Embed Size (px)
Citation preview
Final Report
Inter-jurisdictional Identity Management and
Authentication Task Force
Deputy Ministers’ TeleconferenceSeptember 12, 2007
Dave Nikolejsin Michel Rosciszewski Task Force Co-Chair Task Force Co-ChairChief Information Officer Directeur des Politiques Province of British Columbia Province of Quebec
2
Agenda
• Welcome and Introductions
• Task Force Mandate
• Vision and Value Proposition
• Problem Analysis
• Deliverables and Recommendations
• Decisions For November meeting in Halifax For Today
• Adjourn and Next Meeting
Deputy Ministers Briefing Package:
1. Slide Presentation
2. Executive Summary
3. Final Report
3
Task Force Mandate1. A Pan-Canadian Strategy for IdM&A, including:
2. A Governance Structure and Funding Model.
3. An Action Plan for how the strategy would be implemented, including:
• A framework for IdM&A that would facilitate cross-jurisdictional, multi-channel service delivery for citizens and businesses.
• Recommendations for how to align with privacy policies and ensure consistency between IdM&A and privacy efforts.
• Recommended tools and management models.
• Pilot projects with corresponding deliverables.
• The timelines, resources, and costs involved.
• Monitoring and reporting (e.g., indicators, evaluation, and verification methods).
The Task Force completed its mandate on time and on budget.
4
Task Force Activities
To achieve its mandate, the Task Force:
• Consulted broadly with stakeholder groups to understand their concerns and challenges.
• Reviewed existing Canadian IdM&A initiatives. • Scanned what other countries are doing to address IdM&A
issues.• Reviewed published literature on IdM&A.• Reviewed governance mechanisms used by other pan-
Canadian organizations. E.g.,Canada Health Infoway, Interac, and Canadian Council of Motor
Transport Administrators• Surveyed IdM&A models, tools, and technology. • Conducted a detailed problem and solution analysis. • Proposed a strategy and action plan for moving forward.
5
“Citizens and businesses enjoy simple, convenient and protected access to multi-jurisdictional services in a manner they choose and control.”
“All governments in Canada are trusted collaborative leaders in client-centred service delivery.”
The Task Force recommends the adoption of this Vision Statement and the following Value Proposition as the foundation on which further work on IdM&A between jurisdictions should be developed.
Vision
6
For Citizens and Businesses• Improve their experience with service delivery by enabling them to seamlessly
access services as needed, regardless of the jurisdiction.
• Provide them with access to a greater range of transactional services.
• Be easy to use and consistent.
• Require less duplication and effort.
• Promote business efficiency and compliance, minimizing cost.
• Increase their trust that both personal and confidential business information are managed in a private and secure way.
• Increase their willingness to transact with government (particularly on-line).
Value Proposition
7
For all Levels of Government• Enable cost effective service delivery by leveraging consistent processes, reducing
errors, streamlining front and back end processing and maximizing infrastructure investments.
• Provide sustainable, practical authentication practices.
• Leverage existing work done by jurisdictions.
• Establish a foundation for transparent IdM&A principles and standards, leading to seamless service delivery and public confidence in identity proofing.
• Enhance trust and confidence in the public sector through improved client satisfaction and access to more on-line services requiring authentication.
• Enable the public sector to respond faster to cross-jurisdictional needs.
• Reduce risk and liability and the likelihood of fraud.
• Increase the likelihood of clients transacting on-line as concerns about privacy and identity theft decline.
Value Proposition (con’t)
8
Problem Analysis
9
Deliverables and Recommendations
10
IdM&A PrinciplesId
M&
A P
rin
cip
les
Principle 1: Justifiable and Proportionate
Principle 2: Client Choice, Consent and Control
Principle 3: Limited Information for a Limited Use
Principle 4: Client-focused, Consistent Experience
Principle 5: Diversity of Identity Contexts and Systems
Principle 6: Trusted and Secure Environment
Principle 7: Transparency and Accountability
Principle 8: Enduring solution
The Task Force recommends endorsement of these principles
Deliverable 1: The Pan-Canadian IdM&A Framework
11
IdM&A Framework
Deliverable 1: The Pan-Canadian IdM&A Framework
The Task Force recommends adoption of the IdM&A Framework and lexicon as the basis for further work on IdM&A by all jurisdictions.
12
Proposed Governance Structure
Deliverable 2: An IdM&A Governance Structure
The Task Force recommends the creation of an Inter-jurisdictional IdM&A Action Committee (IJAC).
13
Proposed Governance Structure (con’t)
Deliverable 2: An IdM&A Governance Structure
The Task Force recommends that the current Forum of Deputy Ministers responsible for Service Delivery be expanded to include other Deputy Ministers responsible for IdM&A activities such Vital Statistics, Citizenship and Immigration, Border Security, Criminal Justice, Health and Driver Licensing. This broader set of responsibilities will be necessary to align efforts (e.g., standard development) across sectors and make real progress towards a true Pan-Canadian IdM&A framework.
To ensure political support and leadership for this effort, the Deputy Ministers should engage Ministers responsible for IdM&A and the Federation of Canadian Municipalities as, and when, appropriate. For example, when appropriate material is available, the Forum of Deputy Ministers responsible for Service Delivery and IdM&A should recommend a venue for a Pan-Canadian conference of Ministers responsible for IdM&A in order to get political approval.
14
Overview of Strategy and Action Plan
15
Deliverable 3: An IdM&A Action Plan
• The problem analysis the Task Force conducted revealed a need for deeper IdM&A skills and knowledge in most jurisdictions. The building of this knowledge and capacity should take place in parallel with other IdM&A activities.
1. Build Capacity
The Task Force recommends:
• The recognition of IdM&A as its own discipline.
• The creation of a Pan-Canadian IdM&A Community of Practice.
• The identification of IdM&A champions in each jurisdiction to promote the value of, and vision for, a Pan-Canadian approach to IdM&A.
• The integration of IdM&A curriculum in education and training programs for employees.
• The increased exchange and sharing of information, ideas, new technologies and solutions, use cases and best practices amongst jurisdictions.
• The eventual development of an inter-jurisdictional Centre of Excellence for IdM&A.
16
Deliverable 3: An IdM&A Action Plan
Complete the Pan-Canadian IdM&A Framework and its corresponding components, including the development of standards, guidelines and models such as:
• Standards and tools for establishing trust between jurisdictions, defining liability, assessing risk, and monitoring compliance.
• Standards or processes for improving data accuracy and integrity of information that will be used to make identification or authentication decisions.
• Standards for establishing different Levels of Assurance.
• Identity proofing standards.
• Standards on acceptable credentials and authentication methods required for different levels of assurance.
• Guidelines for assessing the risk of typical transactions and services (based on the sensitivity of the information involved and other risk factors).
2. Complete the IdM&A Framework
17
Deliverable 3: An IdM&A Action Plan
Action Plan:
1. For the short term:
• The development and implementation of several self funded and self governed pilot projects to address significant IdM&A barriers and verify the applicability of the IdM&A principles and Framework’s components.
• The sharing between all jurisdictions of experiences and lessons learned from these early pilot projects to help inform the Framework, development of standards and future pilot projects.
2. For the longer term:
• The conceptualization and development of a broader pan-Canadian pilot project with all levels of government participating, whose prime objective is to test the complete IdM&A Framework, a sustainable funding model and next generation IdM&A processes and technology.
3. Develop Pilot Projects to Test Framework
The Task Force recommends an incremental approach to the use of pilot projects to test the framework.
18
Deliverable 3: An IdM&A Action Plan
The Task Force recommends the development of a sustainable funding model, that provides clear economies of scale for all participating jurisdictions in the implementation of the Pan-Canadian IdM&A Framework.
4. Sustainable Funding Model
Action Plan
1. For the short term:
• The Task Force Steering Committee will develop a budget and funding model to set up and support the activities of IJAC. It will present the model to the Deputy Ministers for approval at the November 2007 meeting in Halifax.
2. For the longer term:
• IJAC will develop a long term sustainable funding model for the implementation and use of the completed Pan-Canadian IdM&A Framework and present to the Deputy Ministers for approval.
19
Deliverable 3: An IdM&A Action Plan
The Task Force recommends:
• Developing a constructive engagement process to enable key government and other stakeholders to validate the proposed IdM&A Principles and Framework and to increase general awareness of IdM&A issues and possible solutions.
• Introducing a general public awareness process to build client knowledge, trust and comfort with IdM&A processes and to increase the demand for multi-channel cross-jurisdictional service delivery initiatives that utilize consistent and secure IdM&A processes.
5. Stakeholder Engagement
Action Plan (Immediate Priorities):
• A communication and stakeholder engagement plan (particularly for external consultations) will be developed.
• Validation of the IdM&A framework within home jurisdictions and with the Joint Councils (PSSDC and PSCIOC).
20
Deliverable 3: An IdM&A Action Plan
The Task Force recommends the creation of the Inter-jurisdictional IdM&A Action Committee (IJAC), its working groups, and supporting Secretariat to supersede the Steering Committee as an Interim (18-24 months) governance body.
6. Governance
Action Plan:
1. Immediate governance needs: existing Steering Committee
2. Intermediate governance needs: IJAC
3. Long-term governance needs:
• Near the end of its term, IJAC will propose a long-term governance model for the effective oversight of the implementation of the Pan-Canadian IdM&A Framework, the broader pilot project, sustainable funding model and next generation IdM&A processes and technology.
21
Interim Governance, Funding and Activities – For Immediate Decision
22
Interim Governance (Sept. – Nov.) – For Immediate Decision
Interim Governance and Funding Needs
The Task Force recommends:
• That the current Steering Committee continue as an Interim Governance Committee until November 2007; and,
• Short term funding of $50,000 to support the interim work of the Steering Committee to:
Finalize the governance model and prepare a business case for the creation of IJAC.
Draft strategic and operational plans that establish clear priorities for the ongoing work.
Develop a sustainable funding model and budget.
Develop terms of reference and rules of engagement.
• To ensure success of IJAC and the Pan-Canadian IdM&A strategy in general, it is important to maintain momentum in the interim period (from Sept. to Nov.)
• The Interim work of the Steering Committee will be presented to the Deputy Ministers for approval at the November 16th meeting in Halifax.
23
Interim Funding Recovery Formula
Interim Funding Needs
Jurisdiction % of Population Base Fee % Share Total
Newfoundland and Labrador 1.56% $1,000.00 $303.23 $1,303.23
Prince Edward Island 0.42% $1,000.00 $82.57 $1,082.57
Nova Scotia 2.85% $1,000.00 $556.56 $1,556.56
New Brunswick 2.29% $1,000.00 $445.90 $1,445.90
Quebec 23.43% $1,000.00 $4,569.09 $5,569.09
Ontario 38.87% $1,000.00 $7,579.38 $8,579.38
Manitoba 3.60% $1,000.00 $702.12 $1,702.12
Saskatchewan 3.01% $1,000.00 $587.35 $1,587.35
Alberta 10.43% $1,000.00 $2,033.67 $3,033.67
British Columbia 13.22% $1,000.00 $2,578.20 $3,578.20
Yukon 0.10% $1,000.00 $18.56 $1,018.56
Northwest Territories 0.13% $1,000.00 $24.98 $1,024.98
Nunavut 0.09% $1,000.00 $18.38 $1,018.38
Canada (33%) $16,500.00 $16,500.00
MISA Canada $1,000.00 $1,000.00
Total 100.00% $30,500.00 $19,500.00 $50,000.00
24
Deliverable 3: An IdM&A Action Plan
25
Conclusions and Key Decisions
26
The Deputy Ministers’ decision to collaborate on IdM&A and devote dedicated resources to this initiative has resulted in:
• A Pan-Canadian Vision and Value Proposition for IdM&A.
• A set of Pan-Canadian IdM&A Principles.
• A high level Pan-Canadian IdM&A framework.
• A Strategy and Action Plan for moving forward collaboratively on implementing the IdM&A Framework.
These represent the foundational work needed to begin developing standards and harmonizing service delivery processes across jurisdictions.
Conclusions
The focused attention that the Task Force has been able to bring to the challenges associated with the development of a Pan-Canadian Strategy and Framework for IdM&A has significantly advanced our governments’ understanding of the issues that need to be addressed and the decisions that now need to be made.
27
At the November 16th meeting in Halifax, the Deputy Ministers will be asked to approve:
1. The proposed IdM&A vision, value proposition, principles, lexicon and framework and the Task Force’s recommendations for their further enhancement and use.
2. The creation of the Inter-Jurisdictional Action Committee (IJAC), its terms of reference and rules of engagement.
3. The proposed strategy and action plan for next steps.
4. Strategic, operational and financial plans to implement the strategy and action plan and set priorities for ongoing work.
Key Decisions for November
Approval of these recommendations will lay the foundation for how jurisdictions can work together to develop interoperable IdM&A processes that will streamline service delivery across departments and jurisdictions.
28
Approve continued governance by Task Force Steering Committee until November 2007 and funding of $50,000.
• to enable the development of a business case, strategic and operational plan and funding model for the proposed Inter-Jurisdictional Action Committee (IJAC), to be presented at the Deputy Minister’s November 16th meeting in Halifax.
• It will also provide ongoing governance for interim activities such as consultations and the finalizing of business requirements for proposed pilot projects.
Key Decision for Today
Interim governance and funding will ensure that the interest and momentum generated by the Task Force is maintained until November 2007.
29
Questions?
Feedback?
Decision on Interim Governance and Funding – Approved/Not Approved
Questions and Wrap Up
Next Meeting: November 16th, 2007 in Halifax, Nova Scotia
