access Manager and Federated Identity Manager Kick-Off Meeting March 21 st, 2011.

© 2007 Open Grid Forum Authentication Service Profile Christos Kanellopoulos 14 th EUGridPMA, Lisbon, PT October 7 th, 2008.

Committee on Information Technology April 17,

Governments Without Boundaries Serving Citizens in a Digital World

Basharat Institute of Higher Education

Introduction How to combine and use services in different security domains? How to take into account privacy aspects? How to enable single sign on (SSO)

SharePoint services Provides team collaboration through SharePoint Sites and makes it easy for communities to work together on documents, tasks, contacts,

Presentation transcript:

Ian Bailey Director Application Architecture Office of CIO, Province of BC A User Centric and Claims Based Architecture for British Columbia

Agenda Background on BC & Use Cases Connected Workforce Citizen Centred Service Authoritative Parties & Claims IDM Architecture Project IDM Pilots Claims and Standards Questions

Province of British Columbia Here

Province of British Columbia Western most province in Canada 4.4 Million Citizens 400,000 Businesses 2 Million workers 400,000 people participate in the delivery of public services

Two general use cases Connected Workforce Many public and private sector organizations Using different vendor products Sharing information for better outcomes Citizen Centred Service Providing electronic services to citizens Privacy, safety and ease of use

Connected Workforce 400,000 member workforce Approximately 500 public sector organizations Government ministries, agencies & boards Health authorities and hospitals School districts, universities, colleges Municipalities, regional districts Crown Corporations 1000’s Licensed professionals 10,000’s of contracted service providers

Connected Workforce “Information Sharing for better outcomes” Workforce should be able to get access to the information they need to do their job. An identity management eco-system is key to ensuring the right person has access to the right information, at the right time, and for the right purpose.

Connected Workforce 400,000 Businesses They may have their own sophisticated IT infrastructures and have a username & password or smart card at their workplace Or they may need a common Identity provider service BCeID is our identity service

Number of Businesses Size of Business Federated Businesses Common Identity Provider BCeID for small businesses

Citizen Centred Service 4 Million citizens A common Identity provider service for public services in any sector BCeID is our service Desire for additional features Privacy protection and Minimal Disclosure Internet Safety

Authoritative Parties and Claims Government is an authority for personal identification claims Government is an authority for business identity claims Organizations are an authority for claims about their employees Professional bodies are an authority for claims about their members Individuals are the authority for some claims about themselves

BC Identity Management Forum Spring 2006 April 2006 we brought together the largest BC public sector organizations and our major IT suppliers Invited them to work towards a solution that Protects privacy & security Leverages authoritative sources for identity information (claims) Scales to connect our workforce and the public

BC Identity Management Forum Fall 2006 Engaged public sector CIO’s and architects Contracted with Bell, CA, Deloitte, IBM, Microsoft, Nortel, Novell, Oracle, Siemens, Sun Microsystems, Sxip, and Telus Sxip Identity to coordinate and manage forum Develop an architecture for the two use cases

BC Identity Management Forum Requirements Document Contents An agreed lexicon of terms 34 general requirements Privacy best practices Security gradient Authoritative sources of identity claims Loose coupling for scaling

BC Identity Management Forum Architecture Document July 2007 Contents Background/methodology/principles Core architecture interactions Additional use case interactions Standards and architecture recommendations

Core Architecture Authoritative Party (AP) Relying Party (RP) Identity Agent (IA) Authorities recognized to make claims Request and accept claims to satisfy local policy. Facilitates and controls the distribution of claims for a principal. Root Authorities/Trust Model Local Policy audit log Local Policy Audit log

BC Identity Management Forum Test/Pilot the two main use cases Connected workforce Citizen centred service Using Information Cards

BC Identity Management Forum Pilot 1 Connected Workforce Access to each other’s wireless LAN’s using a Managed Information Card Microsoft is providing software so that we can issue Managed Information Cards from 5 organizations Ping Identity is providing software for authenticating users with Managed Information Cards for WiFi access Telus is hosting wireless authenticator

Corporate AD Authoritative Party (AP) Shared Authenticating Web Server (RP) Wireless LAN configured to use Authenticating Web Server and AP’s Visiting user selects Corporate Managed Information Card Internet

BC Identity Management Forum Pilot 2 Connected Workforce Access to a shared collaboration site using Managed Information Cards Microsoft is providing software so that pilot users from 5 orgs can access a Sharepoint 2007 collaboration site with Managed Information Cards Telus is hosting the Sharepoint Site at their Calgary data centre.

Corporate AD Authoritative Party (AP) Collaboration Site Sharepoint Web Server (RP) User selects Corporate Managed Information Card Internet

BC Identity Management Forum Pilot 3 BCeID Business users Issue Managed Information Cards to select business users. CA is providing software to authenticate and authorize users based on claims in Managed Information Cards. Microsoft software for Managed Information Cards for our business identity service Access to Sharepoint, Wireless, and a test web application.

Authoritative Party (AP) BCeID Point of Service Relying Party (RP) Issues managed cards Verifies claims Accepts managed cards sends managed card Visits BCeID service counter Internet

Claims – a need for information standards personal identification claims minimal disclosure claims assurance level claims business identity claims claims about employees claims about professionals Individuals are the authority for some claims about themselves

Questions?