Presentation is loading. Please wait.

Presentation is loading. Please wait.

2006 CACR Privacy and Security Conference November 3, 2006 Identity: Setting the Larger Context, Achieving the Right Outcomes.

Published byAshley Hamilton Modified over 9 years ago

Similar presentations

Presentation on theme: "2006 CACR Privacy and Security Conference November 3, 2006 Identity: Setting the Larger Context, Achieving the Right Outcomes."— Presentation transcript:

1 2006 CACR Privacy and Security Conference November 3, 2006 Identity: Setting the Larger Context, Achieving the Right Outcomes

2 2 Identity: Outline  Introduction  Context  Way Forward  Outputs  Summary

3 3 Identity: Introduction

4 4 Identity: Clients & Outcomes External Clients: Individuals and Businesses  Improved delivery of government services  Increased safety and security  Enhanced human rights and freedoms Internal Clients: GC Employees and Contractors  Increased productivity  Decreased time to on-board, off-board personnel  Increased compliance with security, privacy and IM policies

5 5 Identity: Objectives Bridge the gap between the many service and security communities Engage stakeholders and gain consensus Develop a conceptual framework that can be used for: –Developing and aligning to a single GC-wide vision –Developing GC-wide identity principles –Establishing a common view of identity and compatible program and project approaches

6 6 Identity: Approach Mandate/ Priorities Risk Analysis Assurances Business Processes Technologies/ Solutions Principles/ Policies Services/ Capabilities What is our scope and how do we align to the relevant principles and policies? What are our risks with respect to identity? What assurances do we provide or require? How do we plan to deliver services or deploy our capabilities How must we organize ourselves and what process must we use? What are our options for technologies or solutions How do we use identity to fulfiill our mandate and address our priorities? Clients & Stakeholders Who are our clients and stakeholders; what do they need? Work ProductsStepsKey Questions Project Charter Needs & Outcomes Lexicon Principles Risk-Event Model Assurance Model Service Agreements Business Architecture Technical Criteria Inputs Policy Guidance Technical Guidance Standards Practices Solutions Existing IDM Products Relevant Principles Technologies IDM Policy, Directives, Standards IDM Enterprise Architecture IDM Guidelines, Tools, Best Practices Outputs GC-Specific IDM Products IDM Solutions

7 7 Identity: Context

8 8 Identity: Government Context Government Context: Working together in the public interest to ensure that we uphold what we believe and value as a society. Identity is critical to our society, our governments and institutions

9 9 Identity: Drivers Privacy & Security Drivers: –Economic: Identity Theft/Fraud –Public Safety: Law Enforcement –National Security: Anti-Terrorism, Border Security Citizen-Focused Drivers –Citizen-Centred Service Delivery –Increasing Client Satisfaction –Ensuring Rights of Citizens Integrity and Accountability Drivers: –Program and Service Integrity –Transparency Organizational Transformation Drivers: –Rethinking of Government as a Single Enterprise –Shared Services Model –Inter-Agency and Inter-jurisdictional Collaboration

10 10 Authenticating Identity Communicating Identity Establishing Identity Shared jurisdiction: Federal role: for those arriving in Canada Provincial / Territorial role: with Vital Statistics - born in Canada Based on relatively standard set of core attributes including: Name Place of Birth Date of Birth Gender Citizenship Numerous organizations involved at all levels of government, for example: Federally issued.. Social Insurance Number (SIN) Passport Provincially issued.. Birth registration # Birth certificate Health card Driver’s license Most organizations require a similar base of information to provide identification Some additional needs specific to the organization Separate stand-alone processes by department or program for authentication: Epass CRA Service Canada Etc. Many different functions for validation or verification for clients’ identity Many enabling technologies: PKI, biometrics, tokens Current Roles… Ideal Roles… Identity: Roles of Government

11 11 Identity Management Today  Government departments/agencies have similar needs with respect to identifying individuals and request similar information  Purpose – primarily Security and/or Service delivery  Same or similar information collected, and then shared in ad hoc and disparate ways:  Clients provide same information – different times, different formats  Complex network of information sharing agreements between federal government and other jurisdictions  Many bilateral agreements with provinces and territories related to the use of personal information  Integrity varies, depending on source and on associated program/service risk

12 12 Identity: Way Forward

13 13 Identity: Defining the Opportunity ‘The Government of Canada’s ability to fulfill its mandate can be greatly improved through a common understanding of identity. A whole of government approach to identity is a critical requirement to the integrity of government programs and services.’ As approved by ADM Identity Committee, Mar 3, 2006 ‘The Government of Canada’s ability to fulfill its mandate can be greatly improved through a common understanding of identity. A whole of government approach to identity is a critical requirement to the integrity of government programs and services.’ As approved by ADM Identity Committee, Mar 3, 2006

14 14 Identity: Defining the Issue ‘Making sure you are dealing with the right person’

15 15 Identity: Defining the Concepts Identity Management: the set of principles, practices, policies, processes and procedures used to realize the desired outcomes related to identity. Identity: a reference or designation used to distinguish a unique and particular individual (organization or device).

16 16 Identity: Strategy Statement Develop a common approach consisting of: 1. A common understanding of key identity concepts and principles; 2. A single view that promotes a consistent application while enabling transparency and accountability; and 3. A comprehensive action plan appropriate to the many systems, programs and government organizations that depend upon identity.

17 17 Identity: Outputs

18 18 Identity: Draft Principles 1.Justify the Use of Identity. 2.Identify with Specific Reason. 3.Use Appropriate Methods. 4.Enhance Public Trust. 5.Use a Risk-Based Approach. 6.Be Collectively Responsible. 7.Uphold the Rights and Values of Canadians. 8.Ensure Equity. 9.Enable Consistency, Availability, and Interoperability. 10.Maintain Accuracy and Integrity. 11.Preserve Proportionality. Draft as approved by TBS CIO

19 19 Evidence of Integrity (EOI) Assurance as a whole, pertaining to a system, process, token (physical or electronic), etc. Evidence of Integrity (EOI) Assurance as a whole, pertaining to a system, process, token (physical or electronic), etc. Evidence of Identity (EOI) Evidence that the individual is really who they claim to be - their ‘true’ identity as required by law. Evidence of Identity (EOI) Evidence that the individual is really who they claim to be - their ‘true’ identity as required by law. Evidence of Control (EOC) Evidence that the individual has control over what has been entrusted to them. Evidence of Control (EOC) Evidence that the individual has control over what has been entrusted to them. Assured by: Assurance of Identity Level 1: Little or no confidence in validity of claimant’s identity Level 2: Some confidence in validity of claimant’s identity Level 3: High confidence in validity of claimant’s identity Level 4: Very high confidence in claimant’s identity Assurance of Identity Level 1: Little or no confidence in validity of claimant’s identity Level 2: Some confidence in validity of claimant’s identity Level 3: High confidence in validity of claimant’s identity Level 4: Very high confidence in claimant’s identity Assurance of Control Level 1: Little or no confidence that claimant has control over what has been issued to them (e.g. token/identifier) Level 2: Some confidence that claimant has control over what has been issued to them Level 3: High confidence that claimant has control over what has been issued to them Level 4: Very high confidence that claimant has control over what has been issued to them Assurance of Control Level 1: Little or no confidence that claimant has control over what has been issued to them (e.g. token/identifier) Level 2: Some confidence that claimant has control over what has been issued to them Level 3: High confidence that claimant has control over what has been issued to them Level 4: Very high confidence that claimant has control over what has been issued to them Assurance of Integrity TBD Assurance of Integrity TBD + + Identity: Evidence & Assurance

20 20 Evidence-Assurance Functions COMMON IDENTITY EVIDENCE-ASSURANCE FUNCTIONS INPUT (Evidence)FUNCTIONS (Evidence-Assurance)OUTPUT (Assurance)LEVEL Evidence of IdentityAssurance of Identity[1-4] Evidence of IntegrityAssurance of Integrity[1-4] Evidence of ControlAssurance of Control[1-4] PROGRAM or MANDATE-SPECIFIC EVIDENCE-ASSURANCE FUNCTIONS INPUT (Evidence)FUNCTIONS (Evidence-Assurance)OUTPUT (Assurance)LEVEL Evidence of EligibilityAssurance of Eligibility Evidence of StatusAssurance of Status Evidence of Trust/ReliabilityAssurance of Trust/Reliability Evidence of EntitlementAssurance of Entitlement Evidence of PrivilegeAssurance of Privilege Evidence of AuthorityAssurance of Authority Evidence of CustodyAssurance of Custody Evidence of EventAssurance of Event Evidence of ResidencyAssurance of Residency Evidence of […]Assurance of […] 1. Evidence Gathering 2. Validation, Verification, Vetting 3. Adjudication Evidence-Assurance functions are specific to the program or mandate.

21 21 Authorization Evidence Service Delivery Grant of Status/Authority Technology Enablers Identity: Draft Framework Identity Principles Establishing Identity Communicating Identity Authenticating Identity Assurance of Identity  Assurance of Integrity Assurance of Control Assurance of Identity  Assurance of Integrity  Assurance of Control Assurance of Identity  Assurance of Integrity  Assurance of Control  Security Access Enforcement Audit/ Compliance Assurances Processes Functions Justified Use Legislative and Policy Context Assurance Evidence Assurance Lexicon Currently being developed by the TBS CIOB Identity Team

22 22 Identity: Summary

23 23 Identity: Summary  A single GC-wide approach that:  Recognizes common requirements throughout government  Leverages current investments and accomplishments:  Independent of technology or solution This is a journey in progress….

24 24

Download ppt "2006 CACR Privacy and Security Conference November 3, 2006 Identity: Setting the Larger Context, Achieving the Right Outcomes."

Similar presentations

Module N° 4 – ICAO SSP framework

Module N° 4 – ICAO SSP framework
Chemawawin Cree Nation. Community Planning Change, Expectations and Performance Some Observations Chief Clarence Easter Chemawawin Cree Nation Aboriginal.

Chemawawin Cree Nation. Community Planning Change, Expectations and Performance Some Observations Chief Clarence Easter Chemawawin Cree Nation Aboriginal.
1 Service Providers Capacity Assessment Framework Presentation to the Service Delivery Advisory Group August 28, 2008.

1 Service Providers Capacity Assessment Framework Presentation to the Service Delivery Advisory Group August 28, 2008.
Overview of Priorities and Activities: Shared Services Canada Presentation to the Information Technology Infrastructure Roundtable June 17, 2013 Liseanne.

Overview of Priorities and Activities: Shared Services Canada Presentation to the Information Technology Infrastructure Roundtable June 17, 2013 Liseanne.
FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.

FIPS 201 Personal Identity Verification For Federal Employees and Contractors National Institute of Standards and Technology Information Technology Laboratory.
Enterprise Security A Framework For Tomorrow Christopher P. Buse, CPA, CISA, CISSP Chief Information Security Officer State of Minnesota.

Enterprise Security A Framework For Tomorrow Christopher P. Buse, CPA, CISA, CISSP Chief Information Security Officer State of Minnesota.
Internal Audit : Framework for the Management of Compliance Presentation at FMI meeting Sept. 2014.

Internal Audit : Framework for the Management of Compliance Presentation at FMI meeting Sept
INTOSAI Compliance Audit Guidelines (ISSAI )

INTOSAI Compliance Audit Guidelines (ISSAI )
Connecting People With Information DoD Net-Centric Services Strategy Frank Petroski October 31, 2006.

Connecting People With Information DoD Net-Centric Services Strategy Frank Petroski October 31, 2006.
Security Controls – What Works

Security Controls – What Works
Contractor Assurance Discussion Forrestal Building Washington, D.C. December 14, 2011.

Contractor Assurance Discussion Forrestal Building Washington, D.C. December 14, 2011.
CADTH Therapeutic Reviews

CADTH Therapeutic Reviews
Federating Identity Management in the Government of Canada Identity North Conference November 20 th 2012 Presented by: Rita Whittle Senior Director, Cyber.

Federating Identity Management in the Government of Canada Identity North Conference November 20 th 2012 Presented by: Rita Whittle Senior Director, Cyber.
Inter-jurisdictional Service Delivery Initiatives Overview of Key Potential Opportunities Victor Abele Public Sector Service Delivery Council February.

Inter-jurisdictional Service Delivery Initiatives Overview of Key Potential Opportunities Victor Abele Public Sector Service Delivery Council February.
Opportunities & Implications for Turkish Organisations & Projects

Opportunities & Implications for Turkish Organisations & Projects
Enterprise Architecture

Enterprise Architecture
Welcome ISO9001:2000 Foundation Workshop.

Welcome ISO9001:2000 Foundation Workshop.
Competency Models Impact on Talent Management

Competency Models Impact on Talent Management
Introduction to Standard 2: Partnering with consumers Advice Centre Network Meeting Nicola Dunbar October 2012.

Introduction to Standard 2: Partnering with consumers Advice Centre Network Meeting Nicola Dunbar October 2012.
Orientation to the Civic Studies 11 Integrated Resource Package (IRP) 2005.

Orientation to the Civic Studies 11 Integrated Resource Package (IRP) 2005.

Similar presentations

Ads by Google