immagic.com · Web viewSome focus testing on potential solutions has failed; all have shown room for improvement. Sheer number of screen flows and lack of consistency across programs

Business Problem Assessment

June 30, 2006Final Draft V1.0

Government of CanadaOn-line Electronic Service DeliveryCyber Authentication Renewal

Business Problem Assessment

"To examine the problem motivating us to transform and defining the transformation outcome"

Table of Contents

1 Executive Summary

2 Transformation Impetus

3 Problem Domain

3.1 Target Groups3.2 Target Group Needs3.3 Programs3.4 Delivery Partners and Suppliers

4 Problem Definition

5 Environmental Assessment

5.1 Technical Trends5.2 Threat Trend5.3 Other Government Authentication Trends

1From www.tbs-sct.gc.ca/inf-inf/documents/assess-eval/assess-eval00-eng.asp 12 October 2008

http://www.tbs-sct.gc.ca/inf-inf/documents/assess-eval/assess-eval01-eng.asp#Toc139425497

http://www.tbs-sct.gc.ca/inf-inf/documents/assess-eval/assess-eval00-eng.asp












5.3.1 Canada 5.3.2 United States 5.3.3 Australia 5.3.4 New Zealand 5.3.5 Ireland 5.3.6 British Columbia

5.4 Digital Signature Trends5.5 Document Evidence Standard & Traceability

6 Transformation Initiative Definition

Appendix A: Glossary (Normative)

Appendix B: Cyber Authentication Initiatives (Informative)

Appendix C: Trends in Threats to Authentication Mechanisms (Informative)

Appendix D: United States Cyber Authentication Initiatives (Informative)

Appendix E: Australian Cyber Authentication Initiatives (Informative)

Appendix F: New Zealand Cyber Authentication Initiatives (Informative)

Appendix G: Ireland Cyber Authentication Initiatives (Informative)

Appendix H: British Columbia Cyber Authentication Initiatives (Informative)

Appendix I: Digital and Electronic Signature: A Global Status Report (Informative)

Appendix J: Identity Tutorial (Informative)

Appendix K: Legal Tutorial on Digital Signatures (Informative)

List of Figures

Figure 1 - Burton Group view of potential cyber authentication standards convergence

Figure 2 - US e-authentication technical approach

Figure 3 - Challenges to Joining up Government

Figure 4 - INFOCARD

Figure 5 - Liberty Alliance Business Requirements




























Figure 6 - IEEE authors' view of the relative security of common authentication methods

Figure 7 - Illustration of Links of a Person to Persona(e) to Identifier(s)

Figure 8 - Illustration of Range of Links between Person and Person Identity(ies)

Approvals

The individuals identified in the table below approve this Project Charter.

Role Position Signatory Date

Treasury Board Secretariat

Chief Information Officer of the Government of Canada

____________________Ken Cochrane

_____________


Chief Architect of the Government of Canada

____________________Gary Doucet

_____________


Senior DirectorEnterprise Architecture and Standards Program

____________________Pierre Boucher

_____________

Document Revision History

Date2006 Version

Phase&Iteration

Iteration Completion Criteria ORinter-iteration version description Author

05-26 V0.1 Vision BTEP template modification, establish initial Table of Contents and placeholder content Mike Froh

06-09 V0.2 VisionFirst substantive draft with contributions from:

CRA: L. Wilson, R. ProulxPWGSC: B. Sunday, J. MacTavishServCan: R. MacDonald

Mike FrohRick BrouzesBrad SullivanThomas SimpsonHeather BerryLarry






StoddardJan Duniewicz

06-30 V1.0 Vision Final draft incorporating feedback from project team and CRA.

Mike FrohRick BrouzesBrad SullivanThomas SimpsonHeather BerryLarry StoddardJan Duniewicz

1 Executive SummaryIn May 2006, Treasury Board Secretariat (TBS) / Chief Information Officer Branch (CIOB) created a short-term Cyber Authentication Renewal Project involving key stakeholder organizations within the Government of Canada (GC). The triggers for establishing the project at this time were both strategic (for example, Policy Suite Renewal) and tactical (for example, concern over the cost sustainability of ePass). The project was limited in scope to examining online authentication as it supports Identity Management (IDM), authorization, and online business transactions. The Project Charter set the objective of identifying a subset of policy instruments that could be changed to allow cost effective and efficient GC-wide cyber authentication.

The first of three project deliverables, this Business Problem Assessment identifies the online authentication problems encountered in the key stakeholder organizations and an examination of global trends in online authentication.

The online authentication problem domain involves three target groups: subscribers (for example, citizens or employees), credential service providers (for example, ePass or a bank), and relying parties (for example, a departmental program). In examining the current problems associated with online authentication, the following needs were identified for the target groups: subscriber usability; good solution design; management and governance; privacy and legislation; security and integrity; and Programs as relying parties.

Technology is at the point where it is becoming capable of supporting large-scale complex identity and authentication federations; however, successful implementations depend on non-technical issues such as governance and enterprise behaviour. The



threat trend is moving from hacker novelty to criminal activity for financial gains especially as it relates to identity theft. Other governments are addressing the issue of both identity and authentication federation through the establishment of major responsibility centres.

There is real momentum building within the GC to find the right solutions for cyber authentication even though work on defining the problem has been examined many times in the past six years. Cyber Authentication is a fundamental building block to achieving Identity Management (IDM) and a Service Oriented Architecture (SOA) across the GC. Real benefits exist with a federated IDM where each program does not have to provide its own authentication and identity proving mechanisms, and it provides a significantly improved subscriber experience. The trend of abstracting authentication services away from program business logic will support federated IDM. The cost savings of common authentication / identity proving is somewhat unknown since these savings will be somewhat offset by the cost of building governance structures. However, the federated identity environment will provide a significant improvement to the on-line subscriber experience, which may improve online program uptake.

This transformation initiative will identify a set of policy instruments that, if modified, would enable cyber authentication to be more efficient and effective in its support of federated IDM.

2 Transformation ImpetusA number of strategic initiatives within the Government of Canada (GC) set the stage for this work including:

A commitment by Treasury Board (TB) to use shared services where appropriate,

A TB stated direction to use contestable market[1] commercial off the shelf (COTS) services where appropriate,

A global trend to move to horizontal enterprise services,

The implementation of the Management Accountability Framework (MAF),

Treasury Board Secretariat (TBS) Renewal and Consolidation of the Treasury Board Policy Suite which includes a renewal of IT security policies as noted in the draft Information Technology (IT) Security Strategy;

TBS project on Identity Management; and

TBS project on the IT Security Strategy for implementation of major GC-wide and departmental IT security initiatives.



http://www.tbs-sct.gc.ca/inf-inf/documents/assess-eval/assess-eval17-eng.asp#_ftn1

Another tactical trigger is TB's serious concern about the cost-effectiveness and sustainability of the current Government on Line (GOL) cyber authentication solution considering that a thorough review of the core business requirements has not been done in over 10 years.

As a result of these triggers, TBS has established a Cyber Authentication Renewal project with the objective of identifying a subset of policy instruments that could be changed to allow cost effective and efficient GC-wide cyber authentication (for example, by using contestable markets and/or variable risk models).

In the context of this project, cyber authentication is defined as a subset of electronic authentication that is used on-line in computer networks, systems, or programs.

3 Problem Domain

3.1 Target GroupsThe stakeholders in cyber authentication can be divided into three broad target groups:

1. Subscribers. This target group are the entities that hold credentials and present them on-line to acquire some service. The credential proves some aspect of their on-line persona in a specific identity context. Subscribers include both internal GC entities (for example, employees and contractors), and entities external to the GC (for example, citizens and businesses); and

2. Credential Service Providers. This target group are the entities responsible for providing, maintaining and governing credentials over their lifetime. Credential service providers can include GC departments/programs, GC common elements (for example, ePass), other governments (for example, provincial or municipal), and commercial entities (for example, financial institutions);

3. Relying Parties. This target group are those entities that accept credentials on-line from subscribers in a specific context. They may also have to check with the credential service providers that issued the subscriber-presented credential to ensure its qualities (for example, validity). Relying parties are generally GC departments/programs, but can include both internal GC entities (for example, employees, contractors, programs), and entities external to the GC (for example, citizens, businesses, other governments).

When GC departments/programs provide their own credentials, they act as both credential service providers and relying parties. Even though a department/program may act in both the credential provider and consumer roles[2], they can be logically split into two distinct functions; for example, Customs Revenue Agency (CRA) separates taxpayer identification from tax programs. The Government On-line (GOL) introduction




of ePass created a centralized credential service provider for GC department/program use, where citizens could hold an ePass and use it as a credential to programs acting as relying parties.

3.2 Target Group NeedsThe target group's cyber authentication business needs[3] require a cyber authentication service that provides:

Usability: o Consistent identity proofing for citizens, businesses and employees

o Consistent citizen, business and employee experience across programs

o Simple access to government services

o Accessibility for all Canadians

o Authentication evolution minimally disrupts existing subscriber base on-line experience

Good Solution Design:

o Leverage Authentication done by other entities

o Interoperability while maintaining autonomy

o Flexible Authentication

o COTS where possible

o Agility

o Support for non GC credentials

o Balance Security and Usability

o Mechanism for Identity Proofing

Management and Governance:

o Reduced Cost of Managing Identity

o A horizontal framework that identifies a vision and approach to cyber authentication GC wide




o Reflects Horizontal Governance, Authority and Leadership to implement

o Horizontal Risk Management Framework

o Consistent policy for GC

o Funding/Resources

o Communications / Marketing

Privacy and Legislation:

o Privacy

o Compliance with policy and legislation

Security and Integrity:

o Appropriate Level of Security Assurance

o Traceability

o Balance of Risk and Cost

o Information Management

Program Relying Party:

o Service Level Agreements

o Clear Cost Model

o Responsiveness to Business Needs for New Services/Product Enhancements

o Robust Implementation Support Services

o Seamless Integration for Participating Partners

3.3 ProgramsThe problem domain includes any GC program and possibly programs from the Governments of Canada (GsOC), which is also multi-jurisdictional, acting as relying parties.



3.4 Delivery Partners and SuppliersDelivery partners in a cyber authentication context include any entity that could act as a credential service provider of sufficient quality for GC or GsOC relying parties. These entities might include:

GC programs or departments can act as credential service providers to other GC programs;

Team Bell Canada Enterprise (BCE) is the current common GC credential service provider for citizens & businesses under contract to PWGSC to provide ePass to GC and GsOC programs;

GsOC might possibly act as credential service providers;

Commercial entities might possibly act as credential service providers (for example, financial institutions); and

GC departments may act as credential service providers for internal GC entities (employees or contractors).

4 Problem DefinitionWork on defining the problem of cyber authentication has been examined many times in the past. The work within this project has identified in a very short period of time, the problems as represented by the project participants (that is, TBS, CRA, Service Canada, PWGSC, and the Communications Security Establishment (CSE)). The fact that the problem is being examined yet again is an indication that there is real momentum building within the GC to find the right solutions for cyber authentication based on increased interest and education. The following documents show the extent of past examination of the problem:

1999 [Entr99] [TBS99]; 2000 [TBS00];

2001 [TBS01a] [TBS01b];

2002 [TBS02];

2004 [CSE04] [Delo04] [TBS04];

2005 [TBS05]; and

The COMPAS work done within PWGSC between 2002 and 2006.



We are not currently meeting all the needs ofdepartments/programs as relying parties, departments/programs as credential service providers, and the citizen/business/employee as subscribers to ensurea consistent subscriber experience that has a clear governance framework to enable cyber authentication across the GC.

The table below provides more detail on the target group needs, problems, and symptoms (grouped and in no particular order of importance). The above problem statement is a summary of the problem column. Note that the last three columns indicate whether the problem is applicable to each of the three target groups, namely: relying parties, subscribers, and credential service providers.

Need Problem SymptomRe-ly-ing

Sub-scri-ber

Pro-vi-der

USABILITY

Consistent identity proofing for citizens, businesses and employees

Currently there is no GoL authentication model in place including varying trust levels[4] suitable to program needs.

Each program provides own identity proofing resulting in inconsistent experience and identity proofing multiple times.

Reduces ease of program entry to a common approach without core authentication needs being addressed.

√ √ √

Consistent citizen, business and employee experience across programs

Inconsistent, inconvenient and complex subscriber experience.

High drop out rate and not sufficient uptake of the on-line services to create a critical mass to incur return on investment (ROI).

√ √ √

Simple access to government services

Current access to government services is complex and often on a program-by-program basis.

There is no CLF or equivalent guidance for "transactions" in the GC.

Some focus testing on potential solutions has failed; all have shown room for improvement.

Sheer number of screen flows and lack of consistency across programs and credential service providers concerning

√ √ √




common look and feel.

There are over 10 types of "My Accounts". Employees use multiple logons to access employee services or the on-line resources required to do their jobs.

Employee transfers are not role based and require complex and time consuming provisioning and de-provisioning.

Accessibility for all Canadians

Current Secure Channel implementation had fallen short on a few accessibility needs for GoL on-line regulations.

Although accessibility report showed over 95% compliance, older browser readers cannot currently read Secure Channel applets. Policy collisions, what happens when policies conflict with each other?

Note: Technology advancement may solve this problem.

√ √ √

Authentication evolution minimally disrupts existing subscriber base on-line experience

Existing on-line program client behaviour can be deeply impacted by changes to the cyber authentication strategy.

CRA has seen a significant 20% drop-off of on-line users with the combined introduction of ePass credential registration and an Out of Band process to establish a permanent subscriber credential. Reasons for the decline include: complicated userid/password process, recovery question process, and the delay in obtaining the Out of Band mail out.

√

GOOD SOLUTION DESIGN



Leverage Authentication done by other entities

Citizens, businesses, and employees enter the same information repeatedly.

Duplication of services.

Programs cannot realize savings by leveraging existing GC subscriber information and solutions as well as loss of uptake expectations from a seamless service experience.

√ √

Interoperability while maintaining autonomy

Autonomy currently maintained but desired level of interoperability is not achieved.

ePass allows for program specific identity proofing processes while achieving anonymous authentication interoperability, however a more seamless user experience is required for identity proofing as well.

√ √

Flexible Authentication

Different types of transactions require different levels of Authentication. Only one is currently provided.

In order to avoid multiple credentials and provide a credential to meet the needs of most on-line services, current credential is perceived as overkill for lower risk business transactions (for example, is ePass needed for a fishing license?).

√ √ √

COTS[5] where possible

Current ePass authentication solution is based on COTS but has been modified to provide a non-standard service. Current authentication solution doesn't always interface well with other COTS.

Difficulty experienced by Service Canada in interfacing the Oracle Portal with the ePass services.

√ √ √

Agility Current solution is Implementation cycle for

√ √ √




not agile.

enhancements is long.

Changing test on screens is expensive and requires a business case.

Support for non GC credentials

No governance or proactive activities surrounding how we handle external credentials or other data, which may prove to be valuable

Not currently able to leverage accreditation with the provinces, banks, credit bureau's, international programs etc.

√

Balance security and usability

Security Requirements may adversely affect usability and user experience.

Out of Band activation code mailed to address of record interrupts user experience flow and is inconvenient yet is required for security purposes. No "Instant Service".

ePass password nomenclature meets security requirements, yet may be difficult to remember resulting in abandoned ePass accounts or writing the password down.

√ √ √

Mechanism for Identity Proofing

Many departments do not have the needed existing information to establish their own on-line service for individual or business identity proofing.

One barrier to delivery of on-line services to citizens or businesses is the lack of on-line identity proofing. Reasons for this may include lack of consistent identifier and lack of a shared secret.

There is no single authoritative source for employee/contractor identity proofing.

√

MANAGEMENT AND GOVERNANCE



Reduced cost of managing identity

Duplicated cost in developing and delivering identity management, service delivery and program integration solutions at each program.

Re-authenticating subscribers multiple times across federal programs.

Scarcity of facilities (test-beds) and qualified resources to inspect, audit, evaluate, and test, as this needs to be repeated for every program relying on the shared services.

Resource consuming for face-to-face authentication, recovery, and revocation.

Ensure the quantifiable benefits justify the costs in terms of savings and cost avoidance.

A preliminary TBS/CIOB cost sensitivity analysis of GOL requirements [TBS06a] suggest that unique or stringent requirements in the Common Registration Service (CRS) are contributing to the high cost of this enterprise service.

√ √

A horizontal framework that identifies a vision and approach to cyber authentication GC wide

Lack of horizontal GC wide practices, service definitions, guidelines and standards.

Sound criteria to identify and resist fraud (phishing, pharming, etc.).

Need consistency in dealing with Cyber Authentication practices within GC.

Practises applicable to one department are not always transferable to or acceptable by others.

Sensitive information is being exchanged, ignoring security due to complexity or lack of integration of the security services enterprise wide.

Difficult to provide consistent and reliable LRA function across various regions and

√



multiple offices, as they are not integrated in the existing business processes.

Time consuming activities: recoveries, revocations (investigations and follow up procedures), complaints handling (for example, from infrequent users).

Reflects horizontal governance, authority and leadership to implement

What follows GOL? Governance and authority not currently in place to increase interoperability. Achieving interoperability can be quite complex and will need heavy investment, time and proper authority in attaining and sustaining an achievable model.

Failed attempts in getting a working agreeable model between just a handful of Federal Programs (for example, Service Canada and CRA).

Shifting senior staff sometimes translates to shifting priorities, which interferes with long-term business plans and realization of invested efforts.

√

Horizontal Risk Management Framework

Up until now, the GC hasn't done a good job in assessing the need versus the risk versus the ROI in attaining justifiable and balanced requirements.

Adopting a "one size fits all" model that may water down the ROI and usability from a relying party and subscriber perspective.

√

Provide consistent policy for GC

No consistent policy to tie together federal, multi-jurisdictional, foreign and international governments and private sector business.

Again horizontal initiative with vertical structure has so far lead to stove piped delivery of service.

√ √



Adequate Funding and Resources

Inadequate Central Funding and Resources

Centrally funded until such time as the central service reaches the volume required to enable affordable consumption based cost recovery model. The model should be centrally subsidized to support GC wide requirements.

√ √

Communications / Marketing

Current authentication service is not well understood or marketed to any of the target groups.

There is no ePass presence on the internet independently of an application that uses it.

There is no brand recognition.

Rationale for security features not well understood.

Anonymous feature sometimes perceived as a deficiency rather than an asset.

Personnel turnover in provider/consumer organizations has led to degeneration of knowledge and understanding.

√ √ √

PRIVACY AND LEGISLATION

Privacy Strict Privacy Act interpretation has lead to the current ePass implementation, which negatively impacts the subscriber experience, extraneous costs of

Polling shows that half of on-line users are not concerned with transmitting confidential information while one third are[6]. Focus testing shows us that enrolment workflows (longer than typical Internet enrolments) are significantly confusing to the subscriber on-line user experience.

√ √ √




implementation and inhibition to contestable market.

Compliance with policy and legislation

Complex, confusing legal framework (PIPEDA, TBS - common law and jurisprudence, departmental, program specific, DoJ legal opinions, etc).

Poses limitations in flexibility and design of current and future implementation.

Trying to implement a horizontal service with vertical accountability constraints; authority limitations.

√ √

SECURITY AND INTEGRITY

Appropriate Level of Security Assurance

Lack of security assurance levels to adopt the appropriate amount of security for the appropriate program.

Current infrastructure poses response delays if end-to-end data encryption is required.

√ √ √

Traceability

Framework to point out traceability policy and guidelines hasn't been clearly communicated to ensure a common way of addressing such a need (for example, Management Government Information policy).

Independent audit questionable within the same department, especially: when the same organization has duties in the conflict of interest or have to audit across independent service providers.

√ √

Balance of Risk and Cost

EAA prescribes Digital Signatures rather than outlining the security requirements.

Many implementations have not adhered to EAA. For new applications trying to adhere to EAA, there is a perception that the cost of implementing digital

√

√



signatures is not warranted by the corresponding risk.

Information Management

No comprehensive Identity data management approach.

Identity information used is dispersed across multiple locations, jurisdictions.

Multiple authoritative sources (for example, each program, department, jurisdiction legitimately maintains an address of record for an individual), but which is the most current and for what context?

Not relying directly on the source and authority of underlying data banks and creating duplicates, which isn't reflective of real time integrity but is required by Canadian law.

√ √

PROGRAM RELYING PARTY

Business Collaboration Agreements

Currently doing business without signed business collaboration agreements.

Late in the game to be uncertain about the monetary commitments between the credential service provider and the relying party (the funding model changed).

Adding risk for the governance in case something goes wrong. Who's accountable, and what's the mitigation?

The present model's approach is similar to signing up to a service and being told the price after the contract is signed.

Only bi-lateral (vs. multi-lateral) agreements in place, lack of a GC wide standard or at least a model or template.

√ √



Clear cost model

No Clear Cost Model in place - Need to understand how much an authentication service will cost before signing up or adding additional services.

Current and future clients of current authentication service do not know the cost basis and actual costs of services in the future.

√ √

Responsive to product enhancements / business needs

Not Responsive to new services/product enhancements arising from business needs.

Documented list of requirements officially denied by Credential Service Provider.

Investment and sustainability models unclear.

√

Robust Implementation Support Services

Current authentication service does not adequately provide implementation support services.

Access to environments:

Conflicting scheduling time with other departments.

Environment down for maintenance in business hours along with random stability problems.

Barriers to test: only one known product able to test Secure Channel (Empirix). Licenses and resources are not established for Empirix, which leaves government clients vulnerable (procurement difficulties).

No stress testing ability.

√

Seamless integration for participating partners

Barriers to programs entering Secure Channel due to development cost.

Proprietary interfaces forces code specific integration as opposed to adopting industry based standards that allows

√



Not technology agnostic. for loose coupling.

5 Environmental Assessment

5.1 Technical TrendsThe trend in ICT is moving from monolithic to distributed, or service-oriented, models where decentralization implies federation of organizations. This trend started many years ago with the maturing of network protocols (that is, TCP/IP), computer hardware (that is, personal computer commoditization), and software (that is, effective majority rely on an operating systems provides access to multitude of software). Ease of use and "commoditizing" of the service enable a path to contestable markets and reduced costs. As infrastructure components mature, they become abstracted to a common standardized service interface and adopted by relying parties. There is much work and time required before a technology matures to a point where it becomes a general-purpose consumable service.

SOA enables loosely coupled applications to be assembled from a set of internal and external services (for example, web services) that are distributed over a connected infrastructure. The SOA is a concept where the services are defined and "commoditized" such that they will become a general-purpose consumable service that many can use/rely on. The distributed nature of SOA makes addressing trust and security concerns a critical success factor. A significant concern in SOA is the establishment of an interoperable framework that enables security for services, applications, and users in a trusted environment and complies with established corporate policies. Standards and techniques to provide SOA security are evolving rapidly.

The SOA trends in the cyber-authentication are often described as "Federated Identity Systems", which assumes that people will have several digital identities based on multiple underlying technologies, implementations, and providers. Using a federated approach, not only will people be put in control of their identity, but organizations will be able to continue to use their existing identity infrastructure investments, choose the identity technology that works best for them, and more easily migrate to new authentication technologies without sacrificing interoperability with others.

However, the implementation of this concept has led to many similar, but competing, standards and products. OASIS, WS-I, W3C, Liberty Alliance, Microsoft and others are all working to define their versions of the standards. According to Burton Group [Blum04] the following chart shows the potential convergence of these different standards. Further analysis is required to define and select the best way forward



http://msdn.microsoft.com/winfx/reference/infocard/default.aspx

http://www.projectliberty.org/

http://www.w3.org/

http://www.ws-i.org/

http://www.oasis-open.org/home/index.php

based on the yet to be determined services that need to be established and the way these services will be consumed by the relying parties.

Figure 1 - Burton Group view of potential cyber authentication standards convergence

With distribution of service outside an organization, trust becomes a necessary foundation for secure interoperability, and central to the successful realization of what's possible on a Web-based SOA. The solution set must address the business, policy and technical challenges of cyber authentication. Some of the key requirements [7] for the solution set include:

Establishing common trust model; Managing multiple contexts, and managing relations among relying parties and

Credential service providers (CSPs);

Interoperability;

Trusted infrastructure including formal certification for CSPs and managing compliance/dispute resolution;

Developing common interfaces, use cases, and profiles;

Establishing business rules, business guidelines, best practices and liabilities;

Collaborating with other standards bodies, privacy advocates, and government policy groups;

Addressing end-user privacy and confidentiality issues;

Building on open standard-based specifications; and




Providing interoperability testing.

The following diagram, from the US e-authentication initiative, situates the technical trends or approaches in an overall cyber authentication context. Note that significant strategic leadership and foundation activities are required to support a federated cyber authentication scheme.

Figure 2 - US e-authentication technical approach

5.2 Threat TrendMalicious hacking has gradually evolved over the last decade from being defacement and denial focused to exploitation for financial gain. Hacker tradecraft has graduated from facilitating vandalism, to theft and extortion. Attacks are now stealthier, generally focused on gaining control of a host and exfiltration of useful data as opposed to destruction or defacement attacks that characterized most widespread Internet attacks of the previous decade. As well, the threat is increasingly influenced by organized crime, which is motivated by the increasing value of Internet commerce.

Offline credential stealing, the cyber form of identity theft, has become the most common threat to identity authentication systems. Offline credential stealing can be mitigated by the use of multifactor authentication where one factor is a hardware-based



token. It has been recognized for some time that single factor authentication is not secure and that the threat is particularly high for systems with any connectivity to a public network. The need for two-factor hardware token authentication will increase over time as the threat environment and tradecraft continues to evolve. 6Appendix C: has a more detailed discussion of the threat trends for authentication systems

5.3 Other Government Authentication Trends[8]

The US, Australia, New Zealand, Ireland, and British Columbia were reviewed because they represent a sample set of legislative environments that appear to be similar to Canadian Government context or where the market opportunity will greatly influence the future available technologies.

5.3.1 Canada

The Authentication Principles Working Group lead by Industry Canada met on June 14, 2006 and the following is their preliminary findings and recommendations of the report on the first phase their work

The most common form of authentication in use in Canada today is single factor, using an ID and password;

There is an emerging trend towards the use of two factor authentication in industry;

There is a trend to move from application based authentication to enterprise (that is, abstraction of authentication within the application to a service);

Research has identified a number of challenges around the use and implementation of authentication in e-commerce:

o First is the difficulty for organizations to identify an authentication solution which strikes an appropriate balance between the key components of cost, user-friendliness, and strength of security,

o Organizations are reluctant to introduce anything to an ecommerce transaction, which has the potential to slow, divert, or otherwise negatively impact the customer experience, and

o Another challenge is the lack of infrastructure available to support some authentication solutions, such as chip card readers on PCs;

On standard levels of assurance, it was clear that certain industries are already moving to provide standard levels of assurance for common transactions (especially in financial services), and that general industry standards may not be




necessary. Others felt that standards would be useful in defining levels of assurance for authentication in ecommerce; and

Privacy issues were a key concern of most research respondents. Most respondents had taken tangible steps to ensure the privacy of their customers' data, including establishing and publishing policies which outline how they collect, use and manage or store the customer data required for their ecommerce transactions.

5.3.2 United States

Overview

Feb 2002, President Bush outlined a management agenda for making government more focused on citizens and results, which includes expanding E-Government.

Uses technology to its fullest to provide services and information that is centered around citizen.

Separate initiative, Homeland Security Presidential Directive/HSPD-12 sets the policy for the Common Identification Standard for Federal Employees and Contractors

The OMB provided "E-Authentication Guidance for Federal Agencies" (M04-04) to all departments and agencies, which includes an "e-authentication risk management framework".

Federal employees and contractors will be issued a "Smart Card" that will be issued via controlled/accredited authorities and will be used for both physical and logical access to Gov facilities and computers. Embedded in each employee's card will be that individual's biometric information and picture, as well as a host of other agency-specific information. The implementation will need to comply with FIPS 201 standards, and relate "Special Publications".

The US Gov has established an "e-Authentication initiative" that is setting the standards for the identity proofing of individuals and businesses, based on risk of on-line services used. Some of the key requirements established for the E-Authentication initiative are: Leverage Credentials for assurance levels - Single Sign On - Privacy - and Security Controls - Certification & Accreditation - and Security

There are a number of frameworks that are aligned with the e-government policies. Most are driven from OMB direction. Groups working on behalf of OMB such as the E-Government Task Force have as their roles, the development of an action plans for implementing the E-Government initiative".



http://csrc.nist.gov/publications/fips/fips201-1/FIPS-201-1-v5.pdf

http://www.whitehouse.gov/omb/memoranda/fy04/m04-04.pdf

As of recent the development of (EAP) - Electronic Authentication Partnership is challenged with negotiating bilateral agreements across government agencies, commercial entities and non-government organizations to work together. The EAP grew out of two initiatives by prestigious Washington, DC organizations - John Hopkins University and the Centre for Strategic and International Studies (CSIS) who's main focus was to convene groups of public and private sector participants to analyze how interoperability for e-authentication could be achieved. The goal of the partnership is to create a shared effort for developing rules for credentials across networks that benefits the citizens and consumers with reliable identity management processes. The EAP is now entering a critical phase - moving from theory to reality. To date the EAP has developed a trust framework, which includes policies and rules, to promote interoperability and is now ready to put their framework to the test.

Homeland Security Presidential Directive - 12

National Academy of Sciences e-Authentication & Privacy

General Services Administration e-Authentication - A series of white papers pertaining to the topic

The Business Process Driven Framework for defining an Access Control Service is based on Roles and Rules. - Definition of application - level operations base on Business Process Analysis - Protection Requirements for operations based on enterprise security policies - Developing RBAC - Role Based Access Control models for the application - Formulating, Representing and Processing Access Decision Rules.

Some of the Barriers that were experienced were Agency Culture, Lack of Federal architecture, trust models, resources, and stakeholder resistance.

The Governance Multi-Channel Delivery Factors for the whole-of-government initiative are to increase transparency, accountability and participation of department and agencies in streamlining work processes to take advantage of ICT capabilities. The payoff will result through the transformation of how the government interacts with its citizens and customers. Only through changing how they do business internally - that is, streamlining work processes to take advantage of modern IT systems - will citizens experience the transformation envisioned. OMB will work closely with the lead and partner agencies to establish appropriate and equitable implementation and resource plans for these initiatives.

The direction set in the FIPS 201 and related activities is being adopted by the greater "Aerospace and Defence" industry in the US, and internationally via the Trans-Atlantic Secure Collaboration Project (TSCP) and the Federation for Identity and Cross-Credentialing Systems (FIXS).



http://www.fixs.org/

http://www.tscp.org/

http://whitepapers.silicon.com/0,3800002488,39031884c,00.htm

http://diggov.org/library/library/pdf/bestPractices.pdf

http://www.whitehouse.gov/news/releases/2004/08/20040827-8.html

http://www.eapartnership.org/default.htm

5.3.3 Australia

Overview

Over time, provision of government services is being transformed with traditional over-the-counter services to fully integrate on-line services where customers can engage (or do business) with government via the Internet, at any time, from any place. This transformation is being driven by a need to improve business processes, to engage citizens. Uses technology to its fullest to provide services and information that is centered around citizen.

Agency aligned view: E-government is a key mechanism for transforming development, implementation and delivery of policy objectives through an electronic channel of delivery.

Citizen aligned view: An increasingly large segment of the community is seeking government service delivery in a way that provides all needed information and services in one place through one mechanism and in a manner that is sensitive to the individual's context of interaction.

The Australian Government is introducing new initiatives to make on-line governement services simpler for citizens. Chief among these is the development of a single framework whereby individuals need only log in once to a government Web site to access e-government services provided by a range of agencies.

August of 2005 - the federal government of Australia is planning a new identity management system that could see an individual's notification to one agency of personal information fed on directly to all relevant agencies. The new e-government framework would see agencies gain the ability to "share information where appropriate".

The Identity Management for Austrialian Government Employees provides a framework / guideline for employee and contractor data management.

At a more technical level, the government would look to standardise on-line platforms and systems, and share these across agencies where possible.

A key role of the Australian Government Information Management Office (AGIMO), Department of Finance and Administration is to identify and promote 'Better Practice'. This is done through checklists which suggest that a number of issues should be considered when designing and managing, Authentication, Web-services, Sharing On-line information, Registering and Authenticating Businesses, Coordinating specific promotions i.e. Whole of Government promotions, and providing information that will help safeguard intranets, business, and government.



http://www.zdnet.com.au/news/software/soa/Feds_plan_whole_of_government_ID_system/0,2000061733,39205055,00.htm

http://www.zdnet.com.au/news/software/soa/Feds_plan_whole_of_government_ID_system/0,2000061733,39205055,00.htm

http://www.zdnet.com.au/news/software/soa/E_government_report_hails_single_sign_on/0,2000061733,39248794,00.htm

Some of the Inhibitors and Barriers that were experienced were Usability - Load balancing - Complexity of Site, Technology - browser incompatibility, Discoverability/Visibility, Skills and/or Culture - the fear factor - lack of understanding, Security and Privacy.

Some of the challenges experienced - Cross-Tier E-government Integration, Seamless Government across jurisdictions, impact of movement from a customer moving from one channel to the next.

Governance issues - Special governance arrangements were needed to guide collaborations across agencies.

The Australian Government Web Guide is the authoritative gateway and guide which directs you to resources provided by the Australian Government agency for further information, such as; mandatory agency obligations, i.e. legal and policy requirments.

A number of frameworks / regimes that are aligned to the Australian Government and information management paradigm is the Australian Government Information Interoperability framework. Which provides a shared understanding of information barriers, enablers, principles, and practices, trust models, authentication, assurances, and mechanisms for certification-accreditation, privacy, security, specifications - standards and accessibilities.

5.3.4 New Zealand

NZ Authentication Programme Overview:

Focus is primarily on Citizen Authentication. Similar Privacy landscape and citizen values to Canada.

Overall approach has been changed to be more privacy friendly to reflect citizen feedback and Privacy Impact Assessments.

Resulting approach will be similar to ePass (anonymous Government Logon Service) with Identity Proofing done at the Program Level.

Government Logon Service will be piloted shortly with up to 4 agencies.

Government Wide Identity Verification Service has been identified as a separate project and has an ambitious scope given the privacy landscape.

Strong work done on Trust Levels and Evidence of Identity Framework.

Challenges:



http://www.e.govt.nz/services/authentication/

Implementing meaningful Identity Verification Service in privacy landscape.

5.3.5 Ireland

Irish Reach - Public Services Broke r Overview:

Addresses Citizens and Vendors Allows for Single Sign-on and authentication

Allows for tracking and status checking

One-portal access to all services

Uses UK Trust Level Model

PPS Number is similar to SIN Number

Plans to use smart cards for citizen authentication (SAFE project)

Includes Personal Data Vault and Secure Mailbox

Includes secure messaging system (XML Messaging Hub approach)

Automatic distribution of events (OASIS) via messaging (similar to Vital Events)

Planning not to use PKI until smart cards are deployed

BASIS project addresses Business Authentication (Will expand on this)

Challenges:

Identity Management - what is needed? Privacy - How to protect it?

Place and meaning for Public Services Broker - migrating to more of a back-end infrastructure role

Identity Policy for Businesses - Single versus networked Business Identifier

Identity Policy for Individuals - legislation required to extend PPS number beyond current legislated uses for Social Services and Tax - subject of debate

Identity Policy Privacy - how can the public and agencies be assured that privacy principles are adhered to?

5.3.6 British Columbia28

From www.tbs-sct.gc.ca/inf-inf/documents/assess-eval/assess-eval00-eng.asp 12 October 2008


http://www.reach.ie/publications/downloads/July22Website.ppt

BC Corporate Authentication Program Overview:

Addresses Business and Citizens. Branded BCeID.

Follows the UK Trust Model and has provisions for identity proofing to UK Level 2 (NIST Level 3).

Central Registration with ID Proofing of Businesses (May be done at time of Business Registration).

On-line registration of citizens with in person identity proofing to complete registration.

Used phased approach (beginning 2002) to enable earlier agency registered business ids and pseudonymous citizen ids (formerly known as MyId).

Strong Partner Network to implement (provincial and federal).

Multi-channel.

Interested in inter-operating with the federal government.

Includes creation of an operational infrastructure once project is "complete".

Challenges:

Extending BCeID to a multi channel concept.

5.4 Digital Signature TrendsThe following text is an excerpt from the executive summary to a 70-page report from The IT Governance Institute entitled Digital and Electronic Signatures: A Global Status Report. The complete executive summary to the report is contained in 6Appendix I:

"Digital signatures, if properly implemented and utilized, could minimize risks of impostors, electronic forgeries and message repudiation. Digital signatures provide reliable authentication of documents in computerized digital form. Further, digital signatures provide a high degree of information security for information traversing public networks, such as the Internet, where anyone can spoof the data.

If digital signatures are used to replace written signatures for signing legal contracts and documents, they must contain the same specific properties that make a written signature a reliable form of authentication. They must be easy to produce, easy to recognize and difficult to forge. Also, the electronic or digital signature technology and implementation approach for document signing must be understood clearly.



http://www.cio.gov.bc.ca/cap/

The many benefits of electronic signatures, specifically digital signatures for e-commerce, may far outweigh the costs. However, the real value of electronic signatures will be defined fully and understood generally only after applicable laws are tested and upheld in courts, and organizations are convinced they can trust electronic signatures."

5.5 Document Evidence Standard & TraceabilityIn order to ensure that the GC is not at enhanced risk, and to comply with the different policy with respect to management and safeguarding of information, there are certain capabilities that must be architected into the shared services that will be used within the GC. One set of capabilities will relate to the traceability of transaction and ensuring that the resulting electronic records can be used as documentary evidence. This becomes more difficult when the services are a composite of external "loosely coupled" service providers in a manner typically described as SOA or "joined-up services". The criteria for "traceability requirements" are presently fuzzy when the transactions are complex, of high value and distributed.

The following chart from Gartner describes the levels of joined-up services and the associated challenges. At present, it is estimated that the GC is operating some of its services in level 3, and there is a desire to go to level 4 for the Cyber-Authentication and subscriber related identity information. To achieve joined-up services, we need to plan and prioritize the initiatives on policy, people, processes and technology, depending on which level of integration we aim to achieve for a given business context.



Figure 3 - Challenges to Joining up Government

Some of the topics that need to be addressed across the service providers leveraged for service delivery include:

What is a transaction? Against what do we want to protect ourselves?

Which data should be kept? Where? By who? For how long?

How does a "participant in the transaction" access this data?

In case disputes arise, how should they be resolved?

What technology should be used to implement our solution?

What are the legal/policy requirements that have to be satisfied?

The "CGSB-72.34 Electronic records as documentary evidence sets out requirements that individuals and organizations may follow when creating digital electronic records, in any form (text, databases, e-mail systems, bar code, cartographic, audio, pictorial, multimedia, etc.), to maximize the probability of their admissibility as evidence. It is intended to give only general and not specific legal and technical information. It is



recommended that expert legal and technical advice be sought in regard to applying this standard to any particular information management or recordkeeping system, as well as electronic data interchange among autonomous parties."

The GC will have to provide similar guidance to the different agencies relying on the shared cyber authentication services.

6 Transformation Initiative DefinitionThere is real momentum building within the GC to find the right solutions for cyber authentication even though work on defining the problem has been examined many times in the past six years. Cyber Authentication is a fundamental building block to achieving Identity Management (IDM) and a Service Oriented Architecture (SOA) across the GC. Real benefits exist with a federated IDM where each program does not have to provide its own authentication and identity proving mechanisms, and it provides a significantly improved subscriber experience. The trend of abstracting authentication services away from program business logic will support federated IDM. The cost savings of common authentication / identity proving is somewhat unknown since these savings will be somewhat offset by the cost of building governance structures. However, the federated identity environment will provide a significant improvement to the on-line subscriber experience, which may improve online program uptake.

This transformation initiative will identify a set of policy instruments that, if modified, would enable cyber authentication to be more efficient and cost effective in its support of federated identity management.

Appendix A: Glossary (Normative)This document contains a common glossary of definitions and abbreviations for the Cyber Authentication Renewal project.

A.1 Glossary

The following definitions are used within the context of the Cyber Authentication Project. Some definitions are normative to this project's work and are indicated by a (N). Other definitions are informative, included for completeness, and are marked by a (I). The definitions provided are derived from the following sources in order of precedence, with the most precedent definitions first:

1. Canadian legislation (PIPEDA, Privacy, etc.)2. Canadian Government Policy

3. Canadian Standards (CGSB evidence)



4. ISO standards

5. European, US, Aus, etc. standards

6. Other sources

The project team has defined definitions without a specific reference.

A.1.1 Canadian Legislation Definitions

Electronic signature (N)

31(1) "Electronic signature" means a signature that consists of one or more letters, characters, numbers or other symbols in digital form incorporated in, attached to or associated with an electronic document. [PIPEDA]

Secure electronic signature (N)[9]

31(1) "Secure electronic signature" means an electronic signature that results from the application of a technology or process prescribed by regulations made under PIPEDA subsection 48(1). [PIPEDA]

48(1) Subject to subsection (2), the Governor in Council, on the recommendation of Treasury Board, make regulations prescribing technologies or processes for the purpose of the definition "secure electronic signature" in subsection 31(1).

(2) The Governor in Council may prescribe a technology or process only if the Governor in Council is satisfied it can be provided that(a) the electronic signature resulting from the use by a person of the technology or process is unique to the person;(b) the use of the technology or process by a person to incorporate, attach or associate the person's electronic signature to an electronic document is under the sole control of the person;(c) the technology or process can be used to identify the person using the technology or process; and(d) the electronic signature can be linked with an electronic document in such a way that it can be used to determine whether the electronic document has been changed since the electronic signature was incorporated in, attached to or associated with the electronic document.

Personal information (N)

3. "Personal information" means information about an identifiable individual that is recorded in any form. [Privacy]

Right to access (N)



http://laws.justice.gc.ca/en/A-1/8.html

http://laws.justice.gc.ca/en/P-21/255104.html


http://lois.justice.gc.ca/en/P-8.6/258076.html

http://lois.justice.gc.ca/en/P-8.6/258076.html

4(1) Subject to the Access to Information Act, but notwithstanding any other Act of Parliament, every person who is (a) a Canadian citizen, or (b) a permanent resident within the meaning of subsection 2(1) of the Immigration and Refugee Protection Act, has a right to and shall, on request, be given access to any record under the control of a government institution. [ATIA]

A.1.2 Canadian Government Policy

Integrity (N)

The accuracy and completeness of assets, and the authenticity of transactions.

A.1.3 Canadian Standards

Business Transaction (N)

A business transaction is a predefined set of activities and/or processes of Persons, which is initiated by a Person to accomplish an explicitly shared business goal and terminated upon recognition of one of the agreed conclusions by all the involved organizations although some of the recognition may be implicit. [CGSB05]

Person (N)

An entity (that is, a natural or legal person) recognized by law as having legal rights and duties, able to make commitment(s), assume and fulfil resulting obligation(s), and able of being held accountable for its action(s). [CGSB05]

Persona (N)

A persona is the set of data elements and their values by which a Person wishes to be known and thus identified in a business transaction. [CGSB05]

Authentication (N)

Authentication is the provision of assurance of the claimed identity of an entity. [CGSB05]

The following informative terms provide specific qualifications to authentication and are included for the reader's benefit.

Entity Authentication (I)

Entity authentication is the corroboration of the claimed identity of an entity and a set of its observed attributes. [Modi05]

Data Authentication (I)



http://www.tbs-sct.gc.ca/pubs_pol/gospubs/TBM_12A/gsp-psg1-eng.asp#appb

Data authentication is the corroboration that the origin and integrity of data is as claimed. [Modi05]

Electronic or Digital Authentication (I)

Electronic authentication is any authentication mechanism that uses electronic or digital technology (for example, card readers for physical door access).

Cyber Authentication (I)

Cyber authentication is a subset of electronic authentication that is used on-line in computer networks or systems.

2-factor Authentication (I)

2-factor authentication is any authentication protocol that requires two independent ways to establish identity and privileges. This contrasts with traditional password authentication, which requires only one factor (knowledge of a password) in order to gain access to a system. The three most commonly recognized factors are:

'Something you know', such as a password 'Something you have', such as a hardware token

'Something you are', such as a fingerprint [wikipedia]

Strong Authentication (I)

Strong authentication has several meanings in the ITS domain including one or more of the following:

The use of 2-factor authentication as a stronger mechanism against some attacks;

The use of a strong cryptographic authentication mechanism usually with respect to peer entity authentication; and

The assurance of correct implementation of the authentication mechanism.

Mutual authentication (I)

Mutual authentication implies that both parties identify themselves to the other who authenticates the correctness of the claimed identity.

Authorized (I)



http://en.wikipedia.org/wiki/Two-factor_authentication

Authorized describes an appointment, a procedure or process that has been approved, in writing, by the board or directors or management of an organization pertaining to the right or ability to make commitments. [CGSB05]

A.1.4 International Standards

Authenticity (N)

Authenticity is the property that ensures that the identity of a subject or resource is the one claimed. Authenticity applies to entities such as users, processes, systems and information. [ISO13335]

A.1.5 Other Government Standards

Credential (N)

An object that authoritatively binds an identity (and optionally, additional attributes) to a token possessed and controlled by a person. [NIST06][10]

The following informative terms provide specific qualifications to authentication and are included for the reader's benefit.

Credential Service Provider (N)

A credential service provider is an entity responsible for providing and maintaining credentials over their lifetime.

Subscriber (N)

A subscriber is an entity that holds one or more credentials and presents them on-line to acquire some service. A credential proves some aspect of their on-line persona in a specific identity context. Note that [NIST06] uses the term subscriber.

Relying party (N)

A relying party is an entity that accepts credentials on-line from subscribers in a specific context. They may also have to check with the credential provider that issued the holder presented credential to ensure its qualities (for example, validity). Note that [NIST06] uses the term Relying Party as an entity that relies upon the subscriber's credentials, typically to process a transaction or grant access to information or a system.

Electronic Credential (I)

Digital documents used in authentication that bind an identity or an attribute to a subscriber's token. [NIST06]



http://csrc.nist.gov/publications/nistpubs/800-63/SP800-63V1_0_2.pdf




Token (N)

Something that the claimant possesses and controls (typically a key or password) used to authenticate the claimant's identity. [NIST06]

A.1.6 Other Sources

Attribute (I)

Attribute is 1: an inherent characteristic, 2: an object closely associated with or belonging to a specific person, thing, or office, or 3: a word ascribing a quality.

Challenge-Response (I)

Challenge-response is an authentication technique whereby a system does not permit access by a user, until the user has given the correct answer ('response') to a question ('challenge').

Cyber (I)

Usually used in connection with references to on-line automated systems - both in terms of hardware and software. The term cyber is not scientific and means different things to different people and groups. For example Cyber Threat in the US is defined to be all threats to IT systems, not just on-line threats. This term should be avoided in technical discussions due to its ambiguity.

Knowledge Based Authentication (I)

Knowledge based authentication (KBA) is used to remotely authenticate individuals who conduct business electronically by successfully participating in a series of KBA challenge-response queries. The identity of an individual can be established without delay.

Shared Information (I)

Shared Information (also called a challenge/response system) is users wishing to be authenticated provide answers to a series of questions posed by the government agency involved in the transaction. The questions should represent information that only the valid user should know. The information is shared only between the specific agency and the user. The information could be of three types: fixed data on file (for example, date of birth); variable data (for example, date and amount of last payment/receipt/claim); specifically designed shared secrets (where the user provided a series of questions and answers to the agency).

Malware (I)



http://www.japanpkiforum.jp/shiryou/e-auth_policy/AU_Framework-eng.pdf

http://www.japanpkiforum.jp/shiryou/e-auth_policy/AU_Framework-eng.pdf

http://www.m-w.com/dictionary/attribute


Malicious software

Offline credential stealing (I)

Offline credential stealing is fraudulently gathering a user's credentials either by invading an insufficiently protected client PC via malicious software (such as a virus or Trojan horse) or by tricking a user into voluntarily revealing his or her credentials via phishing.

On-line channel breaking (I)

Session credentials (such as session cookies) are attacked via interception as they move between the client and the server. [Hilt06]

Phishing (I)

Phishing is a form of criminal activity using social engineering techniques. It is characterized by attempts to fraudulently acquire sensitive information, such as passwords and credit card details, by masquerading as a trustworthy person or business in an apparently official electronic communication. Phishing is typically carried out using email or an instant message, though it has more recently exploited fax. The term phishing derives from password harvesting and the use of increasingly sophisticated lures to "fish" for users' financial information and passwords.

Pharming (I)

Pharming is an attack in which a user can be fooled into entering sensitive data such as a password or credit card number into a malicious web site that impersonates a legitimate web site. It is different than phishing in that the attacker does not have to rely on having the user click a link in an email to deceive the user-- even if the user correctly enters a URL (web address) into a browser's address bar, the attacker will still redirect the user to a malicious web site through the use of DNS cache poisoning.

A.2 Acronyms

ABO Australian Bureau of StatisticsACSI Australian Communications-Electronic Security InstructionsADM Assistant Deputy MinisterAGAF Australian Government e-Authentication FrameworkAGIMO Australian Government Information Management OfficeAGLS Australian Government Location ServiceAPSED Australian Public Service Employee Database ASC [US] e-Authentication Service Component



http://en.wikipedia.org/wiki/Social_engineering_(computer_security)

ATIP Access To Information ProgramBCE Bell Canada EnterpriseBCeID British Columbia electronic IDBTEP Business Transformation Enablement Program CA Certification AuthorityCAP [BC Government] Corporate Authentication ProgramCAS Common Administrative ServicesCGSB Canadian General Standards BoardCIOB [TBS] Chief Information Officer BranchCOTS commercial off the shelf CRA Customs Revenue AgencyCRS [GOL] Common Registration Services CSP Credential Service ProviderDIA [NZ] Department of Internal AffairsDoJ Department of Justice DSD [Australian] Defence Signals Directorate EAP Electronic Authentication PartnershipEASD [TBS/CIOB] Enterprise Architecture and Standards Division ESD electronic service deliveryFIEC [US] Federal Financial Institutions Examination Council FIPS [US] Federal Information Processing Standard FISMA [US] Federal Information Security Management ActFIXS Federation for Identity and Cross-Credentialing Systems FPKIPA [US] Federal PKI Policy Authority GC Government of CanadaGLS [NZ] Government Logon ServiceGOL Government On-line GPKA [Australian] Government Public Key Authority GSA [US] General Services Administration GsOC Governments of Canada (that is, multi-jurisdictional)HREOC [Australian] Human Rights and Equal Opportunity CommissionHSPD [US] Homeland Security Presidential DirectiveI informativeICT information and communication technologies IDM Identity Management



IEC International Electrotechnical Commission IEEE Institute of Electrical and Electronics Engineers IM Information Management IMAGE Identity Management for Australian Government Employees IMB IM/IT Management Board ISMP Internal Service Modernization Program ISO International Organization for Standardization IT Information TechnologyITSS Information Technology Shared ServicesIVS [NZ] Identity Verification ServiceKBA Knowledge Based Authentication LRA Local Registration Authority MAF Management Accountability FrameworkMED [NZ] Ministry of Economic DevelopmentMITS Management of Information Technology StandardsN normative NAA National Archives of AustraliaNIST [US] National Institute of Standards and TechnologyNMB [US] National Mediation BoardOCIO [BC Government] Office of the Chief Information OfficerOMB [US] Office of Management and BudgetOPI Office of Primary InterestOSTP [US] Office of Science and Technology PolicyPIN Personal Identification NumberPIPEDA Personal Information Protection and Electronic Documents ActPIV [FIPS 201] Personal Identity VerificationPKAF [Australian] Public Key Authentication FrameworkPKI Public Key InfrastructurePPSN [Irish] Personal Public Service NumberPSM [Australia] Protective Security ManualPWGSC Public Works Government Services CanadaRA Registration AuthorityRFC Request For ChangeRIRDC [Australian] Rural Industries Research and Development CorporationROI Return on Investment



RP Relying PartyRSI [Irish] Revenue and Social InsuranceSLA Service Level AgreementSOA Service Oriented ArchitectureSSL Secure Sockets LayerSSP Shared Service ProviderTB Treasury BoardTBS Treasury Board SecretariatTCP/IP Transport Control Protocol / Internet ProtocolTIGERS [Australian] Trials of Innovative Government Electronic Regional ServicesTSCP Trans-Atlantic Secure Collaboration projectURL Universal Resource LocatorVAT Value Added TaxW3C World Wide Web ConsortiumWAI Web Accessibility InitiativeXML eXtensible Mark-up Language

A.3 References

The following references are applicable to this document:

[ABA]American Bar Association, Section of Science and Technology, Information Security Committee, Digital Signature Guidelines Tutorial, no date.http://www.abanet.org/scitech/ec/isc/dsg-tutorial.html

[ATIA] Access to Information Act ( R.S., 1985, c. A-1 )http://laws.justice.gc.ca/en/a-1/218072.html

[Blum04]Daniel Blum, Gerry Gebel, Doug Moench , Burton Group Report on the Federal E-Authentication Initiative, August 30, 2004.http://www.cio.gov/eauthentication/documents/BurtonGroupEAreport.pdf

[CGSB05]Electronic records as documentary evidence, CAN/CGSB 72.34-2005, 01-Dec-2005.http://www.techstreet.com/cgi-bin/detail?product_id=1252845

[CSE04] CSE, Government On-Line Public Key Infrastructure (GOL PKI) - Identity-Proofing and Authentication Guidelines, Version 1.6, 05-May-04

[Delo04] Deloitte, Environmental Scan: Toward a Legislative Framework, slide deck, Oct-04.

[Entr99] Entrust Technologies, Analysis of Technology Options in Support of Secure Citizen-Centred Service Delivery, 06-Jul-99.

[FIPS201] NIST, Personal Identity Verification (PIV) of Federal Employees and 41

From www.tbs-sct.gc.ca/inf-inf/documents/assess-eval/assess-eval00-eng.asp 12 October 2008


http://www.techstreet.com/cgi-bin/detail?product_id=1252845

http://www.cio.gov/eauthentication/documents/BurtonGroupEAreport.pdf

http://laws.justice.gc.ca/en/a-1/218072.html

http://www.abanet.org/scitech/ec/isc/dsg-tutorial.html

Contractors, FIPS PUB 201-1, Mar-06.http://csrc.nist.gov/publications/fips/fips201-1/FIPS-201-1-v5.pdf

[GOL03] Government of Canada - Government On-Line - Certificate Policies, Version 1.0, 30-Oct-03.

[Hilt06]Alain Hiltgen, Thorsten Kramp, Thomas Weigold, Secure Internet Banking Authentication, IEEE Security & Privacy, IEEE Computer Society 1540-7993/06 © 2006 IEEE, pp21-29.

[HPSD12] White House, Homeland Security Presidential Directive/Hspd-12,27-Aug-04.http://www.whitehouse.gov/news/releases/2004/08/20040827-8.html

[ISO13335]

Information technology -- Security techniques -- Management of information and communications technology security -- Part 1: Concepts and models for information and communications technology security management, ISO/IEC 13335-1:2004, 19 Nov 2006.

[ISO15944]Information technology – Business agreement semantic descriptive techniques – Part 1: Operational aspects of Open-edi for implementation, ISO/IEC 15944-1 2002(E), First Edition, 15-Aug-02.

[Javelin]

[Modi05]

Modinis Study on Identity Management in eGovernment, Common Terminological Framework for Interoperable Electronic Identity Management - Consultation Paper, v2.01, 23-Nov-05.https://www.cosic.esat.kuleuven.be/modinis-idm/twiki/pub/Main/GlossaryDoc/modinis.terminology.paper.v2.01.2005-11-23.pdf

[Modi06]Modinis Study on Identity Management in eGovernment, The Status of Identity Management in European eGovernment initiatives, Identity Management Initiative Report 1 IIR1, 6 June 2006.

[NIST06]

Electronic Authentication Guideline: Recommendations of the National Institute of Standards and Technology, NIST SP 800-63, Version 1.0.2, Apr-06.http://csrc.nist.gov/publications/nistpubs/800-63/SP800-63V1_0_2.pdf

[PIPEDA] Personal Information Protection and Electronic Documents Act (2000, c. 5)http://lois.justice.gc.ca/en/P-8.6/

[Privacy] Privacy Act (R.S., 1985, c. P-21)http://laws.justice.gc.ca/en/P-21/index.html

[TBS99] TBS, Government Service Delivery Recommendations, 22-Oct-99.[TBS00] TBS, Secure Electronic Service Delivery - Why PKI, Jan-00.

[TBS01a]TBS, Strategy for Authentication Services in Support of Government of Canada External Service Delivery - A Discussion Paper, DRAFT, 15-Jan-01.

[TBS01b] TBS/CIOB, Presentation to TIMS Privacy and Authentication Subcommittee, slide deck, 29-Oct-01.



http://laws.justice.gc.ca/en/P-21/index.html

http://lois.justice.gc.ca/en/P-8.6/


https://www.cosic.esat.kuleuven.be/modinis-idm/twiki/pub/Main/GlossaryDoc/modinis.terminology.paper.v2.01.2005-11-23.pdf




[TBS02] TBS, Authentication Framework Policy Considerations, DRAFT, 2002.

[TBS04] Peter Oberle, Next Generation Public Services - Legal Considerations, TBS/CIOB, slide deck, 13-Dec-04.

[TBS05] TBS, Government Online Research Panel - Sixth Online Survey - Results, Final Report, Apr-05.

[TBS06a]TBS/CIOB, Cyber Authentication Renewal Project - Preliminary Issues Analysis (Including coarse grain sensitivity estimates), RDIMS #403677, v1, 07-Apr-06.

[TBS06b] TBS, Government Online Research Panel - Eighth Online Survey - Results Final Report, May-06.

[wikipedia] http://www.wikipedia.org

Appendix B: Cyber Authentication Initiatives (Informative)

B.1 Microsoft's InfoCard

The InfoCard from Microsoft and related components will be generally available by mid-2007, but the critical mass for this infrastructure will come later. There will need to be a migration to a new generation of client desktop software that is not yet available. There are other vendors that are building and demonstrating the capabilities (that is, Ping, Sxip) of the next generation cyber authentication services.

Much of this work comes from the principals that have been derived and adopted by much the industry, and are captured by "Kim Cameron" of Microsoft as the "Laws of Identity". The point form version is:

1. User Control and Consent:2. Limited Disclosure for Limited Use

3. The Law of Fewest Parties

4. Directed Identity

5. Pluralism of Operators and Technologies:

6. Human Integration:

7. Consistent Experience Across Contexts:

A unifying identity meta-system must provide a simple consistent experience while enabling separation of contexts through multiple operators and technologies.



http://www.identityblog.com/?page_id=352

http://www.identityblog.com/?page_id=352

http://www.sxip.com/

http://www.pingidentity.com/

http://www.wikipedia.org/

InfoCard on your PC will hold personal data such as login names, passwords and information for making payments. This example deals with buying a CD on-line with a Web store, and having a bank that supports the technology.

InfoCard takes care of logging you in to the on-line music store. After you place an order, the store connects with InfoCard on your PC using Web

services.

You're then prompted with a request to choose how you want to pay. This is based on the information InfoCard holds for you, which could include credit card or bank account numbers. Personal data, such as the credit card information, can be stored on your PC or at sites that you authorize.

Once you've selected how you will pay, your PC will connect with the bank or credit card issuer and request payment to the music store.

The store will get confirmation that it will be paid either directly from the bank or credit card company or through you. The store will never have seen your financial information.

Figure 4 - INFOCARD

B.2 Project Higgins

This project is being managed by the Eclipse open source foundation and is developing software for "user-centric" identity management, similar to Microsoft's InfoCard. It enables individuals to actively manage and control their on-line personal information (such as bank account, telephone, credit card numbers, medical and employment



http://spwiki.editme.com/HigginsIntroduction

http://msdn.microsoft.com/winfx/reference/infocard/default.aspx

records) rather than institutions managing this information as it happens today. The user will decide what information they want shared with trusted on-line websites that use the software.

This is the first user-centric identity management effort to follow the open source software development model, where thousands of developers contribute and continually drive improvements through collaborative innovation. Being an open source effort, Project Higgins will support any computer operating system, and will support any identity management system. Higgins is being designed to be the "open source software" equivalent to the "Microsoft InfoCard".

B.3 Liberty alliance

Liberty is developing and delivering the technical standards that enable wide-scale identity federation. Enterprise customers, vendors and CSPs, are in the process of implementing these standards. To efficiently enable wide-scale federated identity deployment, Liberty is also defining technology and business guidelines for creating inter-linked circles of trust between business partners, publishing scenarios and case studies as they become known or available. The following figure is a high-level overview of the Business Requirements that need to be considered during a large-scale deployment.



https://www.projectliberty.org/index.php

Figure 5 - Liberty Alliance Business Requirements

B.4 FFIEC Releases Guidance On Authentication In Internet Banking Environment

In October 2005, the US Federal Financial Institutions Examination Council (FFIEC) published guidelines that call on US financial institutions to upgrade authentication processes by adding a stronger form of authentication during on-line transactions. Financial institutions will be audited against these guidelines beginning in December 2006. Javelin Strategy & Research (Javelin) anticipates further guidance and/or mandates from FFIEC and other regulatory bodies.

With this announcement, financial institutions now face a multitude of decisions surrounding strong authentication for on-line account access. In addition to regulatory compliance, institutions must protect themselves against asset and reputation risk and potential convenience issues as a barrier to consumer adoption of certain authentication solutions. Javelin has created a model that evaluates certain technologies for affordability, likelihood of consumer adoption, and effectiveness against fraud. This report [Javelin] provides an analysis of these solutions to assist financial institutions in the decision and implementation process, for making investment decisions. The report answers these primary questions:

What intra-organizational factors and goals determine the level of investment and priority for strong authentication?

What types of strong authentication solutions strike a balance among implementation cost, consumer usability and the likelihood of adoption, and effectiveness as a security measure?

What additional factors must financial institutions consider when implementing authentication solutions?

How do recent regulatory changes affect financial institutions' timeframes and urgency?

B.5 Electronic Authentication Partnership Trust Framework

The Electronic Authentication Partnership (EAP) is the multi-industry partnership working on the vital task of enabling interoperability for electronic authentication among public and private sector organizations.

Interoperability of e-authentication systems is essential to the cost-effective operation of safe and secure systems that perform essential electronic transactions and tasks across industry lines.

The goal of EAP is to provide organizations with a trusted means of relying on digital credentials issued by a variety of e-authentication systems. The EAP will not duplicate



http://eapartnership.org/docs/Trust_Framework_010605_final.pdf

http://www.ffiec.gov/press/pr101205.htm


the e-authentication work of other organizations nor does it seek to replace individual industry wide authentication protocols.

B.6 Constituencies with a Stake in Identity Management

A wide range of constituencies has a stake in identity management. Some stakeholders play multiple roles, such as citizens who are interested in security and citizens who hold credentials and are interested in quick transactions, or credential providers that rely on documents issued by other credential providers. Major stakeholders in identity management include:

Citizens. Citizens are concerned about security and identity fraud. They also are concerned with privacy and convenience.

Credential providers. These include federal, state and local agencies, employers, and private companies that sell goods and services.

Parties that Rely on Credentials. These include the national and international transportation system (airports, airlines, ports, etc.), government agencies, employers, and many credential providers that rely on documents issued by others.

Credential Holders. These include citizens, immigrants, consumers, and employees, and advocacy groups, e.g., for consumer and privacy interests.

Others. These include credit card companies, vendors of identity management products, services and systems, other countries, and parties that would like to rely on high-quality credentials.

B.7 The Need for a Strong or 2 factor Authentication

Although recent technology, communication, and geo-political developments (e.g., the rise in Web services, spam, and terrorism) point towards stronger network security, three trends stand out as driving the need for strong digital identities: identity theft, the rise of federated identity networks, and the proliferation of networked devices.

B.8 Trends 2006: Online Banking Retail Customer Authentication In Europe [11]

EXECUTIVE SUMMARY

"European banks are continually reviewing the way they authenticate their retail online banking customers and the transactions they make, and many of them are seeking to strengthen existing mechanisms. The approaches banks are taking vary widely, and reflect national differences as well as the level of risk associated with the solutions currently in place. During 2006, we will see some banks introduce strong authentication using one-time passwords, but there will not be a stampede. We also, however, expect an increasing interest in behind-the-scenes mechanisms to help detect and prevent




http://www.forrester.com/Research/Document/Excerpt/0,7211,39058,00.html

http://www.securitypark.co.uk/article.asp?articleid=25068&CategoryID=1

http://eapartnership.org/docs/Johns_Hopkins_Paper.pdf

fraud, such as real-time risk analysis tools. Additionally, banks should (and many will) review the criteria that determine when a second authentication factor, such as a one-time password, is required."

B.9 3 Auth trends, 2006-2007

This "Burton Group Inflection Point" is a quick verbal brief on this topic. The three authentication issues that have to be addressed in the 2006-2007 are:

Focus on Authentication - Drivers FIIC & HSPD-12 Struggling with Identity Assurance: Drivers - ID Proofing processes and life cycle

Continue fighting the phishing war - increase sophistication

Appendix C: Trends in Threats to Authentication Mechanisms (Informative)

Malicious hacking has gradually evolved over the last decade from being defacement and denial focused, to exploitation for financial gain. Hacker tradecraft has graduated from facilitating vandalism, to theft and extortion. Attacks are now stealthier and generally focused on gaining control and exfiltration of a host's useful data, as opposed to the destruction or defacement attacks that characterized most widespread Internet attacks of the previous decade. As well, the threat is increasingly influenced by organized crime, which is motivated by the increasing value of Internet commerce.

The increased use of secure web protocols has largely, eliminated the risk of attackers sniffing clear text information such as user ids and passwords from network traffic. Attackers have shown a preference to target the end systems where information (including user ids and passwords), is still insecure and particularly vulnerable to malware such as keystroke loggers. It has been recognized for some time that single factor authentication is not secure and that the threat is particularly high for systems with any connectivity to a public network. Network firewalls[12] have not been effective at preventing the exfiltration of key logs and other files by Trojan malware such as Dremn[13] or any of it's many variants. It has been reported that some Dremn infections have been active for several years prior to detection. It should be noted that commercial anti-virus vendors tend to focus on malware that targets the general Internet population and frequently underestimates malware that is targeting a specific group, such as government systems or specific agencies.

The increasing frequency of phishing/pharming attacks and identity theft, have motivated US banking regulators to direct US banks to implement two-factor authentication mechanisms for US on-line banking by the end of 2006 or face regulation.







http://inflectionpoint.burtongroup.com/ip/2006/04/authentication_.html

Some European countries have already deployed 2-factor, smart card based authentication, while others have deployed one-time password mechanisms. Attacks against one-time password mechanisms used for on-line banking have already been reported in Europe.

Figure 1 shows the relative security of eight common authentication methods against two attack categories, offline credential stealing and on-line channel breaking. Offline credential stealing is more common and requires minimal resources and little sophistication, making the attacks feasible by a large number of entities. It should be noted that soft token PKI offers only marginal additional strength over static passwords. Both are below current threat bars for phishing attacks, which are increasing rapidly in sophistication and frequency. Also note that Figure 1 is showing the theoretical strength of each mechanism. The assurance of implementation of a given authentication product could be lower. The need for two-factor hardware token authentication will increase over time as the threat environment and tradecraft continues to evolve.

Figure 6 - IEEE authors' view of the relative security of common authentication methods[14]

Based on the level of effort to mount the attack, the number of threat actors possessing the capability, and reported incidents, the threat level can be categorized as high, medium or low. In a public network connected environment, the overall threat of offline credential stealing is high, while the threat of channel breaking ranges from medium to low. The determination of risk for any given authentication implementation will be the product of the vulnerability of the system (the environment and assurance of the



implementation), the value of the data protected by the authentication mechanism, and the threat level.

Appendix D: United States Cyber Authentication Initiatives (Informative)

D.1 INTRODUCTION

http://www.whitehouse.gov/omb/egov/g-1-background.htmlIn his February 2002 budget submission to Congress, President Bush outlined a management agenda for making government more focused on citizens and results, which includes expanding Electronic Government - or E-Government. E-Government uses improved Internet-based technology to make it easy for citizens and businesses to interact with the government, save taxpayer dollars, and streamline citizen-to-government communications.

After several years of development, the US General Services Administration (GSA) has published a plan to establish a government-wide, decentralised identity management system that would enable secure single sign-on access for users of federal e-government services.

http://www.whitehouse.gov/omb/egov/c-5-1-eAuth.htmlGeneral Services Administration (GSA)Description - Minimizes the burden on businesses, public and government when obtaining services on-line by providing a secure infrastructure for on-line transactions, eliminating the need for separate processes for the verification of identity and electronic signatures.

The GSA proposes to establish an 'E-Authentication Service Component' (ASC), i.e. an infrastructure for electronically authenticating the identity of users of federal e-government services. Using a common network, the infrastructure will link identity suppliers - termed 'Credential Service Providers' - and identity consumers, called 'Agency Applications', enabling them to communicate in a standardised way. A notice published in the 5 August 2005 edition of the US Federal Register explains how the proposed ASC will work and calls for comments to be sent to the GSA by 6 September 2005.

E-Authentication Mission:

http://www.cio.gov/eauthentication/index.htmE-Authentication is setting the standards for the identity proofing of individuals and businesses, based on risk of on-line services used. The initiative will focus on meeting the authentication business needs of the E-Gov initiatives, building the necessary infrastructure to support common, unified processes and systems for government-wide



http://www.cio.gov/eauthentication/index.htm

http://www.whitehouse.gov/omb/egov/c-5-1-eAuth.html

http://www.gsa.gov/

http://www.whitehouse.gov/omb/egov/g-1-background.html

use. This will help build the trust that must be an inherent part of every on-line exchange between citizens and the Government.

The ASC will establish four levels of authentication assurance, define risk management guidelines for associating a required level of authentication to applications, and provide a Credential Assessment Framework for evaluating authentication systems to determine whether they meet Federal standards for any of the four specified authentication levels. It will not create or maintain any new federal database, but will provide for the authorised exchange of information among current or future systems of records established to support federal e-government programmes and services.

http://www.whitehouse.gov/omb/egov/2003egov_strat.pdfIn January 2003, the current E-Government project managers met with the members of the 2001 E-Government task force. This group of more that 100 government managers shared a number of insights about unresolved E-Government challenges that the 2003 strategy should address. None involved technological barriers - they centered around behavioural or policy changes needed, such as leadership support, parochialism, funding and communication.

D.2 CONTEXT

D.2.1 Employee

http://csrc.nist.gov/publications/fips/fips201-1/FIPS-201-1-v5.pdfFIPS PUB 201-1 - FEDERAL INFORMATION PROCESSING STANDARDS PUBLICATION - Personal Identity Verification (PIV) of Federal Employees and Contractors document.

http://www.cdt.org/publications/pp_11.01.shtml#2A Briefing On Public Policy Issues Affecting Civil Liberties Online fromThe Center For Democracy and Technology

http://www.gsa.gov/Portal/gsa/ep/contentView.do?contentType=GSA_BASIC&contentId=14708&noc=TUS General Services AdministrationGSA Provides Smart Card SupportFor more information on how GSA can support your agency's smart card initiative, contact GSA's Center for Smart Card Solutions.

Index of Feature Stories

http://csrc.nist.gov/publications/fips/fips201-1/FIPS-201-1-v5.pdfFederal Information Processing Standards PublicationPersonal Identity Verification (PIV) of Federal Employees and Contractors




http://www.gsa.gov/Portal/gsa/ep/indexView.do?pageTypeId=8199&channelPage=/ep/channel/gsaOverview.jsp&channelId=-13260

mailto:[email protected]

http://www.gsa.gov/Portal/gsa/ep/contentView.do?contentType=GSA_BASIC&contentId=14708&noc=T

http://www.gsa.gov/Portal/gsa/ep/contentView.do?contentType=GSA_BASIC&contentId=14708&noc=T

http://www.cdt.org/publications/pp_11.01.shtml#2


http://www.whitehouse.gov/omb/egov/2003egov_strat.pdf

WASHINGTON - A forum of federal experts will discuss identification cards for federal employees and contractors at forum at the U.S. General Services Administration (GSA). The forum's panel on Policy for a Common Identification Standard for Federal Employees and Contractors includes experts from the Office of Management and Budget, GSA, the CIO Council, Department of Defense (DoD) and National Institute of Standards and Technology. Specific topics include:

How to implement the Homeland Security Presidential Directive 12 (HSPD -12) to prevent unauthorized access to government facilities and information technology assets.

The Personal Identity Verification (PIV) project, NIST's Computer Security Division response to HSPD 12.

NIST's Federal Information Processing Standard (FIPS Pub 201) of requirements for federal personal identity verification (PIV) system that meets the control and security objectives of HS PD -12. FIPS Pub 201 includes standards for personal identity proofing, registration and issuance and specifications for technical interoperability among federal PIV systems.

Index of News Releases

D.2.2 Business

http://csrc.nist.gov/nissc/2000/proceedings/papers/047.pdfBusiness Process Driven Framework for defining an Access Control Service based on Roles and RulesThe above paper proposes a framework which calls the Business Process Driven Access Control Service (BPD-ACS) where each service component is defined based on a top-down analysis of the business processes that a given application is intended to support.

http://www.firstgov.gov/Topics/Includes/Reference/egov_strategy.pdfThe E-Government Task Force identified significant federal performance problems that could be addressed by E-Government and E-Business concepts. The Task's Force's analysis found that redundant and overlapping agency activities have been major impediments to creating a citizen-centered electronic government. Of 28 lines of business found in the federal government, the assessment revealed that, on average, 19 Executive Departments and agencies are performing each line of business (see diagram located in the above link). Each agency typically has invested in both on-line and traditional approaches, regardless of other departments' redundant efforts. That translates into many duplicative reporting requirements, while requiring citizens to wade through thousands of Web sites and dozens of call centres to find and obtain service.

D.2.3 Inhibitors and Barriers



http://www.firstgov.gov/Topics/Includes/Reference/egov_strategy.pdf

http://csrc.nist.gov/nissc/2000/proceedings/papers/047.pdf

http://www.gsa.gov/Portal/gsa/ep/indexView.do?pageTypeId=8199&channelPage=/ep/channel/gsaOverview.jsp&channelId=-13259

http://www.csrc.nist.gov/policies/cyberspace_strategy.pdfhttp://www.cio.gov/documents/ICGI/ERPWG_Barriers.pdfBarriers to the effective management of government information on the Internet and other electronic records

http://www.cio.gov/documents/ICGI/ICGI-207e-report.pdfRecommendations for the effective management of government information on the Internet and other electronic records


Barrier Mitigation

Agency Culture

Sustain high level leadership and commitment

Establish interagency governance structure

Give priority to cross-agency work

Engage inter-agency user/stakeholder groups, including committees of practice

Lack of Federal Architecture

OMB leads government-wide business and data architecture rationalization

OMB sponsors architecture development for cross-agency projects

FirstGov.gov will be the primary on-line delivery portal for G2C and G2B interactions

Trust

Through e-Authentication E-Government initiative, establish secure transactions and identify authentication that will be used by all E-Government initiatives

Incorporate security and privacy protections into each business plan

Provide public training and promotion

Resources Move resources to programs with greatest return of citizen

impact

Set measures up front and use monitor implementation

Provide on-line training to create new expertise among




http://www.cio.gov/documents/ICGI/ICGI-207e-report.pdf

http://www.cio.gov/documents/ICGI/ERPWG_Barriers.pdf

http://www.csrc.nist.gov/policies/cyberspace_strategy.pdf

employees/contracts

Stakeholder Resistance

Create comprehensive strategy for engaging Congressional committees

Have multiple PMC members argue collectively for initiatives

Tie performance evaluations to cross agency success

Communicate strategy to stakeholders

D.2.4 Multi-jurisdictional

http://www.cio.gov/archive/information_week_article_april_15_2002.htmlThe federal government is taking a businesslike approach to IT. If its initiatives take off, citizens should reap the benefitsAs millions of Americans scramble to file their income taxes, here's a sobering thought: $52 billion (latest report - $62 Billion http://www.ica-it.org/conf39/docs/Conf39_country_report_USA_rev.pdf) of the public's money will go for IT, and the government itself admits it's not very smart about how it spends that bounty.

Half of the 116 federal agencies surveyed by the General Accounting Office haven't done even the basic agency wide IT planning needed to avoid system duplication and make sure what they buy works effectively.

It's not hard to find discouraging evidence of how far the government has to go in developing intra-and cross departmental IT initiatives to make government more efficient, less costly, and more secure.

The Multi Channel Delivery FactorsWhole-of-government = increased transparency, accountability and participation of government.http://www.firstgov.gov/Topics/Includes/Reference/egov_strategy.pdf

Overall the initiatives represent an opportunity to more effectively use billions of dollars of federal funds while accelerating government response times from weeks down to minutes. In addition, the initiatives provide an opportunity to save billions of dollars currently spent by citizens, businesses and state and local governments to comply with paperwork-intensive government processes.

http://csrc.nist.gov/publications/nistir/nistir-7046.pdfNational Institute of Standards and Technology - US Department of CommerceA Framework for Multi-mode Authentication - Overview & Implementation Guide



http://csrc.nist.gov/publications/nistir/nistir-7046.pdf


http://www.ica-it.org/conf39/docs/Conf39_country_report_USA_rev.pdf

http://www.cio.gov/archive/information_week_article_april_15_2002.html

http://www.cio.gov/documents/icgi/report.pdfImproving Access to the Internet - A report to the Congress as required by the E-Government Act of 2002

D.2.5 Authority

http://csrc.nist.gov/publications/National Institute of Standards and Technology

NIST is responsible for developing standards and guidelines, including minimum requirements, for providing adequate information security for all agency operations and assets, but such standards and guidelines shall not apply to national security systems. The guideline is consistent with the requirements of the Office of Management and Budget (OMB).

http://www.cio.gov/ficc/documents/RArequirements.docThe above hyperlink document provides an overview of the Registration Authority (RA), and the relationship of the Shared Service Providers (SSPs) with the RA function. The RA function shall be conducted by the respective Federal agency contracting for services under the provisions of the Federal Common Policy, as overseen by the Federal PKI Policy Authority (FPKIPA).

http://firstgovsearch.gov/search?input-form=simple-firstgov&v%3Asources=firstgov-affiliates-search&v%3Aproject=firstgov&query=authority&affiliate=cio.gov_eauthenticationLibrary of authoritative documents that apply to this section

D.2.6 Membership

http://www.gcn.com/online/vol1_no1/40941-1.html?topic=executive-management

Administrative Office of the U.S. Courts CENDI Principal

OMB Federal Enterprise Architecture Federal librarians

Federal Geographic Data Committee

GSA Office of Intergovernmental Solutions

GPO Superintendent of Documents

D.2.7 Endorsement



http://www.gcn.com/online/vol1_no1/40941-1.html?topic=executive-management

http://firstgovsearch.gov/search?input-form=simple-firstgov&v%3Asources=firstgov-affiliates-search&v%3Aproject=firstgov&query=authority&affiliate=cio.gov_eauthentication



http://www.cio.gov/ficc/documents/RArequirements.doc

http://csrc.nist.gov/publications/

http://www.cio.gov/documents/icgi/report.pdf

http://firstgovsearch.gov/search?input-form=simple-firstgov&v%3Asources=firstgov-affiliates-search&v%3Aproject=firstgov&query=endorsement&affiliate=cio.gov_eauthenticationEndorsement Libraries

http://www.firstgov.gov/About/Linking_Policy.shtmlThe FirstGov.gov - (The US Governments Official Web Portal) staffs evaluates all suggested links using a list of criteria.

http://www.whitehouse.gov/omb/Office of Management and Budget - White House website

Business Rules and Agreementshttp://ts.nist.gov/ts/htdocs/210/sri.htm#laws

http://www.cio.gov/eauthentication/presentations/forum_timchak.ppte-Authentication Initiative - Where we are, how we arrived

D.2.8 Legal framework

http://csrc.nist.gov/ecforum/pfcadsegec.htmlPublic Forum on Certificate Authorities and Digital Signatures:Enhancing Global Electronic Commerce

Registration Authority Purposehttp://www.cio.gov/ficc/documents/Rarequirements.doc

The Registration Authority (RA) is the entity that enters into an agreement with a Certification Authority (CA)[15] to collect and verify each Subscriber's identity and information to be entered into his or her public key certificate. Areas and activities overseen by the RA include, but are not limited to: In person proofing, Verification and validation of identity documents, Enrolment and registration, Credential issuance, Credential usage, Credential revocation, Post issuance updates and additions, and Credential re-issuance.

D.2.9 Relying party agreement(s)

http://www.cio.gov/fpkisc/library/PKIrecordsMGMTguidance.pdfRecords Management Guidance for PKI Digital Signature Authenticated and Secured Transactions Records

Federal Public Key Infrastructure Steering Committeehttp://firstgovsearch.gov/search?affiliate=cio.gov_fpkisc&v%3Aproject=firstgov&query=relying+party+agreements

D.2.10 Service Provider obligations -



http://firstgovsearch.gov/search?affiliate=cio.gov_fpkisc&v%3Aproject=firstgov&query=relying+party+agreements

http://firstgovsearch.gov/search?affiliate=cio.gov_fpkisc&v%3Aproject=firstgov&query=relying+party+agreements

http://www.cio.gov/fpkisc/library/PKIrecordsMGMTguidance.pdf


http://www.cio.gov/ficc/documents/Rarequirements.doc

http://csrc.nist.gov/ecforum/pfcadsegec.html

http://www.cio.gov/eauthentication/presentations/forum_timchak.ppt

http://ts.nist.gov/ts/htdocs/210/sri.htm#laws

http://www.whitehouse.gov/omb/

http://www.firstgov.gov/About/Linking_Policy.shtml

http://firstgovsearch.gov/search?input-form=simple-firstgov&v%3Asources=firstgov-affiliates-search&v%3Aproject=firstgov&query=endorsement&affiliate=cio.gov_eauthentication



http://www.whitehouse.gov/omb/memoranda/fy2005/m05-05.pdfElectronic Signatures: How to Mitigate the Risk of Commercial Managed ServicesThe Administration is committed to achieving accountability and efficiency in the operation of public programs, including through the use of information technology and electronic signatures.

http://firstgovsearch.gov/search?affiliate=cio.gov_ficc&v%3Aproject=firstgov&query=shared+service+providersService Providers - Library

http://www.cio.gov/ficc/documents/OCDcriteria.docFederal Identity Credentialing CommitteeShared Service Provider Subcommittee

D.2.11 Liability

http://firstgovsearch.gov/search?input-form=simple-firstgov&v%3Asources=firstgov-affiliates-search&v%3Aproject=firstgov&query=liability&affiliate=cio.gov_ficcLiability - Library

http://csrc.nist.gov/publications/nistbul/csl96-10.txtGenerally Accepted System Security Principles (GSSPs): Guidance on Securing Information Technology (IT) Systems

http://www.cio.gov/fpkipa/documents/citizen_commerce_cpv1.pdfCitizen & Commerce Certificate PolicyThis Certificate Policy defines requirements for certificates accepted by the U.S. Federal Government for the purpose of authenticating citizens and commercial enterprises for many electronic services. There are two levels of assurance defined by this policy: a provisional policy where assurance is based on vendor declaration for six months; and an approved policy when assurance is based on policy mapping and review by the FPKI Policy Authority's Certificate Policy Working Group.

D.2.12 Risk management

http://www.whitehouse.gov/omb/memoranda/fy04/m04-04.pdfAssurance Levels and Risk AssessmentsThe above hyperlink (section 2 of the document) describes four identity assurance levels for e-government transactions. Each assurance level describes the agency's degree of certainty that the user has presented an identifier (a credential in this context is defined as: an object that is verified when presented to the verifier in an authentication transaction) that refers to his or her identity. In this context, assurance is defined as: the degree of confidence in the vetting process used to establish the identity of the individual who uses the credential is the individual to whom the credential was issued.




http://www.cio.gov/fpkipa/documents/citizen_commerce_cpv1.pdf

http://csrc.nist.gov/publications/nistbul/csl96-10.txt

http://firstgovsearch.gov/search?input-form=simple-firstgov&v%3Asources=firstgov-affiliates-search&v%3Aproject=firstgov&query=liability&affiliate=cio.gov_ficc

http://firstgovsearch.gov/search?input-form=simple-firstgov&v%3Asources=firstgov-affiliates-search&v%3Aproject=firstgov&query=liability&affiliate=cio.gov_ficc

http://www.cio.gov/ficc/documents/OCDcriteria.doc

http://firstgovsearch.gov/search?affiliate=cio.gov_ficc&v%3Aproject=firstgov&query=shared+service+providers

http://firstgovsearch.gov/search?affiliate=cio.gov_ficc&v%3Aproject=firstgov&query=shared+service+providers


http://www.whitehouse.gov/omb/inforeg/proposed_risk_assessment_bulletin_010906.pdfSummary: As part of an ongoing effort to improve the quality, objectivity, utility, and integrity of information disseminated by the federal government to the public, the Office of Management and Budget (OMB), in consultation with the Office of Science and Technology Policy (OSTP), proposes to issue new technical guidance on risk assessments produced by the federal government.

D.2.13 Assessment Framework

Assessment Framework, Criteriahttp://www.whitehouse.gov/omb/inforeg/egovstrategy.pdfThe OMB directorate initiated an interagency E-Government Task Force to identify the action plan for implementing the E-Government initiative.

www.gartner.comApril 25 - 2006Enter in "Federal Identity Moves Forward in the U.S. Government" in the Search ResearchThe Gartner group analyzed the U.S. government's e-Authentication identity initiative in 2003. The document further analyzes the progress toward these goals

D.2.14 Interoperability Framework

http://www.whitehouse.gov/omb/inforeg/egovstrategy.pdfThrough the Assessment Framework that is described in the above bullet there was a realization of critical shortcomings in efforts by public safety agencies to achieve interoperability between federal state and local public safety networks.Value to the Citizen: Coordinated public safety/law enforcement communications will result in saved lives, as well as better-managed disaster response. Consolidated networks will yield cost savings through reduction in communication devices, management overhead of multiple networks, maintenance and training.Value to the Government: Billions of dollars could be saved through a right-sized set of consolidated, interoperable federal networks, linked to state wireless networks, resulting in a reduction in communications infrastructure, overhead, maintenance, and training

D.2.15 Authentication levels

http://www.fcw.com/article94679-06-05-06-PrintPublished on June 5, 2006The first non-federal public-key infrastructure bridge launched May 15. CertiPath, a joint venture among defense communications companies ARINC, Exostar and SITA, secures document and e-mail exchanges via a single credential, giving companies a faster and easier way to attain cross-certification for their workers.



http://www.fcw.com/article94679-06-05-06-Print

http://www.whitehouse.gov/omb/inforeg/egovstrategy.pdf

http://www.gartner.com/

http://www.whitehouse.gov/omb/inforeg/egovstrategy.pdf

http://www.whitehouse.gov/omb/inforeg/proposed_risk_assessment_bulletin_010906.pdf

http://www.whitehouse.gov/omb/inforeg/proposed_risk_assessment_bulletin_010906.pdf

The key requirements established for the E-Authentication initiative are as follows:http://a257.g.akamaitech.net/7/257/2422/01jan20051800/edocket.access.gpo.gov/2005/pdf/05-15515.pdf

Leverage credentials Single sign-on

Privacy

Security controls

Based on these requirements - the technical approach for E-Authentication is to allow for multiple identity management schemes within a single architecture.http://www.cio.gov/documents/FEA_Security_Profile_Phase_I_Final_07-29-2004.pdf

http://www.cio.gov/eauthentication/library.htmRecent articles on GSA's Authentication Initiative

D.2.16 Certification & Accreditation

http://csrc.nist.gov/publications/nistpubs/800-79/sp800-79.pdfNational Institute of Standards and Technology - NISTGuidelines for the Certification and Accreditation of PIV Card Issuing Organizations

http://csrc.nist.gov/publications/nistpubs/800-37/SP800-37-final.pdfGuide for the Security Certification and Accreditation of Federal Information Systems

Securityhttp://www.csrc.nist.gov/policies/cyberspace_strategy.pdf

The purpose of the above hyperlinked document is to engage the reader on how Americans are able to secure the portions of cyberspace that they own, operate, control, or with which they interact.http://csrc.nist.gov/policies/FISMA-final.pdfFederal Information Security Management Act (FISMA) of 2002

http://csrc.nist.gov/publications/fips/fips200/FIPS-200-final-march.pdfFederal Information Processing Standards PublicationMinimum Security Requirements for Federal Information and Information Systems

Metadata standardshttp://firstgovsearch.gov/search?input-form=simple-firstgov&v%3Asources=firstgov-search-select&v%3Aproject=firstgov&query=metadata+standards&affiliate=egov.gov

http://www.cio.gov/eauthentication/documents/GOVhandbook.pdf



http://www.cio.gov/eauthentication/documents/GOVhandbook.pdf

http://firstgovsearch.gov/search?input-form=simple-firstgov&v%3Asources=firstgov-search-select&v%3Aproject=firstgov&query=metadata+standards&affiliate=egov.gov

http://firstgovsearch.gov/search?input-form=simple-firstgov&v%3Asources=firstgov-search-select&v%3Aproject=firstgov&query=metadata+standards&affiliate=egov.gov

http://csrc.nist.gov/publications/fips/fips200/FIPS-200-final-march.pdf

http://csrc.nist.gov/policies/FISMA-final.pdf

http://www.csrc.nist.gov/policies/cyberspace_strategy.pdf

http://csrc.nist.gov/publications/nistpubs/800-37/SP800-37-final.pdf

http://csrc.nist.gov/publications/nistpubs/800-79/sp800-79.pdf

http://www.cio.gov/eauthentication/library.htm

http://www.cio.gov/documents/FEA_Security_Profile_Phase_I_Final_07-29-2004.pdf

http://a257.g.akamaitech.net/7/257/2422/01jan20051800/edocket.access.gpo.gov/2005/pdf/05-15515.pdf

http://a257.g.akamaitech.net/7/257/2422/01jan20051800/edocket.access.gpo.gov/2005/pdf/05-15515.pdf

D.3 E -AUTH SERVICE ARCHITECTURE TREND

D.3.1 Interoperability and trust relationship

http://www.cio.gov/eauthentication/documents/TechApproach.pdfThe above hyperlink document provides a description of the technical approach for the E-Authentication Initiative. The approach is based on an architectural framework that allows multiple protocols and federation schemes to be supported over time. The approach is presented in terms of use cases. This document is subject to periodic revision and update.

http://www.cio.gov/eauthentication/documents/SAMLprofile.pdfThe above hyperlink paper provides an overview of the use of the SAML Artefact Profile in the E-Authentication Initiative. The SAML Artefact Profile is one of the adopted schemes within the E-Authentication architectural framework.

http://www.cio.gov/eauthentication/documents/SAMLspec.pdfThis document provides the interface specifications for the SAML Artefact Profile for use with the E-Authentication Initiative.

http://www.cio.gov/fbca/documents/PathValRqmts.pdfThis document specifies requirements for PKI clients used in the Federal PKI Requirements that are specified for path validation, path discovery and auditing.

D.3.2 Specifications and Standards

http://www.cio.gov/eauthentication/documents/SAMLspec.pdfThis document presents the transaction-processing specifications for CSs - credential services and AAs - agency applications in separate sections, so each is stand-alone for the target audience. For a CS, the following specifications are detailed: (1) hand-off from the CS, (2) testing in production, and (3) exception handling. Detailed specifications for interfacing with the E-Authentication Portal are provided because it plays a fundamental role in a single sign-on and error processing.

D.3.3 Branding

http://www.cio.gov/documents/ICGI/Web_Content_Policies_DRAFT_4_9_04.docAUTHENTICITY, BRANDING, AND TIMELINESS OF FEDERAL GOVERNMENT PUBLIC WEB SITES: Every public federal agency web site must be clearly identified as an official source of timely and accurate federal government information.

http://www.cio.gov/eauthentication/documents/CSPhandbook.pdfSections 4.6 / 5.5

http://www.cio.gov/napa/01-the_report/detailed_descriptions/01c-detail-03.htmlImprove recruiting and hiring process



http://www.cio.gov/napa/01-the_report/detailed_descriptions/01c-detail-03.html

http://www.cio.gov/eauthentication/documents/CSPhandbook.pdf

http://www.cio.gov/documents/ICGI/Web_Content_Policies_DRAFT_4_9_04.doc

http://www.cio.gov/eauthentication/documents/SAMLspec.pdf

http://www.cio.gov/fbca/documents/PathValRqmts.pdf

http://www.cio.gov/eauthentication/documents/SAMLspec.pdf

http://www.cio.gov/eauthentication/documents/SAMLprofile.pdf

http://www.cio.gov/eauthentication/documents/TechApproach.pdf

D.3.4 Accessibility/usability

http://www.usability.gov/basics/index.html

What Is Usability?

Usability is the measure of the quality of a user's experience when interacting with a product or system – whether a Web site, a software application, mobile technology, or any user-operated device.

Usability is a combination of factors that affect the user's experience with the product or system, including:

Ease of learning How fast can a user who has never seen the user interface before learn it sufficiently well to accomplish basic tasks?

Efficiency of use Once an experienced user has learned to use the system, how fast can he or she accomplish tasks?

MemorabilityIf a user has used the system before, can he or she remember enough to use it effectively the next time or does the user have to start over again learning everything?

Error frequency and severity

How often do users make errors while using the system, how serious are these errors, and how do users recover from these errors?

Subjective satisfaction How much does the user like using the system?

D.4 Links to Related Articles

Usability and the Web: An Overview, National Library of Canada

What Is Usability?, by Environmental Systems Research Institute, Inc.

Mazed and Confused, Sari Kalin, CIO WebBusiness, http://www.cio.com/archive/webbusiness/040199_use.html

Failure of Corporate Websites, Jakob Nielsen, Alertbox, http://www.useit.com/alertbox/981018.html



http://www.useit.com/alertbox/981018.html

http://www.cio.com/archive/webbusiness/040199_use.html

http://www.esri.com/software/usability/whatisusability.html

http://www.nlc-bnc.ca/9/1/p1-260-e.html

http://www.usability.gov/basics/index.html

Web-Site Usability: Usability On The Web Isn't A Luxury, Jakob Nielsen and Donald A. Norman, in InformationWeek,

D.5 Services

D.5.1 Identity Proofing and Vetting

Each step of the authentication process influences the assurance level chosen. From identity proofing, to issuing credentials, to using the credential in a well managed secure application, to record keeping and auditing - the step providing the lowest assurance level may compromise the others. Each step in the process should be as string and robust as the others. Agencies will achieve the highest level of identity assurance through strong identity proofing, a strong credential, and robust management (including a strong archive and audit process). However, the best authentication systems result from well-engineered and tested user and agency software applications. A process currently being developed for enabling authentication across Federal agencies will be published for implementing when complete.

D.5.2 Assurance Levels



http://www.informationweek.com/773/web.htm

Appendix E: Australian Cyber Authentication Initiatives (Informative)

E.1 INTRODUCTION

http://www.agimo.gov.au/__data/assets/file/16032/benefits.pdfAustralians can engage with government through a number of distribution channels such as the one-stop shops, call centres and on-line services. Over time, provision of government services is being transformed with traditional over-the-counter services to fully integrate on-line services where customers can engage (or do business) with government via the Internet, at any time, from any place.

http://www.agimo.gov.au/publications/1998/08/naaThe ability to prove (authenticate) the identity of parties to electronic communications or transactions is a necessary precondition to the expansion of widespread use of on-line communications services, for government, industry and individuals, domestically and internationally, particularly in open networks such as the Internet.

http://www.agimo.gov.au/__data/assets/file/16032/benefits.pdfAgency aligned view: E-government is a key mechanism for transforming development, implementation and delivery of policy objectives through an electronic channel of delivery.

Citizen aligned view: An increasingly large segment of the community is seeking government service delivery in a way that provides all needed information and services



http://www.agimo.gov.au/__data/assets/file/16032/benefits.pdf

http://www.agimo.gov.au/publications/1998/08/naa


in one place through one mechanism and in a manner that is sensitive to the individual's context of interaction.

E.2 CONTEXT

E.2.1 Employee

http://www.agimo.gov.au/infrastructure/authentication/image_framework/image_overviewIDENTITY MANAGEMENT FOR AUSTRALIAN GOVERNMENT EMPLOYEES FRAMEWORK (IMAGE) AN OVERVIEW

http://www.agimo.gov.au/infrastructure/authentication/image_framework/data_management_guidelines/collection_of_dataIDENTITY MANAGEMENT FOR AUSTRALIAN GOVERNMENT EMPLOYEES FRAMEWORK

EMPLOYEE AND CONTRACTOR IDENTITY DATA MANAGEMENT GUIDELINESIMAGE requires employees and contractors to apply for, and obtain, an Australian Government Employee Identification Credential (AGSIC) for employment with or contracting to the Australian Government.

IMAGE requires agencies to collect the following information about employees and contractors: evidence of identity information, police check details, AGSIC information, security clearance related information (where applicable), educational and professional qualifications details, and health data.

Australian Public Service Employee Database (APSED). The data fields collected for APSED are detailed in the APSED manual, which can be found at http://www.apsc.gov.au/apsed/apsedmanual.pdf. More information can also be found on the Commission website at http://www.apsc.gov.au/apsed/index.html.

http://www.agimo.gov.au/practice/delivery/checklists/intranetBetter Practice Checklist - Designing and Managing an IntranetA key role of the Australian Government Information Management Office (AGIMO), Department of Finance and Administration is to identify and promote 'Better Practice'. This checklist has been created to help agencies establish and manage intranets that are effective in the short term and will remain viable and sustainable into the future.

E.2.2 Business

http://www.agimo.gov.au/infrastructure/authentication/agafThe Australian Government e-Authentication Framework (AGAF) for Business

http://www.agimo.gov.au/infrastructure/authentication/agaf/betterpracguideAustralian Government e-Authentication Framework - better practice guide to



http://www.agimo.gov.au/infrastructure/authentication/agaf/betterpracguide

http://www.agimo.gov.au/business

http://www.agimo.gov.au/infrastructure/authentication/agaf

http://www.agimo.gov.au/practice/delivery/checklists/intranet

http://www.apsc.gov.au/apsed/index.html

http://www.apsc.gov.au/apsed/apsedmanual.pdf

http://www.agimo.gov.au/infrastructure/authentication/image_framework/data_management_guidelines/collection_of_data

http://www.agimo.gov.au/infrastructure/authentication/image_framework/data_management_guidelines/collection_of_data

http://www.agimo.gov.au/infrastructure/authentication/image_framework/image_overview

http://www.agimo.gov.au/infrastructure/authentication/image_framework/image_overview

authorisation and access management. This guide is a framework for businesses and agencies to use in examining and addressing authorisation and access management requirements for the provision of on-line services to Australian businesses

http://www.agimo.gov.au/infrastructure/authentication/agaf/buschecklistAustralian Government e-Authentication Framework - checklist for business. The checklist for business is targeted at small businesses and managers responsible for overseeing information technology (IT) security. It provides an introduction to e-authentication and the AGAF by detailing the issues businesses need to consider when conducting a transaction on-line with the government.

E.2.3 Inhibitors and Barriers

http://www.agimo.gov.au/publications/2003/03/e-govt_benefits_study/demandThere are a number of inhibitors and barriers to use on-line services. Some inhibitors and barriers survey respondents raised were: Usability, Technology, Discoverability / visibility, Skills and/or culture the fear factor, and Security and privacy.

E.2.4 Multi-jurisdictional

http://www.agimo.gov.au/publications/2004/05/egovt_challenges/accountability/cross-tierFuture Challenges for E-government Accountability in Cross-Tier E-government Integration. This paper sketches the likely practical implementation of such integrations and then focuses on the issues of accountability for the organisational arrangements described.

E.3 The Multi Channel Delivery Factors

http://www.agimo.gov.au/publications/2004/05/egovt_challenges/deliveryThe Changing Role of Multi-Channel Service DeliveryAny organization serious about multi-channel service delivery must consider a number of factors when looking to connect people to services (or products).

E.3.1 Governance - benefit / worth

Whole-of-government = increased transparency, accountability and participation of government. Monitoring agencies' progress, in terms of meeting the broad e-government agenda, requires regular review mechanisms for accessing progress key performance indicators across the Commonwealth government sector.

An approach for business manager to initially determine and then to assess, on an ongoing basis, the intrinsic worth of on-line and government on-line programs provided as integral components their overall service delivery strategies.



http://www.agimo.gov.au/publications/2004/05/egovt_challenges/delivery

http://www.agimo.gov.au/publications/2004/05/egovt_challenges/accountability/cross-tier

http://www.agimo.gov.au/publications/2004/05/egovt_challenges/accountability/cross-tier

http://www.agimo.gov.au/publications/2003/03/e-govt_benefits_study/demand

http://www.agimo.gov.au/infrastructure/authentication/agaf/buschecklist

http://www.agimo.gov.au/publications/2006/may/iif/common#4The effective management of information requires good governance. Special governance arrangements may be needed to guide collaborations across agencies.

Agencies need to develop appropriate governance arrangements around the ongoing collection, management and maintenance of their information holdings to ensure that the capacity to re-use and share information is strengthened.

Governance arrangements will differ depending on what type of information is being shared. The sharing of routine or de-identified data (that is, data that has had personal details removed) will require less governance than the sharing of highly sensitive personal information such as health data.

E.4 About the TIGERS Program

Trials of Innovative Government Electronic Regional Serviceshttp://www.agimo.gov.au/services/tigers/about

A better understanding of how to deliver services to clients based on their needs; Innovative approaches to the way government in Australia delivers services to meet the needs of clients;

E.4.1 Authority

http://www.agimo.gov.au/webguide/aboutThe Australian Government Web Guide brings together Australian Government resources for website management. It makes it easy for Australian Government agencies to;

Discern their legal and policy obligations Access policies, guidelines, tools and examples of better practice

Keep abreast of emerging trends in managing government websites

The Australian Government Web Guide is a gateway to further information. For each topic, the guide directs you to resources provided by the responsible Australian Government agency (or other organisation).

http://www.agimo.gov.au/resources/ppt/2001/010427acaAustralian Communications Authority - ACAThe ACA Approach to the On-line Action Plan

http://www.agimo.gov.au/media/2002/10/17106.htmlSecureNet Achieves Gatekeeper Accreditation As A Certification Authority



http://www.agimo.gov.au/media/2002/10/17106.html

http://www.agimo.gov.au/resources/ppt/2001/010427aca

http://www.agimo.gov.au/webguide/about

http://www.agimo.gov.au/services/tigers/about

http://www.agimo.gov.au/publications/2006/may/iif/common#4

http://www.agimo.gov.au/?a=1183Gatekeeper is the Australian Government's strategy for the use of Public Key Infrastructure (PKI) as a key enabler for the delivery of on-line government services.

E.4.2 Membership

http://www.agimo.gov.au/?a=2806Government Domain Policies (gov.au)Agencies have responded to the government on-line initiative and have responded in a way that has received community endorsement.

E.4.3 Endorsement

http://www.agimo.gov.au/__data/assets/file/16032/benefits.pdfClearly agencies have responded to the government on-line initiative and have responded in a way that has received community endorsement. Every program surveyed included an expectation of improved service delivery to users and 87% of programs expected to generate some financial benefit to people.

E.4.4 Business Rules and Agreements

http://www.agimo.gov.au/publications/2006/may/iifhttp://www.bakercyberlawcentre.org/2002/eauthentication/Eauthentication_Transcript.htm

E.4.5 Legal framework

http://www.agimo.gov.au/publications/2006/may/iif/understandingA number of legislative regimes are applicable to the Australian Government and information management. In addition, many agencies are subjected to specific legislative regimes over their use and disclosure of certain classes of information.

E.4.6 Relying party agreement(s)

http://www.agimo.gov.au/__data/assets/pdf_file/50725/Information_Interoperability_Framework.pdf

http://www.agimo.gov.au/publications/2004/05/egovt_challenges/privacy/obstacles/way_forwardThere are potentially great benefits to be achieved by implementing e-government programs. Such benefits include improved services, greater efficiency, customer satisfaction, and cost savings. But there are significant obstacles to carrying out data sharing activities under the current legal and administrative regime, which are discussed and reviewed in the above hyperlinked document.

E.4.7 Service Provider obligations - example with Health Connect



http://www.agimo.gov.au/publications/2004/05/egovt_challenges/privacy/obstacles/way_forward

http://www.agimo.gov.au/publications/2004/05/egovt_challenges/privacy/obstacles/way_forward



http://www.agimo.gov.au/publications/2006/may/iif/understanding

http://www.bakercyberlawcentre.org/2002/eauthentication/Eauthentication_Transcript.htm

http://www.bakercyberlawcentre.org/2002/eauthentication/Eauthentication_Transcript.htm

http://www.agimo.gov.au/publications/2006/may/iif


http://www.agimo.gov.au/?a=2806


http://www.agimo.gov.au/__data/assets/file/16032/benefits.pdfThe transition from agency-oriented to citizen-centric e-government may be difficult and time consuming and will require leadership and coordination as agencies work towards a common and agreed architecture. Determining the value and justification of such a shift may be problematic, and individual agencies may need to adjust their normal program priorities and e-government spending to move towards this increasing integration. The above hyperlink provides an example on an initiative with a wide population reach and significant economic and social benefit.

E.4.8 Liability

http://www.agimo.gov.au/__data/assets/file/12284/PKI_legal_report_May2002.pdfNational Electronic Authentication Council 2002 Report - NEAC Liability and Other Legal Issues in - The Use of PKI Digital Certificates

NEAC's report Liability in e-Transactions published in August 2000 ("the 2000 Report") examined the adequacy of current Australian law and private law mechanisms for managing the allocation of liability among three parties to a PKI: a Subscriber, a CA and a Relying Party (RP).

E.4.9 Risk Management

http://www.agimo.gov.au/publications/2000/04/checklist/appendix_eRisk Management ChecklistThe Australian Government e-Authentication Framework (AGAF) is a risk management approach to on-line transactions between government and business. It was developed by the Australian Government Information Management Office (AGIMO) of the Department of Finance and Administration. It aims to provide a consistent, whole-of-government approach to managing the risk associated with on-line transactions.

E.4.10 The Risk framework

The AGAF, illustrated below, proposes a common, risk-managed approach to: determining the risk associated with a transaction, and therefore the level of assurance that must be inherent in the e-authentication credential presented by a user, and assigning an appropriate assurance level to a user's e-authentication credential. The key determinants of this are the inherent strength of the e-authentication mechanism and the robustness of the registration process (including evidence of identity) associated with issuing a credential to a user.

E.4.11 Assessment Framework

Assessment Framework, CriteriaThe Australian Government Information Interoperability framework provides a platform for the development of Information Interoperability capacity. It will help to establish a



http://www.agimo.gov.au/publications/2000/04/checklist/appendix_e

http://www.agimo.gov.au/__data/assets/file/12284/PKI_legal_report_May2002.pdf


shared understanding of information barriers, enablers, principles, and practices. This understanding will underpin improved ability to share information across agencies

http://www.anao.gov.au/WebSite.nsf/Publications/2C3CDF64278872A9CA256FA2007F445EThe Auditor-General - Audit Report No.26 2004-05 - Performance AuditMeasuring the Efficiency and Effectiveness of E-GovernmentAustralian Government policy is that agencies use the Internet to deliver all appropriate programs and services. This has led to considerable agency investment in Internet-based service delivery. ANAO, in this audit, examines whether agencies are measuring the efficiency and effectiveness.

E.4.12 Interoperability Framework

http://www.agimo.gov.au/publications/2005/04/agtifv2#Australian20Technical20FrameworkImplementing the Framework in your AgencyChief Information Officers are primarily responsible for the success of the Framework. Interoperability depends as much on a culture of collaboration within and between agencies as it does on the consistent use of agreed standards.

E.4.13 Trust models and Trust domains

Cultural and ownership issues may lead to limited information sharing between agencies. This may occur as a result of an unwillingness to invest in a cross-agency project that does not appear to address direct agency priorities, that appears to benefit one agency over another, that reduces control or autonomy of an agency, that increases an agency's costs, or simply because of lack of trust at the infrastructure and interpersonal levels.

E.4.14 Authentication levels

http://www.agimo.gov.au/publications/1998/08/naaThe Commonwealth Government has established its own peak body under the GATEKEEPER initiative, known as the Government Public Key Authority (GPKA), for authentication requirements within government and with government clients.

The GATEKEEPER initiative is an authentication framework based broadly on the model described in the Standards Australia Report MP75 - Strategies for the Implementation of a Public Key Authentication Framework (PKAF) in Australia. Further information about GATEKEEPER and the GPKA can be found at <http://www.dcita.gov.au/nsapi-text/?MIval=dca_dispdoc&ID=4172> and <http://www.gpka.gov.au/>.

E.4.15 ID & Attributes Assurances



http://www.gpka.gov.au/

http://www.dcita.gov.au/nsapi-text/?MIval=dca_dispdoc&ID=4172

http://www.agimo.gov.au/publications/1998/08/naa

http://www.agimo.gov.au/publications/2005/04/agtifv2#Australian20Technical20Framework

http://www.agimo.gov.au/publications/2005/04/agtifv2#Australian20Technical20Framework

http://www.anao.gov.au/WebSite.nsf/Publications/2C3CDF64278872A9CA256FA2007F445E

http://www.anao.gov.au/WebSite.nsf/Publications/2C3CDF64278872A9CA256FA2007F445E

http://www.agimo.gov.au/__data/assets/file/30609/AGAF_Overview_for_Business.pdf

E.4.16 Credential assurances

http://www.agimo.gov.au/infrastructure/authentication/image_framework/common_credential_guidelines

E.4.17 Auth Mechanism

http://www.agimo.gov.au/practice/mws/authenticationhttp://www.agimo.gov.au/infrastructure/authentication/agaf/govtchecklist/assess_mechanisms

A PKI solution will enable: A single sign on procedure using an ABN-DSC replacing user id/passwords - A higher level of authentication in real time that will open up cross agency access arrangements - Assurances to regulatory bodies such as the Privacy Commissioner that access to sensitive information is tightly controlled.

E.4.18 Certification & Accreditation

http://www.agimo.gov.au/?a=1183Accreditation criteria for Certification and Registration Authorities were released in December 1998. The criteria includes compliance with Australian Government procurement policy, security policy and planning, physical security, technology evaluation, Certification Authority (CA) and/or Registration Authority (RA) policy and administration, personnel vetting, legal issues, and privacy considerations.

http://www.agimo.gov.au/__data/assets/pdf_file/46135/Gatekeeper_PKI_Framework.pdf

E.4.19 Privacy Impact

Commonwealth agencies are already bound by the Privacy Act 1988 to handle personal information in accordance with the Act's information privacy principles. It is the responsibility of Commonwealth departments and agencies to ensure that their websites comply with the Privacy Act 1988. The Privacy Commissioner has issued guidelines to agencies to assist them in ensuring that the privacy practices of their websites and other on-line activities comply with the Act.

E.4.20 Security

Agencies are required to comply with the Protective Security Manual (PSM) issued by the Protective Security Coordination Centre within the Attorney-General's Department. Agencies are required by the PSM to devise an Information Systems Security Policy and implement plans to ensure systems are appropriately protected.



http://www.law.gov.au/aghome/aghome.htm

http://www.privacy.gov.au/issues/p7_2.html

http://scaleplus.law.gov.au/html/pasteact/0/157/rtf/Privacy88.rtf

http://scaleplus.law.gov.au/html/pasteact/0/157/rtf/Privacy88.rtf

http://www.agimo.gov.au/__data/assets/pdf_file/46135/Gatekeeper_PKI_Framework.pdf


http://www.agimo.gov.au/infrastructure/authentication/agaf/govtchecklist/assess_mechanisms

http://www.agimo.gov.au/infrastructure/authentication/agaf/govtchecklist/assess_mechanisms

http://www.agimo.gov.au/practice/mws/authentication



http://www.agimo.gov.au/__data/assets/file/30609/AGAF_Overview_for_Business.pdf

The Defence Signals Directorate (DSD) issues security guidelines for Australian Government IT systems, known as Australian Communications-Electronic Security Instructions 33 (ACSI 33) . ACSI 33 provides guidance to all agencies in the task of protecting classified or unclassified on-line information and describes the steps to be taken to plan and implement the information security measures required by the PSM.

E.4.21 Metadata standards

The Australian Government Locator Service (AGLS) has been developed over the last few years by the National Archives of Australia (NAA), in consultation with Commonwealth, State and Territory agencies, as such a metadata standard. It is a set of 19 descriptive elements which government departments and agencies can use to improve the visibility and accessibility of their information and services. AGLS has been developed cooperatively by all Australian government jurisdictions and is based upon the leading international on-line resource discovery metadata standard, the Dublin Core standard.

It is already in use in several other jurisdictions. The stage has been reached where the Government has decided to require AGLS to be used by Commonwealth agencies in line with NAA guidelines, in respect of their on-line activities. Refer to Annex B for further details.

E.4.22 Electronic publishing and record keeping guidelines

DOFA has produced Guidelines for Commonwealth Information Published in Electronic Formats as part of its charter in whole-of-government information publishing, dissemination and delivery.

Commonwealth websites are a form of publication and as such they are considered to be records for archival purposes. Under the Archives Act 1983, Commonwealth agencies have legal obligations regarding the proper retention and disposal of Commonwealth records, including web-based records. Commonwealth agencies need to make and keep records that accurately document their public websites over time, to satisfy business and accountability requirements and community expectations. The NAA is currently developing a policy for keeping web-based records in the Commonwealth Government.

E.4.23 Accessibility

Government On-line provides a tremendous opportunity to reach out to people with disabilities. However they can be excluded from Government On-line if website design does not recognise the special on-line requirements of this group. A recent report by the Rural Industries Research and Development Corporation (RIRDC) has highlighted the benefits to people in rural and regional areas if websites are designed taking into account their circumstances.



http://www.rirdc.gov.au/reports/HCC/00-13.pdf

http://www.naa.gov.au/recordkeeping/er/summary.html

http://www.naa.gov.au/recordkeeping/er/summary.html

http://scaleplus.law.gov.au/html/pasteact/0/6/rtf/Archives83.rtf

http://www.dofa.gov.au/infoaccess/guidelines/guidelines_for_commonwealth_in.html

http://www.dofa.gov.au/infoaccess/guidelines/guidelines_for_commonwealth_in.html

http://www.dofa.gov.au/

http://www.agimo.gov.au/#ANNEXB

http://www.naa.gov.au/recordkeeping/gov_online/agls/user_manual/intro.html

http://mirror.nla.gov.au/dc/

http://mirror.nla.gov.au/dc/

http://www.naa.gov.au/

http://www.naa.gov.au/recordkeeping/gov_online/agls/summary.html

http://www.dsd.gov.au/infosec/acsi33/

http://www.dsd.gov.au/infosec/acsi33/

http://www.dsd.gov.au/

Commonwealth departments and agencies are already obliged by the Disability Discrimination Act 1992 to ensure that on-line information and services are accessible by people with disabilities.

The Human Rights and Equal Opportunity Commission (HREOC) is currently investigating issues surrounding website access by people with disabilities and older Australians. As part of this process it has published Progress update on reference: access to electronic commerce and new information and service technologies for older Australians and people with a disability and Working paper for e-commerce reference: web accessibility.

These papers draw on and strongly support the Web Accessibility Initiative (WAI) of the World Wide Web Consortium (W3C). The WAI has resulted in the development of documents such as User Agent Accessibility Guidelines 1.0 and Authoring Tool Accessibility Guidelines 1.0. The Government is committed to ensuring that no group is excluded from being able to access Government On-line. Agencies will be required to fulfil their obligations under the Disability Discrimination Act 1992 by observing the World Wide Web Consortium's (W3C's) Web Content Accessibility Guidelines 1.0 , to ensure the widest possible audience for Government Online.

E.5 E -AUTH SERVICE ARCHITECTURE TREND

E.5.1 Interoperability and trust relationship

http://www.agimo.gov.au/publications/2003/08/framework/overview

Gate Keeper Improvementshttp://www.agimo.gov.au/media/2005/october/46168.html

This Framework provides a high level or minimum basis for interoperability within government. It is a business requirement for agency systems to interoperate with other agency systems, other jurisdictions and broader stakeholders such as private sector service providers.

E.5.2 Specifications and Standards

The Guide to Minimum Website Standards Accessibilityhttp://www.agimo.gov.au/practice/mws/accessibility

Guide to Minimum Website Standards April 2003http://www.agimo.gov.au/__data/assets/file/21189/MWSStandards.pdf

E.5.3 Branding

http://www.gcu.gov.au/code/infodept/branding/index.html



http://www.gcu.gov.au/code/infodept/branding/index.html

http://www.agimo.gov.au/__data/assets/file/21189/MWSStandards.pdf

http://www.agimo.gov.au/practice/mws/accessibility

http://www.agimo.gov.au/media/2005/october/46168.html

http://www.agimo.gov.au/publications/2003/08/framework/overview

http://www.w3.org/TR/WCAG10/

http://scaleplus.law.gov.au/html/pasteact/0/311/rtf/DDA92.rtf

http://www.w3.org/TR/ATAG10/

http://www.w3.org/TR/ATAG10/

http://www.w3.org/TR/UAAG/

http://www.w3.org/

http://www.w3.org/WAI/

http://www.hreoc.gov.au/disability_rights/current_inquiries/ecom/Webworking_paper.htm

http://www.hreoc.gov.au/disability_rights/current_inquiries/ecom/Webworking_paper.htm

http://www.hreoc.gov.au/disability_rights/current_inquiries/ecom/update.htm



http://www.hreoc.gov.au/



E.5.4 Accessibility/usability

http://www.agimo.gov.au/practice/mws/accessibilityThe Guide to Minimum Website Standards - AccessibilityThe standard for web content accessibility is the Web Content Accessibility Guidelines, which were devised by the World Wide Web Consortium (W3C). The guidelines are available at: www.w3.org/tr/wai-webcontent

E.5.5 Authentication

http://www.agimo.gov.au/publications/2002/07/online_auth/authenticationAuthentication is the solution to the need for certainty in the identity of the other party to a transaction. Where services are provided via traditional, non-electronic systems, various authentication mechanisms are used. Where services are provided on-line, agencies will need to reassess how they authenticate users. Notably, the use of existing methods of authentication requiring physical presence may reduce or eliminate the convenience of the on-line service.

E.5.6 Maintenance

http://www.agimo.gov.au/webguide/maintenance

E.5.7 Audit/traceability

http://www.agimo.gov.au/infrastructure/government/checklist

Appendix F: New Zealand Cyber Authentication Initiatives (Informative)

F.1 NZ Authentication Programme Overview

Focus is primarily on Citizen Authentication Similar Privacy landscape and citizen values to Canada

Overall approach has been changed to be more privacy friendly to reflect citizen feedback and Privacy Impact Assessments

Resulting approach will be similar to ePass (anonymous Government Logon Service) with Identity Proofing done at the Program Level

Government Logon Service will be piloted shortly with up to 4 agencies

Government Wide Identity Verification Service has been identified as a separate project and has an ambitious scope given the privacy landscape



http://www.agimo.gov.au/infrastructure/government/checklist

http://www.agimo.gov.au/webguide/maintenance

http://www.agimo.gov.au/publications/2002/07/online_auth/authentication

http://www.w3.org/tr/wai-webcontent

http://www.agimo.gov.au/practice/mws/accessibility

Strong work done on Trust Levels and Evidence of Identity Framework

F.2 Challenges

Implementing meaningful Identity Verification Service in privacy landscape

F.3 Details

The All-of-government Authentication Programme began in 2000 with the aim of determining what Government could do to help people more conveniently and securely authenticating themselves when transacting with government agencies using the Internet.

In April 2002 this work resulted in the Government approving a set of policy and implementation principles for authentication.

The principles were the basis for the four conceptual models that were developed in late 2002 to represent the possible ways to achieve a consistent approach to on-line authentication. These models were analysed to determine the implications of each approach and feedback was also sought via a public consultation.

This led to a decision by the Government in June 2003 to proceed with designing an all-of-government authentication solution. With input from a range of groups and individuals the E-government Unit determined how such as solution might work and considered the various implications that it may give rise to.

On the basis of this work the Government has decided that a phased implementation of all-of-government authentication should commence. The current phase, which started in July 2004 and will last until April 2006, will:

develop and implement a Government Login Service in up to four agencies further work to confirm the estimated costs and benefits of rolling out the

Government Logon Service to other government agencies.

develop standards for the overall authentication process

further policy working including legislation

research and develop ways in which electronic identity can be managed

support and develop review bodies and undertake Privacy Impact Assessments

When this work is completed, the Government will make a decision on how and when to proceed further with implementing on-line authentication.



The Government Logon Service (GLS) will provide the 'logon' component of a common authentication service for those people using government services over the Internet. The GLS will allow people to more conveniently access government on-line services by using the same logon - for instance, a username / password. A GLS logon will be able to be used with multiple agencies but because of the way the system is designed, the logon information will not be able to be shared between agencies. It will be like having a unique key that conveniently but privately, opens many government service doors. However, if they wish, people will still be able to use different keys for different services.

The Shared Logon Service will not use a national identity. Agencies will continue to use existing customer numbers to access information. For the initial implementation phase, identity management processes used by agencies will not change.

The Ministry of Economic Development (MED) is piloting a complete solution for managing logons (usernames and passwords) for people using the Internet to transact with government. Called the Government Logon Service (GLS), the project will also deliver a sustainable operating model for the service and a business case identifying the costs and benefits of rolling out the service across all-of-government.

Initially, the GLS will be deployed in up to four Government agencies; but, as a scalable solution, it can be rolled out to others. The full functionally of the GLS will be delivered in four increments from October 2005 through to the second quarter 2006.

A separate project - the Identity Verification Service (IVS) is being led by the Department of Internal Affairs (DIA) to develop a high-level design and business case for the initial implementation of a service to create electronic identity credentials. The IVS will let people transacting over the Internet present a passport-level-strength, evidence-of-identity credential to identify themselves to agencies. The IVS will complement the GLS to provide a comprehensive authentication service for New Zealanders and other users of government services.

To date, the PADS team has:

reviewed DIA's existing identity-management processes to determine if they can be used to contribute towards an electronic authentication service

reported back that there is potential to leverage existing proposed services

completed a draft of the high-level business-process design for an IVS

achieved agreement on a complete integrated-conceptual design, which describes how the GLS and the IVS will work together

developed high-level business case themes for further discussions with agencies.

Over the coming months:



The IVS project team will continue using the high-level, business-process design as a basis to develop a full high-level design

The project team will, through the all-of-government agency engagement and review process, complete discussions with agencies to clarify IVS:

o functions and high-level processes

o implementation options

o possible opportunities for adoption.

DIA will finalise a legislative review on possible legal implications for implementing the proposed IVS.

The project team will finalise the IVS section of the business case including the timeline and costing for the initial build of the IVS service.

F.4 Information Sources

For more information see http://www.e.govt.nz/services/authentication/

Appendix G: Ireland Cyber Authentication Initiatives (Informative)

G.1 Irish Reach - Public Services Broker Overview

Addresses Citizens and Vendors Allows for Single Sign-on and authentication

Allows for tracking and status checking

One-portal access to all services

Uses UK Trust Level Model

PPS Number is similar to SIN Number

Plans to use smart cards for citizen authentication (SAFE project)

Includes Personal Data Vault and Secure Mailbox

Includes secure messaging system (XML Messaging Hub approach)

Automatic distribution of events (OASIS) via messaging (similar to Vital Events)



http://www.e.govt.nz/services/authentication/

Planning not to use PKI until smart cards are deployed

BASIS project addresses Business Authentication (Will expand on this)

G.2 Challenges

Identity Management - what is needed? Privacy - How to protect it?

Place and meaning for Public Services Broker - migrating to more of a back-end infrastructure role

Identity Policy for Businesses - Single versus networked Business Identifier

Identity Policy for Individuals - legislation required to extend PPS number beyond current legislated uses for Social Services and Tax - subject of debate

Identity Policy Privacy - how can the public and agencies be assured that privacy principles are adhered to?

G.3 Details

Reach is an agency established by the Government of Ireland to develop a strategy for the integration of public services and to develop and implement the framework for electronic government. In particular, Reach is mandated to procure and build the Public Services Broker. It will be developed by Reach and then subsequently be operated by a separate agency.

The Public Services Broker will provide a single mechanism for access to public services to improve service delivery through traditional means (in person and on the phone) and the new self-service electronic channel. The Public Services Broker is an integrated set of processes, systems and procedures designed to provide a standard means of access to public services including

A new portal website (Reachservices.ie) - live since April 9, 2002. A development plan, including the protocols for connecting to the new services will be published and distributed to Departments and Agencies shortly.

The specifications of the multi-channel architecture and functionality for the Public Services Broker are being made public as part of the Broker procurement process.

The Broker will

act as a helper to the customer to bundle services around predefined life or business events. It will help customers and front-line staff to navigate complex



http://www.reachservices.ie/

information about services. It will make possible speedier and better-informed decisions about the services required in any given set of circumstances.

provide a secure means by which customers can prove their identity in self-service, face-to-face or telephone transactions. A secure way of "applying" for services electronically will also be provided.

Customers will be able to store their frequently used personal data (Personal Data Vault) for release to the different service delivery agencies. This will reduce the need for repetitive form filling and will permit speedier completion of service delivery.

Agencies will be able to offer a wider range of services from a single point of contact, and with the customer's permission, will be able to speedily access the data required for particular services.

Most importantly, the Broker will exist within a secure privacy framework in which the customer and the public agencies can have complete trust.

G.3.1 Personal Data Vault

The Broker's most important feature will be secure personal data vaults, under the individual customer's personal control. These will be set up for customers as services are developed and on request of the individual. In addition to the normal basic set of personal data required for most services, customers may store additional data in these vaults. This can be released at their discretion to aid or assist in gaining access to a service or to enhance service levels. Examples of such data would be birth and marriage certificates, details of income or other means, digital photographs, credit card details, passport details, car registration and insurance details.

Data will be updated directly by the customer or by an agent acting with the permission of the customer. Access will be strictly limited to the individual customer or to public servants and agents authorised to access the data in the context of a specific transaction.

As public service agencies connect to the Broker services, they will be able to dispense with the need to hold personal data on their customers in their own databases. The copy of the data held in the customer's data vault will be the single reference repository for use across the public service. Customers will be able to "notify" changes in personal data to all agencies by simply keeping their records up to date, e.g., change of address can be notified to all agencies by simply changing the address held in the personal vault.

G.3.2 Secure E-mail Accounts

Another important feature will be the establishment of secure personal e-mail accounts for each customer. These can be used for communications between the customer, or



their agent, and individual service providers. Customers will be able to check on progress of specific transactions or requests for service. It will not be essential that customers have access to e-mail themselves, as it will be possible, with the customer's permission, for an agent or helper to check progress on the customer's behalf.

G.3.3 Business Vaults

The use of private vaults by businesses will be examined in the context of the BASIS project being undertaken by the Department of Enterprise, Trade and Employment.

Information that could be stored includes status of the entity (limited company, partnership, co-operative); official identity numbers - VAT, Companies Registration Office, names, and details of directors and company officers and tax clearance certificates.

As in the case of the personal customer's vault, this data would be under the control of the business concerned for release in specific circumstances.

G.3.4 What is the Public Service Card?

A Public Services Card will be developed by Reach as the customer's secure and unique key to personal data and access to connected public services. It will be based on the existing Social Services Card of which about 2.5 million are in circulation. Currently, social security customers use it to access services and payments at Social Welfare Local Offices and Post Offices.

The details of the new card will be worked out in consultation with public service agencies and their customers. However, at this stage, it is envisaged that the new card will, in its basic form, be similar to the current Social Services card. It will display the cardholder's name and Personal Public Service Number and signature and will comply with banking standards for payment cards (ISO 7812 and 7813.).

It's also being proposed to create a "family" of cards to suit the needs of different groups of customers with features being chosen on a voluntary basis by the individual customer. This family will range from very simple cards with a minimum of information to multi-purpose cards with very high security.

At a basic level, the card and a PIN number will be enough to access some services, but where a greater level of security is required, one of the possible technologies that could be used is digital signatures and certificates within a Public Key Infrastructure (PKI). This latter feature will support electronic signatures and secure identity in self-service access to information and public services over the Internet.

G.3.5 Services Manager



http://www.entemp.ie/

http://www.basis.ie/

http://www.basis.ie/

The central function of the Public Services Broker will be to manage access by customers to public services through a central customer relationship management system, currently called the Services Manager. Customers may access the service on a self-service basis over the Internet from a variety of devices and access points. They may also access the services through the mediated/assisted channels at public service local offices or telephone access points. In the assisted mode, a public service staff member will access the broker service on behalf of the customer.

The Broker will manage requests for service originating from all access points and will pass them on in standard agreed format to the agencies providing the services. Regardless of whether transactions are in the context of groups of related services or individual services, the Broker will transmit authenticated individual service requests for processing and action to the agencies concerned in the particular episode. Requests will be authenticated and securely transmitted and will be in a standard format. Standards will be developed and published by the Reach agency in consultation with Departments and Agencies.

The Broker will also handle electronic communications from the agencies to the customer.

G.3.6 Secure Environment

Depending on the service being accessed, there is a requirement for varying levels of security to protect communications, messages and documents involved in customer/public service transactions.

Reach is responsible, with the Department of Finance, for developing and specifying the appropriate security framework within which Ireland's eGovernment services will operate.

Protection is required to ensure that:

Data can be exchanged privately and confidentially The identities of the agency staff member and the customer providing and

accepting the data can be verified absolutely

Data cannot be tampered with - in storage or transmission

The time that data is exchanged can be reliably proven

Delivery and receipt of data can be reliably confirmed.

Public Service agencies will be expected to use the Public Services Broker security services

G.3.7 Privacy Principles



In addition to the principles laid down in Data Protection and Freedom of Information legislation concerning the collection, storage and use of personal data by public agencies, the following principles will also apply to the operation of the Broker's privacy framework:

Personal data is the property of the individual customer. The customer supplies this information to public agencies in order to avail of

publicly funded services.

Personal data is only accessed with the knowledge and consent of the individual.

The individual sets of data will be released or accessed only in the context of a particular transaction.

The customer's data will be accessible only to the customers themselves and, as appropriate, the public agency staff assisting them in accessing and availing of the service.

The release of personal data will be strictly confined to the set of data required for a particular service.

The customer will have secure direct access to his/her own set of data, and will have the right to ask for corrections to be made if errors or inaccuracies are noted, or if changes have not been updated. Search and update facilities will be provided in accordance with agreed rules and data protection principles.

G.3.8 Personal Public Service Number

In order to connect public services, a common unique personal identification number is needed. For many years, the Revenue and Social Insurance (RSI) number was a common identification number for taxation and social welfare purposes.

The Integrated Social Services Strategy - adopted by the Government in 1996 - recommended the extension of the use of the RSI Number across the public service in the interest of improving customer service.

The Social Welfare Act 1998 gave legal effect to this recommendation, renaming the RSI Number as the Personal Public Service Number (PPSN). This act also contains safeguards for the protection of the customer's right to privacy.

Most people in Ireland already have a Personal Public Service Number. Children are automatically allocated a number when a claim is registered for Child Benefit.

The Reach initiative sees use of the PPSN gradually being extended beyond the taxation and welfare domains. It is already in use in the Health area and is now being extended to the Education and Local Authority sectors. THIS MAY BE ON HOLD.



http://www.welfare.ie/topics/ppsn/index.html

http://www.welfare.ie/publications/isss.html

The Department of Social and Family Affairs issued a Code of Practice (PDF, 454 kb) in February 2004 (updated July 2004) concerning the use of the Personal Public Service Number.

G.4 Information Sources

For more information see :http://www.reach.ie/


Appendix H: British Columbia Cyber Authentication Initiatives (Informative)

H.1 BC Corporate Authentication Program Overview

Addresses Business and Citizens Branded British Columbia electronic ID (BCeID)

Follows the UK Trust Model and has provisions for identity proofing to UK Level 2 (NIST Level 3)

Central Registration with ID Proofing of Businesses (May be done at time of Business Registration)

On-line registration of citizens with in person identity proofing to complete registration

Used phased approach (beginning 2002) to enable earlier agency registered business ids and pseudonymous citizen ids (formerly known as MyId)

Strong Partner Network to implement (provincial and federal)

Multi-channel

Interested in inter-operating with the federal government

Includes creation of an operational infrastructure once project is "complete"

H.2 Challenges

Extending BCeID to a multi channel concept

H.3 Details




http://www.reach.ie/

http://www.reach.ie/publications/downloads/code_of_practice_v3.pdf

The Corporate Authentication Program (CAP), due for implementation October 30, 2005, (but appears to have been implemented in April 2006) meets the government-wide need for an authentication service to allow more people to access government in a secure and private fashion through the enhanced BCeID access method.

It is a key foundation component of BC's e-government plan and the service delivery strategies of the Ministry of Labour and Citizens' Services.

Many ministries are enhancing traditional service delivery channels, such as over the counter, with the on-line channel. To successfully provide services to customers electronically, ministries need to know with whom they are interacting.

The need for a common authentication program was identified through the government's information management planning process, coordinated by the Office of the Chief Information Officer (OCIO). The OCIO is leading the government's development of a corporate authentication service.

The CAP program is being developed in partnership with ministries and is driven by their e-Service business requirements and timelines. All ministries/programs that require authentication for on-line services will be involved in CAP development.

The first objective is to build and implement a cross-government framework and service solution for authentication for government e-Services. The program will work with client ministries to set up, implement and operate their authentication services over all service delivery channels - on-line, over the phone and over the counter as needed.

H.3.1 What does this mean for citizens and businesses using government e-Services?

Convenience: Once registered with the improved BCeID, citizens and businesses using government e-Services will need only one set of credentials (userid/ password) to access multiple government services. Existing BCeID holders will automatically benefit from the enhanced security of the new program.

Trust and Privacy: Based on many identity-related events in recent years, citizens and businesses are legitimately concerned with the security of their personal information and with their control over the use of their identities. The CAP program is introducing rigorous standards for the issuing of credentials for accessing government services on-line, and adding:

Enhanced and standard identity proofing at time of registration; Clear audit trails for authentication events; and

Ongoing monitoring for security and identity problems.



New Services: With an enhanced authentication program in place, citizens and businesses can look forward to a growing number and variety of e-Services made available. Higher trust levels and reduced registration time and cost provide real incentives for government programs to offer on-line service more swiftly.

H.4 Information Sources

For more information see http://www.cio.gov.bc.ca/cap/

Appendix I: Digital and Electronic Signature: A Global Status Report (Informative)

The following executive summary is an excerpt from a 70-page report from The IT Governance Institute entitled Digital and Electronic Signatures: A Global Status Report.

I.1 Executive Summary

"Digital signatures, if properly implemented and utilized, could minimize risks of impostors, electronic forgeries and message repudiation. Digital signatures provide reliable authentication of documents in computerized digital form. Further, digital signatures provide a high degree of information security for information traversing public networks, such as the Internet, where anyone can spoof the data.

If digital signatures are used to replace written signatures for signing legal contracts and documents, they must contain the same specific properties that make a written signature a reliable form of authentication. They must be easy to produce, easy to recognize and difficult to forge. Also, the electronic or digital signature technology and implementation approach for document signing must be understood clearly.

This research noted that the requirements for country electronic signature laws might vary widely. The UNCITRAL Model Law and the EU Directive attempt to reduce legal barriers to using electronic technology to sign contracts. Some country laws require only electronic signatures while other laws recognize only digital signatures. The responsibilities of the sender, receiver and certification authorities are not addressed in all laws.

If a digital signature is used as the legal equivalent of a handwritten signature, especially in cross-border electronic commerce, careful legal review and advice about the national laws, with special focus on multiple jurisdictions, is recommended strongly. In addition to each respective national law, the state or provincial laws must also be reviewed. If the country in which the trading partner resides does not have a digital signatures law, contractual agreement should address the legal perspective for the use of digital signatures.



http://www.tbs-sct.gc.ca/inf-inf/documents/assess-eval/Electronic%20and%20Digital%20Signatures_A%20Global%20Status%20Report.pdf

http://www.cio.gov.bc.ca/cap/

While some laws provide that electronic signatures are admissible as evidence in any legal proceedings in relation to questions of communication authenticity or data integrity, others do not address whether electronic signatures are admissible as evidence in a court of law. Digital signatures in EU member states must meet a long list of requirements before being considered as equivalent to a handwritten signature.

Some laws do not have specific regulations addressing certification authorities and allow voluntary schemes for certification authorities. Laws in various European countries require that certification authorities be liable for the damage caused to any entity that relies on a qualified certificate. The only way to escape liability is if negligent action cannot be proven. The EU Directive provides that certification authorities may limit their liability and stipulate a financial cap for transactions affected or limit the use of their certificates. Foreign certification authorities within the EU member states are recognized by EU member states. However, some EU members do not recognize foreign certificates issued outside the EU member states for cross-border transactions. The legal requirements for both the business partner's jurisdiction, and the local jurisdiction, must be clear in the law or through a separate contractual agreement. Due diligence ensuring a trusted environment for the use of digital signatures for document signing is required. If digital signatures and certification authorities are subject to conflicting legal and technical requirements in different jurisdictions, It may be difficult or close to impossible to use digital signatures in cross-border transactions.

There are costs associated with the implementation of a digital signature system, such as establishing and utilizing certificate authorities, maintaining a repository of signer certificate-related information, software and hardware support of digital signature administration, the verification process and the trusted environment, the hardware securing a subscriber's private key and the purchasing of certificates for issuance.

The many benefits of electronic signatures, specifically digital signatures for e-commerce, may far outweigh the costs. However, the real value of electronic signatures will be defined fully and understood generally only after applicable laws are tested and upheld in courts, and organizations are convinced they can trust electronic signatures."

Appendix J: Identity Tutorial (Informative)

This informative appendix is a glossary of identity terms and some diagrams to help the reader understand some fundamental concepts of identity such as partial identity or persona. The Identity Management (IDM) Initiative within TBS/CIOB is examining identity management issues within the GC, while this Cyber Authentication Renewal project is examining cyber authentication as it supports identity management. The Identity Management Initiative is defining an IDM framework and lexicon, which will provide a suitable context for the reader. However, until that work has progressed this tutorial can help the reader understand some fundamental IDM concepts that impact the



cyber authentication environment. This tutorial is based on terms defined from Modinis IDM Terminology Paper [Modi05] and figures taken from [ISO15944]

Anonymity

Anonymity refers to the quality or state of being not identifiable within the set of all possible entities that could cause an action and that might be addressed. In this state, the involvement of an entity in a given process is concealed, so that a given action cannot be attributed to a specific entity. The set in which an entity is anonymous typically varies in time and decreases in size as digital systems do not "forget".

Identity

The identity of an entity is the dynamic collection of all of the entity's attributes. An entity has only one identity. An entity has only one identity, consisting of a number of attributes that need not necessarily be unique for that entity, but which are nonetheless useful when attempting to distinguish several entities. Common examples of such attributes include name, date and place of birth, address, the identity of parents, etc.

Identifier

An identifier is an attribute or a set of attributes of an entity that uniquely identifies the entity within a certain context.

Identity management

Identity management is the managing of partial identities of entities, that is, definition, designation and administration of identity attributes as well as choice of the partial identity to be (re-) used in a specific context.

Identity Context

The surrounding environment and circumstances that determine meaning of Identities and the policies and protocols that govern their interactions.

Identity Proofing

The process by which a Credential Service Provider and a Registration Authority validate sufficient information to uniquely identify a person.

Digital Identity

A digital identity is a partial identity in an electronic form. For any given entity, there will typically exist many digital identities which may be unique or non-unique. A digital identity can be created on the fly when a particular identity transaction is desired. A digital identity is, by definition, a subset of the identity, and can in effect be considered a






manifestation of an entity's presence in an electronic IDM system (i.e., it is the subset of attributes belonging to an entity that is accessible through a specific IDM system).

Partial identity

A partial identity is a certain subset of one or more attributes that does not necessarily uniquely identify the entity.

Person Identity

The combination of persona information and identifier used by a Person in a business transaction.

Person authentication

The provision of the assurance of a recognized Person identity (sufficient for the purpose of the business transaction) by corroboration.

Pseudonym

Pseudonym is an arbitrary identifier of an identifiable entity, by which a certain action can be linked to this specific entity. The entity that may be identified by the pseudonym is the holder of the pseudonym.While an entity has only one identity, it may have many partial identities. Partial identities are often simply referred to as "identities", which may lead to confusion when they refer to a single entity. For this reason, the term "partial identity" should be preferred.

Figure 7 - Illustration of Links of a Person to Persona(e) to Identifier(s)



Figure 8 - Illustration of Range of Links between Person and Person Identity(ies)

Appendix K: Legal Tutorial on Digital Signatures (Informative)

The following text is an excerpt from a Digital Signatures Tutorial [ABA] provided by the American Bar Association. Note that the discussion identifies from a legal perspective the qualities that a digital signature must possess and relates closely to the PIPEDA definition of secure electronic signature.

In today's commercial environment, establishing a framework for the authentication of computer-based information requires a familiarity with concepts and professional skills from both the legal and computer security fields. Combining these two disciplines is not an easy task. Concepts from the information security field often correspond only loosely to concepts from the legal field, even in situations where the terminology is similar. For example, from the information security point of view, "digital signature" means the result of applying to specific information certain specific technical processes. The historical legal concept of "signature" is broader. It recognizes any mark made with the intention of authenticating the marked document. In a digital setting, today's broad legal concept of "signature" may well include markings as diverse as digitized images of paper signatures, typed notations such as "/s/ John Smith," or even addressing notations, such as electronic mail origination headers.[16]

From an information security viewpoint, these simple "electronic signatures" are distinct from the "digital signatures" described in this tutorial and in the technical literature, although "digital signature" is sometimes used to mean any form of computer- based signature. This appendix use "digital signature" only as it is used in information security terminology, as meaning the result of applying the technical processes described in this tutorial.



http://www.tbs-sct.gc.ca/inf-inf/documents/assess-eval/assess-evalpr-eng.asp?format=print#_ftn16

http://www.abanet.org/scitech/ec/isc/dsg-tutorial.html

To explain the value of digital signatures in legal applications, this tutorial begins with an overview of the legal significance of signatures. It then sets forth the basics of digital signature technology, and examines how, with some legal and institutional infrastructure, digital signature technology can be applied as a robust computer-based alternative to traditional signatures.

K.1 Signatures and the Law

A signature is not part of the substance of a transaction, but rather of its representation or form. Signing writings serve the following general purposes:

Evidence: A signature authenticates a writing by identifying the signer with the signed document. When the signer makes a mark in a distinctive manner, the writing becomes attributable to the signer.

Ceremony: The act of signing a document calls to the signer's attention the legal significance of the signer's act, and thereby helps prevent "inconsiderate engagements.

Approval: In certain contexts defined by law or custom, a signature expresses the signer's approval or authorization of the writing, or the signer's intention that it have legal effect.

Efficiency and logistics:A signature on a written document often imparts a sense of clarity and finality to the transaction and may lessen the subsequent need to inquire beyond the face of a document. Negotiable instruments, for example, rely upon formal requirements, including a signature, for their ability to change hands with ease, rapidity, and minimal interruption.

The formal requirements for legal transactions, including the need for signatures, vary in different legal systems, and also vary with the passage of time. There is also variance in the legal consequences of failure to cast the transaction in a required form. The statute of frauds of the common law tradition, for example, does not render a transaction invalid for lack of a "writing signed by the party to be charged," but rather makes it unenforceable in court, a distinction which has caused the practical application of the statute to be greatly limited in case law.

During this century, most legal systems have reduced formal requirements,, or at least have minimized the consequences of failure to satisfy formal requirements. Nevertheless, sound practice still calls for transactions to be formalized in a manner which assures the parties of their validity and enforceability. In current practice, formalization usually involves documenting the transaction on paper and signing or authenticating the paper. Traditional methods, however, are undergoing fundamental change. Documents continue to be written on paper, but sometimes merely to satisfy the need for a legally recognized form. In many instances, the information exchanged to effect a transaction never takes paper form. Computer-based information can also be utilized differently than its paper counterpart. For example, computers can "read" digital



information and transform the information or take programmable actions based on the information. Information stored as bits rather than as atoms of ink and paper can travel near the speed of light, may be duplicated without limit and with insignificant cost.

Although the basic nature of transactions has not changed, the law has only begun to adapt to advances in technology. The legal and business communities must develop rules and practices which use new technology to achieve and surpass the effects historically expected from paper forms.

To achieve the basic purposes of signatures outlined above, a signature must have the following attributes[17]:

Signer authentication: A signature should indicate who signed a document, message or record,, and should be difficult for another person to produce without authorization.

Document authentication: A signature should identify what is signed, making it impracticable to falsify or alter either the signed matter or the signature without detection.

Signer authentication and document authentication are tools used to exclude impersonators and forgers and are essential ingredients of what is often called a "nonrepudiation service" in the terminology of the information security profession. A nonrepudiation service provides assurance of the origin or delivery of data in order to protect the sender against false denial by the recipient that the data has been received, or to protect the recipient against false denial by the sender that the data has been sent. Thus, a nonrepudiation service provides evidence to prevent a person from unilaterally modifying or terminating legal obligations arising out of a transaction effected by computer-based means.

Affirmative act: The affixing of the signature should be an affirmative act which serves the ceremonial and approval functions of a signature and establishes the sense of having legally consummated a transaction.

Efficiency: Optimally, a signature and its creation and verification processes should provide the greatest possible assurance of both signer authenticity and document authenticy, with the least possible expenditure of resources.

Digital signature technology generally surpasses paper technology in all these attributes..

[1] "In economics, a contestable market is a market in which competitive outcomes can be observed. Its fundamental feature is low barriers to entry and exit." http://en.wikipedia.org/wiki/Contestable_market

[2] Programs are also subscribers as well since their website will have a GC certificate.



http://www.tbs-sct.gc.ca/inf-inf/documents/assess-eval/assess-eval03-eng.asp#_ftnref2

http://en.wikipedia.org/wiki/Contestable_market


http://www.abanet.org/scitech/ec/isc/footnotes.html#13

http://www.tbs-sct.gc.ca/inf-inf/documents/assess-eval/assess-evalpr-eng.asp?format=print#_ftn17

[3] Note that due to very limited time frame for this project, Service Canada, CRA, and Public Works Government Services Canada (PWGSC) participated on the project team to represent their departments' business target groups and programs as a representation of the majority of all GC business groups and their programs regarding cyber authentication needs. Other GC and GsOC were not explicitly represented.

[4] Note that although the GOL Certificate Policy [GOL03] defines two levels of certificate use (General and Limited purpose), only general-purpose credentials have been issued to date.

[5] COTS refers to commercial services and products rather than just software.

[6] [TBS06] p22.

[7] The list provided is not necessarily a complete list of requirements for cyber authentication. Project timelines precluded developing a complete requirements list.

[8] A recent report by Modinis [Modi06] provides a status of identity management in European eGovernment initiatives. This report aligns with the Ireland information contained in this report.

[9] The Secure Electronic Signature Regulations currently define PKI based digital signature as the only acceptable mechanism, although future alternative mechanisms can be defined.

[10]Note that the current IMISC Identity Management lexicon defines credential as "evidence provided to prove a claimed identity." The NIST definition was used since it is more specific in defining evidence binding and control of use as noted in the PIPEDA secure electronic signature.

[11]By Martha Bennett with Jost Hoppermann

[12] Host based firewalls with integrated IDS/IPS and code-hashing capability have a higher success rate in dealing with unknown malware.

[13] Dremn is a family of Trojan variants that typically infect through a Word macro, install a keystroke logger and can exfiltrate files from the system on remote command. Detection of Dremn in anti-virus products began in 2005 and new variants continue to be added. Dremn infections began as early as 2003.

[14] [Hilt06]

[15] Each SSP is responsible for providing the Certification Authority (CA), and the associated infrastructure and resources required to operate the CA in accordance with acceptable practices. Such operation must be in accordance with Authentication and
















Identity Framework for Federal Agencies, and must be validated by an Operational Capabilities Demonstration (OCD) conducted by the FICC.

[16] Note that this concept is identical to [PIPEDA] electronic signature definition.

[17] Note that the four characteristics of a secure electronic signature defined in [PIDPEA] are subsets of these two attributes.



http://www.tbs-sct.gc.ca/inf-inf/documents/assess-eval/assess-evalpr-eng.asp?format=print#_ftnref17

http://www.tbs-sct.gc.ca/inf-inf/documents/assess-eval/assess-evalpr-eng.asp?format=print#_ftnref16