Joint Priority Project Identity Authentication and Authorization Working Group Walk-though And Discussion for PSCIOC-PSSDC Meeting Winnipeg September 28th, 2004 1 Working Group Mandate 2 Develop guidelines containing a common set of definitions and vocabulary for identity authentication and authorization processes for inter-jurisdiction application, including trust levels related to each component of the Trust Chain; Review short term opportunities for action and identify suitable candidates for a pilot project to test the first two elements of the trust chain; Initiate, implement and evaluate the pilot project Develop recommendations with respect to next steps, including an on-going governance structure Who is involved? 3 Government of Ontario, Management Board Secretariat (Chair) Government of Ontario, Consumer and Business Services Government of British Columbia, Office of Chief Information Officer Government of Alberta, Office of the Chief Information Officer Government of Saskatchewan, Information Technology Office Government of Manitoba, Ministry of Finance City of Winnipeg, Corporate Information Technology Government of Canada, PWGSC City of Toronto, Office of the CIO Government of Québec, L'inforoute gouvernementale et aux ressources informationnelles Government of Nova Scotia, Service Nova Scotia Government of Newfoundland & Labrador , Executive Council Preliminary IAA Working Group Decision Points for September 28th meeting in Winnipeg The following decision points are proposed for Joint Council consideration: Approve (in-principle) Governance model for IAA Confirmation and endorsement of direction for GoC ePass/BCeID Pilot including: o Postpone decision for taking pilot live o Evaluation to proceed with focus on privacy and lessons learned Approval (in-principle) for an additional Pilot Approve extension of mandate of IAA Working Group to include: o Extend work through pilots o Conduct Legal, Privacy and Public Consultation / Research reviews o Transition to / support of final governance model 4 Results To Date Definitions and Guidelines Pilot Ontario leading development of Liability issue paper with input from Working Group Governance 5 GoC undertaking a PIA using demo as context Privacy issues being shared with PSCIOC privacy subcommittee Liability Developed proof of concept model shown at Lac Carling Evaluation is ongoing Privacy Version 1.0 of Definitions and Guidelines is complete and ready for wider consultation Strong standards and governance being proposed to ensure privacy, security and legal / liability are addressed Next Steps Short Term Need for continued work to meet emerging challenges: Governance Engaging municipalities Funding and Sustainability Communications Integration across boundaries Sharing knowledge and common practices 6 Decision Requested Receive IAA Framework and Guidelines Guidelines for identity authentication processes for interjurisdiction application, including trust levels related to each component of the Trust Chain, have been tabled as part of the supporting materials in the document entitled “Identification, Authentication and Authorization Framework Policy and Guidelines, PSCIOC/ PSSDC Cross-Jurisdictional Identification, Authentication and Authorization Working Group, July 29th, 2004 “ Includes: 7 a common set of definitions and vocabulary Practice Assessment Framework & Guidelines for Identification, Authentication and Authorization Decision Requested Endorse Pilot Implementation and Evaluation Strategy Pilot was conceived as a five stage process of which the first three have been completed and demonstrated through the proof of concept model at Lac Carling options since Lac Carling has confirmed implementation of BC – HRSD WebRoE pilot cannot proceed within given timeframe because of timing, resources, and priorities of participating partners Pursuing While this has indefinitely deferred any decision to “go live”, still a huge need to work through and evaluate the “proof of concept” to address Standards and guideline refinements Legal / Liability Privacy Lessons learned Previously 8 noted funding implications greatly reduced Decision Requested Receive Governance Model Options 9 Options and recommendations with respect to on-going governance structure have been tabled as part of the supporting materials in the document entitled “Governance for Identification, Authentication and Authorization, PSCIOC/ PSSDC Cross-Jurisdictional Identification, Authentication and Authorization Working Group, August 10th, 2004 “ Decision Requested Approve Plan for End-state Governance Model 10 Continue with Project Management model reporting to PSCIOC – PSSDC as an interim measure Transition within two years to end state governance model IA&A Working Group will develop the articles of governing body End state governance model options to be reviewed and approved by PSCIOC – PSSDC prior to being established Working Group structure and membership may be reviewed during intervening period to ensure representation is appropriate for a Pan Canadian Standard Decision Requested Approve Approval-in-Principle of Additional Pilot Approval-in-Principle for initiation of a second inter jurisdictional pilot using multiple tokens between multiple levels of government. demonstrate tangible authentication solutions tied to business priorities Examine means to expedite appropriate access to information with the aim of improving service Use parameters set by results of Lac Carling electronic voting Feasibility study and business case ready to go forward for approval at next PSCIOC – PSSDC meeting 11 Complete a survey of tokens and token rules Identify participants Examples include SAKMs (Justice), Public Health, Business Decision Requested Approve Extended Working Group Mandate to: manage consultation/promulgation and subsequent change management to current version of definitions and standards “Ground Proof” IA&A guidelines through identified pilots and subsequent evaluations 12 Working Group responsible for evaluation of all pilots (over-sight plus responsibility to provide advice to PSCIOC and PSSDC on implications of evaluation results for next steps) Conduct Legal, Privacy and Public Consultation / Research reviews Transition to / support of final governance model Contact: Jeff Evans Chair, Cross jurisdictional Working Group on Identity Authentication and Authorization I&IT Strategy, Policy and Planning Branch Office of the Corporate Chief Strategist Management Board Secretariat Government of Ontario 416-327-4107 Jeff.evans@mbs.gov.on.ca 13