1. DC One Card Program Overview FSSCC Meeting March 8, 2011

2. ____ __ ____ _____ ____ ______ _____ _____ ____ _____ _____ _____ ____ _____ Click to edit Master text styles Second level Third level Fourth level Fifth level Issues for Issuers 2 Citizens have multiple ID Cards DC One Card consolidates physical credentials Citizens have multiple online identities dc one ID User ID: Password: dc one ID User ID: Password: Agency A User ID: Password: Agency A User ID: Password: Agency B User ID: Password: Agency B User ID: Password: Agency C User ID: Password: Agency C User ID: Password: Agency D User ID: Password: Agency D User ID: Password: Consolidated online identity could provide authentication across agencies TRUST: How will you vet applicants? INTEROP: Will your card / online ID work with legacy infrastructure? SECURITY: What data will you collect/maintain and how will you secure it?

3. ____ __ ____ _____ ____ ______ _____ _____ ____ _____ _____ _____ ____ _____ Click to edit Master text styles Second level Third level Fourth level Fifth level 3 Tier 1 Cards Specifications: Generic White PVC Card Barcode Low Cost Usage: For programs that require only barcode (e.g., parks/rec, libraries) Tier 2 Cards Specifications: Integrated SmarTrip ® 3-Track Mag Stripe Barcode Moderate Cost Optional Integrated HID Usage: School Student ID Summer Youth Program Employees (w/ HID) Tier 3 Cards Specifications: Integrated SmarTrip ® 3-Track Mag Stripe Integrated HID FIPS-201, PIV I Barcode High Cost Usage: First Responders Employees requiring trusted electronic verification Until infrastructure can support a common technology, multiple technology tiers will support diverse customer needs: Issuer Issue: A DC One Card Example—Card Tiers

4. ____ __ ____ _____ ____ ______ _____ _____ ____ _____ _____ _____ ____ _____ Click to edit Master text styles Second level Third level Fourth level Fifth level Relying Party Considerations 4 Where will you maintain access rights? What level credential will you require for access? Can your infrastructure read this new/future credential? How can I rely on someone else’s credential? DC One Card IDMS Citizens use their DC One Card credential to access services dc one ID User ID: Password: dc one ID User ID: Password:

5. ____ __ ____ _____ ____ ______ _____ _____ ____ _____ _____ _____ ____ _____ Click to edit Master text styles Second level Third level Fourth level Fifth level Relying Party One Card, Many Different Uses DPR uses it for: Identification Facility access Reservations Usage DOES uses it for: Identification Time Tracking DCPL uses it for: Borrowing privileges Tracking due dates, fees Online access WMATA uses it for: Metro rail Metro bus Parking lot access DCPS uses it for: Identification School access Attendance Cafeteria / library use Agencies use it for: Identification Door Access

6. ____ __ ____ _____ ____ ______ _____ _____ ____ _____ _____ _____ ____ _____ Click to edit Master text styles Second level Third level Fourth level Fifth level “Simple” Business Case: Consolidation of Student IDs 6 Challenge / Situation Dozens of secondary schools issuing their own student IDs –IDs could not be used at other schools or for other programs / activities Each school was required to invest in its own ID infrastructure Solution Use DC One Card as single standard student ID Centralized ID issuance services –Individual schools free of card issuance infrastructure and maintenance costs –Eases provisioning and improves reliability Standardized ID increases usability –Works for school access, school library and cafeteria services –ID can also be used for Metro, public library services, and DC parks/recreation centers

7. ____ __ ____ _____ ____ ______ _____ _____ ____ _____ _____ _____ ____ _____ Click to edit Master text styles Second level Third level Fourth level Fifth level Less Simple Business Case: High Assurance Credential for Taxicabs Commission Prototype 7 Challenge / Situation: –Eliminate extensive cab driver license fraud –Improve poor trip reporting Solution Approach –Issue standard PIV I credential to all taxi cab drivers –Deploy modern cab infrastructure integrated with PIV I credential solution Expected Benefits –Significantly reduce taxi cab fraud –Improve accountability and passenger safety –Improve services to customers (e.g., credit card, interactive services) –Introduce additional revenue opportunities for drivers and the DCTC

8. ____ __ ____ _____ ____ ______ _____ _____ ____ _____ _____ _____ ____ _____ Click to edit Master text styles Second level Third level Fourth level Fifth level Trust, Interoperability and Security 8 Trusted Credential and Digital ID Issued Access EHR from Health Clinic Access Medicaid Statements State Issuer Home PC Health Clinic Electronic Health Record Home State Home PC State Medicaid Office Medicaid Statement Gets Sick Out of State, Clinic Accepts Authorization to Pull EHR and Eligibility Info from Home State Agencies Health Clinic Electronic Health Record Eligibility Neighboring StateFederal Government VA Home PC Applies to US VA for Benefits

9. ____ __ ____ _____ ____ ______ _____ _____ ____ _____ _____ _____ ____ _____ Click to edit Master text styles Second level Third level Fourth level Fifth level ITSM Planning Stage 1: Establish / Confirm Vision 9 Program Progression / Maturity Level 1Level 2Level 3Level 4 Maturity Levels Identity / Credential Access Management Identity / Credential Access Management Identity / Credential Access Management Identity / Credential Access Management Issuing Level 1 Credential and Digital Identity Accepting Level 1 Credential and Digital Identity TrustInteroperabilitySecurity Process Improvement Single Agency Issuing Credential Multiple Agencies Use Credentials for Physical or Logical Access Minimal to No Verification of Identity, Basic Credential Physical or Logical Access with Self- Asserted Credential Minimal Efficiency Gains through Centralized Issuance Minimal Physical or Logical Access Efficiency Gains Issuing Level 2 Credential and Digital Identity Accepting Level 2 Credential and Digital Identity Single Agency Issuing Level 2 Credential Multiple Agencies Use Credentials for Physical and Logical Access Strong Verification of Identity. Basic Credential Logical and Physical Access with Validated Credential Minimal Efficiency Gains through Centralized Issuance Standardized Physical and Logical Access Mechanisms Issuing Level 2 / 3 Credential and Digital Identity Accepting Level 2 / 3 Credential and Digital Identity Multiple Internal Points of Issuance Multiple Agencies Use Credentials for Physical and Logical Access Strong Verification and Binding of Identity Strong Physical and Logical Access Control Reduced Emphasis on Central Issuance Standardized Physical and Logical Access Mechanisms Issuing Level 4 Credential Accepting Level 4 Credential Multiple Internal and External Points of Issuance Multiple Cross-Agency, Cross-State Physical and Logical Uses Highest Level of Verification and Binding Risk Based Physical and Logical Access Controls Widespread Issuance Reduces Internal Issuance Needs Achieving Widespread Business Process Improvements

10. ____ __ ____ _____ ____ ______ _____ _____ ____ _____ _____ _____ ____ _____ Click to edit Master text styles Second level Third level Fourth level Fifth level Identity Proofing Proof of Identity You must provide at least one primary identity document, as listed below, to satisfy proof of identity. District residents will be asked to provide a proof of residency (i.e. Government-issued ID containing the address, utility bill, lease/mortgage agreement etc.). This is to verify that the applicant is eligible to receive in-state privileges, i.e. Libraries, and Parks & Recreation. We regret that we cannot accept photocopies or scanned documents. (We will not retain copies of this documentation) Primary Identity Source Documents (one required), must be original and contain a photograph: Driver’s license or ID card issued by a state or outlying possession of the United States, provided it contains a photograph or information such as name, date of birth, gender, height, eye color and address US Passport or Passport Card ID card issued by federal, state or local government agencies or entities, provided it contains a photograph or information such as name, date of birth, gender, height, eye color and address Current school ID card with a photograph Voter’s registration card that contains a photograph US military card or draft record that contains a photograph Military dependent’s ID card US Coast Guard Merchant Mariner Card Native American tribal document Driver’s license issued by a Canadian government authority Permanent Resident Card or Alien Registration Receipt Card (Form I-551) Foreign passport with Form I-94 or Form I-94A bearing the same name as the passport Employment Authorization Document (Card) that contains a photograph (Form I-766). Instructions for minors without primary identity documentation: Minors under age 18, who are unable to present a primary identity document, must present one of the alternative documents below: School record or report card Clinic, doctor or hospital Day care or nursery school record Minors must also apply in person with a parent or legal guardian. Parents/guardians must present proof of their identity and present one of the following documents to provide evidence of their relationship to the minor applicant: a) Minor's birth certificate with parent’s name b) Adoption decree with adopting parent’s name c) Court order establishing custody or guardianship d) Official school record with parent or guardian's name What we do (now and future) What you need How/whether we can help How this relates to FIs as PIV-I relying/issuing parties?