1

Joint Priority ProjectIdentity Authentication and

Authorization Working Group

Walk-though And Discussion

for PSCIOC-PSSDC Meeting Winnipeg September 28th, 2004

2

Working Group Mandate

Develop guidelines containing a common set of definitions and vocabulary for identity authentication and authorization processes for inter-jurisdiction application, including trust levels related to each component of the Trust Chain;

Review short term opportunities for action and identify suitable candidates for a pilot project to test the first two elements of the trust chain; Initiate, implement and evaluate the pilot project

Develop recommendations with respect to next steps, including an on-going governance structure

3

Who is involved?

Government of Ontario, Management Board Secretariat (Chair) Government of Ontario, Consumer and Business Services Government of British Columbia, Office of Chief Information Officer Government of Alberta, Office of the Chief Information Officer Government of Saskatchewan, Information Technology Office Government of Manitoba, Ministry of Finance City of Winnipeg, Corporate Information Technology Government of Canada, PWGSC City of Toronto, Office of the CIO Government of Québec, L'inforoute gouvernementale et aux

ressources informationnelles Government of Nova Scotia, Service Nova Scotia Government of Newfoundland & Labrador , Executive Council

4

Preliminary IAA Working Group Decision Points for September 28th meeting in WinnipegThe following decision points are proposed for Joint Council consideration:

Approve (in-principle) Governance model for IAA

Confirmation and endorsement of direction for GoC ePass/BCeID Pilot including:o Postpone decision for taking pilot live

o Evaluation to proceed with focus on privacy and lessons learned

Approval (in-principle) for an additional Pilot

Approve extension of mandate of IAA Working Group to include:o Extend work through pilots

o Conduct Legal, Privacy and Public Consultation / Research reviews

o Transition to / support of final governance model

5

Results To Date Definitions and Guidelines

Version 1.0 of Definitions and Guidelines is complete and ready for wider consultation

Pilot Developed proof of concept model shown at Lac Carling Evaluation is ongoing

Privacy GoC undertaking a PIA using demo as context Privacy issues being shared with PSCIOC privacy subcommittee

Liability Ontario leading development of Liability issue paper with input from Working Group

Governance Strong standards and governance being proposed to ensure privacy, security and legal /

liability are addressed

6

Next Steps

Short Term

Need for continued work to meet emerging challenges:

Governance Engaging municipalities Funding and Sustainability Communications Integration across boundaries Sharing knowledge and common practices

7

Decision Requested Receive

IAA Framework and GuidelinesGuidelines for identity authentication processes for inter-jurisdiction

application, including trust levels related to each component of the Trust Chain, have been tabled as part of the supporting materials in the document entitled “Identification, Authentication and Authorization Framework Policy and Guidelines, PSCIOC/ PSSDC Cross-Jurisdictional Identification, Authentication and Authorization Working Group, July 29th, 2004 “

Includes: a common set of definitions and vocabulary Practice Assessment Framework & Guidelines for Identification,

Authentication and Authorization

8

Endorse

Pilot Implementation and Evaluation Strategy Pilot was conceived as a five stage process of which the first three have been

completed and demonstrated through the proof of concept model at Lac Carling

Pursuing options since Lac Carling has confirmed implementation of BC – HRSD WebRoE pilot cannot proceed within given timeframe because of timing, resources, and priorities of participating partners

While this has indefinitely deferred any decision to “go live”, still a huge need to work through and evaluate the “proof of concept” to address

Standards and guideline refinements Legal / Liability Privacy Lessons learned

Previously noted funding implications greatly reduced

Decision Requested

9

Receive

Governance Model Options

Options and recommendations with respect to on-going governance structure have been tabled as part of the supporting materials in the document entitled “Governance for Identification, Authentication and Authorization, PSCIOC/ PSSDC Cross-Jurisdictional Identification, Authentication and Authorization Working Group, August 10th, 2004 “

Decision Requested

10

Approve

Plan for End-state Governance Model Continue with Project Management model reporting to PSCIOC

– PSSDC as an interim measure Transition within two years to end state governance model IA&A Working Group will develop the articles of governing body End state governance model options to be reviewed and

approved by PSCIOC – PSSDC prior to being established

Working Group structure and membership may be reviewed during intervening period to ensure representation is appropriate for a Pan Canadian Standard

Decision Requested

11

Decision RequestedApprove

Approval-in-Principle of Additional Pilot

Approval-in-Principle for initiation of a second inter jurisdictional pilot using multiple tokens between multiple levels of government.

demonstrate tangible authentication solutions tied to business priorities   Examine means to expedite appropriate access to information with the aim of

improving service Use parameters set by results of Lac Carling electronic voting

Feasibility study and business case ready to go forward for approval at next PSCIOC – PSSDC meeting

Complete a survey of tokens and token rules Identify participants Examples include SAKMs (Justice), Public Health, Business

12

Decision Requested Approve

Extended Working Group Mandate to:

manage consultation/promulgation and subsequent change management to current version of definitions and standards

“Ground Proof” IA&A guidelines through identified pilots and subsequent evaluations

Working Group responsible for evaluation of all pilots (over-sight plus responsibility to provide advice to PSCIOC and PSSDC on implications of evaluation results for next steps)

Conduct Legal, Privacy and Public Consultation / Research reviews

Transition to / support of final governance model

13

Contact:

Jeff EvansChair, Cross jurisdictional Working Group on Identity Authentication and AuthorizationI&IT Strategy, Policy and Planning BranchOffice of the Corporate Chief StrategistManagement Board SecretariatGovernment of Ontario416-327-4107Jeff.evans@mbs.gov.on.ca