Add to collection(s) Add to saved
  1. Science
  2. Astronomy
  3. Particle Physics

Governance for Identification, Authentication and Authorization

advertisement 
Cross-Jurisdictional
Identification,
Authentication and
Authorization Working
Group
Governance for Identification,
Authentication and Authorization
- Consultation Draft –
V.1
August 10, 2004
Table of Contents
Introduction ......................................................................................................... 3
Rationale for Governance for IAA ..................................................................... 4
Components of a Governance Model ................................................................ 5
Examples of Governance Models ...................................................................... 6
Policy Management Authority ............................................................................ 6
Canadian Council of Ministers of the Environment ............................................ 7
Council of the Federation .................................................................................. 8
Proposed Principles for Governance of IAA .................................................... 9
Customer service oriented ................................................................................ 9
Transparency .................................................................................................... 9
Effectiveness ................................................................................................... 10
Built on consensus decision-making ............................................................... 10
Inclusive .......................................................................................................... 10
Flexibility ......................................................................................................... 10
Sustainability ................................................................................................... 10
Recommendations for Ongoing Governance for IAA .................................... 10
Moving Forward ................................................................................................ 11
Report Back to PSCIOC and PSSDC .............................................................. 11
Development of an Ongoing Governance Model............................................. 11
Appendix A: References .................................................................................. 12
August 10, 2004
2.
Introduction
To deliver on service delivery transformation that is customer-focused, seamless
and convenient there is an urgent need to find ways to enable interoperability
between governments by recognizing and accepting electronic credentials across
jurisdictions. This initiative has Federal, Provincial and Municipal governments
working jointly to address common priorities and simpler, more integrated access
to government information and services.
The Cross-Jurisdictional Identification, Authentication and Authorization (IAA)
Working Group has undertaken work to enable interoperability by developing
standards, guidelines and protocols that build trust1 while allowing flexibility for
each participating jurisdiction to function within their own structures. While
having standards, guidelines and protocols in place, it is important to note that
these do not function as intended without ongoing stewardship.
This consultation paper explores stewardship by proposing the development of
an ongoing governance structure. It outlines selected governance models and
makes recommendations for moving forward on governance for crossjurisdictional IAA. It is meant to complement the other vital components of
electronic service delivery as well as participants’ own internal governance
structures.
In preparing this document, various other jurisdictions’ examples were
researched. The intent of this approach is to leverage current theory and
knowledge as much as possible in formulating recommendations for moving
forward. The key sources of information are cited in Appendix A.
Given that the results of this work may have broad implications for crossjurisdictional identification, authentication and authorization, this consultation
draft is being circulated to a number of key stakeholders to seek their input and
feedback. Key stakeholders are invited to submit written comments about this
document by August 30th, 2004 to:
Jeff Evans
Chair, Cross-jurisdictional Working Group on Identification, Authentication and
Authorization
I&IT Strategy, Policy and Planning Branch
Office of the Corporate Chief Strategist
Management Board Secretariat
Government of Ontario
Jeff.evans@mbs.gov.on.ca
1
For the purposes of the work of the IAA Working Group, cross-jurisdictional authentication is based on
the Chain of Trust concept.
August 10, 2004
3.
Or
Roberta Marinigh
Policy Analyst
Identification, Authentication and Authorization Project
I&IT Strategy, Policy and Planning Branch
Office of the Corporate Chief Strategist
Management Board Secretariat
Government of Ontario
Roberta.marinigh@mbs.gov.on.ca
A revised document will be circulated to the stakeholders in September 15th,
2004. This will also be presented to the joint PSCIOC - PSSDC meeting in
Winnipeg in September 2004.
Rationale for Governance for IAA
It is recognized that all jurisdictions involved in cross-jurisdictional IAA have their
own standards, guidelines and protocols that guide what they do and their own
governance structures to which they report. Cross-jurisdictional authentication
standards, guidelines and protocols, however, must work in concert with other
key components, such as security and technology infrastructure to enable
interoperability.
At an OECD e-Government Seminar in September 2002, participants noted,
Integration of public functions to improve service delivery is not limited to
the front and back offices in central government organizations, but also
implies improving coordination and cooperation with service partners
across levels of government.
Further, the Government of Canada, in its report Building Capacity to Accelerate
Service Transformation and e-Government, noted that,
Arguably the greatest challenge facing proponents of e-government in
Canada is achieving client-centred "vertical" integration between orders of
government.
Effective public sector electronic service delivery closely resembles a Businessto-Business (B2B) model of electronic service delivery, whereby discrete
enterprises/ministries cooperate to develop and share common information
management and technologies to defray the costs of the underlying infrastructure
and to improve service (AITSF, 2003). An ongoing governance body can
facilitate this work.
August 10, 2004
4.
A strong governance structure, accompanied by clearly defined standards,
guidelines and protocols, can provide:



assurance to a relying party that the originating party has reasonable
measures in place for registration and authentication
assurance to the originating party that ensure data is protected once
received by the relying party
a forum for overseeing arbitration of disputes between jurisdictions.
Outcomes of good governance, particularly in the case of cross-jurisdictional
interoperability, include trust, credibility, legitimacy, results that matter, the ability
to weather crises, and a climate and relationships that ensure long-term stability.
As governments get involved in cross-jurisdictional identification, authentication
and authorization for electronic service delivery, there is the need for a crossjurisdictional governance model that is one of a number of components to
facilitate interoperability. For IAA, there is a need for a governance body with
responsibility for developing and revising standards to which the jurisdictions can
follow, for auditing compliance with standards and for overseeing arbitration of
disputes between jurisdictions as they may arise.
Components of a Governance Model
There are several key components to governance that need to be identified,
developed and clarified when setting up a governance model:
1. Leadership structure and Mandate
This includes the size of a governing committee, its roles and responsibilities,
selection of committee chair and rules of engagement that stipulate how
decisions are made (e.g. one member, one vote concept, by consensus, by
quorum)
2. Membership
This includes the selection of members to the governing committee and roles and
responsibilities of individual members.
3. Operational structure
This includes how the governing committee is supported (e.g. through a
secretariat function) and how the work of the governing body will be undertaken
and by whom.
August 10, 2004
5.
4. Accountability
This includes a constitution, bylaws and/or policies to which the participating
jurisdictions agree. Sometimes accountability matters are articulated in the form
of an agreement signed by the participating jurisdictions. It should also set out
who reports to the governing committee and to whom the committee reports.
5. Sustainability
Setting out the financial and human resources to sustain and maintain the
governance structure. This could include an operating budget and designated
staff.
6. Language
In the case of cross-jurisdictional governance, it may be necessary to define an
operating language and circumstances for translating documents into both official
languages.
Examples of Governance Models
Policy Management Authority
Mandate
The Policy Management Authority provides overall strategic direction for Public
Key Infrastructure (PKI) in the Federal Government. It is responsible to the
Secretary of Treasury Board and makes recommendations with respect to
membership in the Government of Canada Public Key Infrastructure and the
cross-certification or recognition of Certification Authorities.
The Policy Management Authority establishes policies, procedures, structures
and guidelines related to the Canadian Federal PKI. It also establishes dispute
resolution procedures and ensures government-wide interoperability with respect
to authentication.
Membership
The Chief Information Officer, Government of Canada serves as Chair of the
Policy Management Authority. In addition, membership in the Policy
Management Authority consists of:



A Deputy Chair, appointed by the Chief Information Officer;
The Operator of the Canadian Federal Public Key Infrastructure
Bridge;
Each Department operating a Common Certification Authority;
August 10, 2004
6.


Each Department operating a Certification Authority which has crosscertified with the Canadian Federal Public Key Infrastructure Bridge;
and
Such Departmental representatives, if any, appointed to serve as
Members-at-Large.
Operational Structure
The Policy Management Authority establishes quorum requirements, rules of
procedure and terms of reference consistent with the responsibilities assigned in
PKI policy. It may also assign duties and functions to an Executive Committee,
drawn from its members, with responsibilities as determined.
Canadian Council of Ministers of the Environment
Mandate
The Canadian Council of Ministers of the Environment (CCME) works to promote
effective intergovernmental cooperation and coordinated approaches to
interjurisdictional issues such as air pollution and toxic chemicals. CCME
members collectively establish nationally-consistent environmental standards,
strategies and objectives so as to achieve a high level of environmental quality
across the country. While it proposes change, CCME does not impose its
suggestions on its members since it has no authority to implement or enforce
legislation. Each jurisdiction decides whether to adopt CCME proposals.
CCME has identified consensus decision-making as one of its fundamental
operating principles.
Membership
The Council is comprised of environment ministers from the federal, provincial
and territorial governments who meet annually to discuss national environmental
priorities and determine work to be carried out under the auspices of CCME.
Operational Structure
A Steering Committee, the Environmental Planning and Protection Committee,
made up of senior staff of each jurisdiction, provides ongoing advice to the
Council and coordinates specific CCME projects assigned to intergovernmental
task groups. In this way, member governments can respond quickly to emerging
issues, set national environmental strategies and develop long-term plans.
August 10, 2004
7.
Organizational Chart
Council of Ministers
(Federal, Provincial and
Territorial Environment
Ministers)
Deputy Ministers
Committee
Secretariat
Management
Committee
Environmental
Planning and
Protection
Committee
Various Task
Groups
Council of the Federation
Mandate
The Council of the Federation serves as a forum to share and exchange
viewpoints, information, knowledge and experiences. It provides an integrated
and coordinated approach to federal-provincial-territorial relations through
common vision, analysis and positions.
Membership
The Premiers of all provinces and territories are members to the Council. There
is a rotating chair, who has a term for one year. There is also a rotating Deputy
Chair. The Deputy Chair becomes Chair the year following.
Operational Structure
The Council of the Federation is supported by a steering committee of deputy
ministers responsible for intergovernmental relations and by a Secretariat. The
Secretariat, housed in Ottawa, is tasked with supporting the steering committee
in the preparation for meetings of the Council.
August 10, 2004
8.
Organizational Chart
Premiers’ Council
on Canadian
Health Awareness
Secretariat for
Information and
Cooperation on
Fiscal Imbalance
Council of the
Federation
(Premiers)
Steering Committee
(Deputy Ministers
responsible for
Intergovernmental
Relations)
Ad Hoc Committee of
Ministers
(Ministers responsible for
Intergovernmental
Relations)
Secretariat
(appointed by Steering
Committee)
Proposed Principles for Governance of IAA
Taking the examples from the United Nations Development Program, the
Institute on Governance, and others, it is proposed that the following principles
guide the development of an ongoing governance model for cross-jurisdictional
identification, authentication and authorization:
Customer service oriented
As electronic service delivery is to be customer focussed, a governance model
set up to support cross-jurisdictional identification, authentication and
authorization should be done with a customer focussed perspective.
Transparency
IAA standards, protocols and processes are transparent in that each jurisdiction
is informed of and understands those of another jurisdiction.
August 10, 2004
9.
Effectiveness
Decisions of an ongoing governance body should be effective in that those
decisions have merit and can impose action on a participating jurisdiction.
Built on consensus decision-making
Decisions made by the governing body are to be based on the notion of
consensus, as defined by that governing body. For example, the Canadian
Council of Ministers for the Environment describes consensus as "Having heard
and understood all views expressed, a solution has been proposed, and while I
do not hold that this proposal is optimal, I believe it will work and I will support it."
Inclusive
Membership to a governing body will include representatives from each of the
participating jurisdictions.
Flexibility
Recognizes that each participating jurisdiction has its own standards, guidelines
and protocols in place and its own governance structure to which it is
accountable. Ongoing governance for cross-jurisdictional IAA is meant to
complement these rather than supersede them.
Sustainability
Any governing body should be set up in a way that it can be supported and
maintained on an ongoing basis and that uses resources efficiently.
Recommendations for Ongoing Governance for IAA
While there is a demonstrated need for an ongoing governance model for crossjurisdictional identification, authentication and authorization, it is recognized that
it will need to go through several iterations due to its potentially large scope and it
may be a multi-year exercise to develop and implement all of the components of
governance.
It is therefore recommended that permission be sought from the Public Sector
Corporate Information Officer Council (PSCIOC) and the Public Sector Service
Delivery Council (PSSDC) to continue to seek their direction on IAA on an interim
basis and that these Councils have the authority to approve an ongoing
governance model that will be developed. In that vein, it is also recommended
that the IAA Working Group be tasked with developing ongoing governance for
IAA and report back to PSCIOC and PSSDC as appropriate.
August 10, 2004
10.
As a starting point, it is recommended that the mandate of the ongoing
governance model include:
Standards Setting
As time goes on, standards, guidelines and protocols may need to be
revised/updated or new ones may need to be developed. It is
recommended that the ongoing governance model address how and when
this takes place and who will undertake the work.
Auditing Compliance
The ongoing governance model should include a monitoring function to
ensure participating jurisdictions comply with the agreed upon standards.
Arbitration of disputes
Differences in how standards are implemented may arise between
jurisdictions. The ongoing governance body should have the authority to
resolve disputes between jurisdictions when they arise and the
governance model should set out how dispute resolution will take place.
Moving Forward
Report Back to PSCIOC and PSSDC
While the IAA Working Group is developing an ongoing governance model for
IAA, it will need to set up an interim model for review by PSCIOC and PSSDC in
September 2004.
Development of an Ongoing Governance Model
It is proposed that the Cross-Jurisdictional IAA Working Group be tasked with
developing and implementing an ongoing governance model for IAA. The model
should include the following key components:
1. Work Plan for undertaking this work, including tasks, roles and
responsibilities and timelines.
2. Endorsement of or revision to the proposed Principles to guide the
development of the model.
3. Governance Structure, including mandate and organization of a
governing body or committee, terms of reference, powers and
authority.
4. Report back to PSCIOC and PSSDC.
August 10, 2004
11.
Appendix A: References
Canadian Council of Ministers of the Environment (CCME) website.
(www.ccme.ca)
Council of the Federation website. (www.councilofthefederation.ca)
Edgar, Laura, Institute on Governance. Building Policy Partnerships: Making
Network Governance Work, February 2002
Gill, Mel, Institute on Governance. Governance Do’s and Don’ts: Lessons from
Case Studies of Twenty Non-Profits, April 2001
Government of Canada. Building Capacity to Accelerate Service Transformation
and e-Government, September 2003
Panel on Accountability and Governance in the Voluntary Sector. Building on
Strength: Improving Governance and Accountability in Canada’s Voluntary
nSector, Final Report, February 1999
Public Policy Forum. The Governance of Government On-Line: A Report on
Research Conducted by the Public Policy Forum for the Chief Information Officer
of the Treasury Board Secretariat, March 2001
Organization for Economic Cooperation and Development. Principles of
Corporate Governance, 2004
Organization for Economic Cooperation and Development. e-Government Project
Seminar: Reform of Public Administrations, Summary Report, September 2002
United Nations Developmental Program policy document. Good governance and Sustainable Human Development, January 1997
August 10, 2004
12.
Related documents
3 December
3 December
HUMAN RESOURCES MANAGEMENT
HUMAN RESOURCES MANAGEMENT
Organizing Information Technology Services
Organizing Information Technology Services
course outline “introduction to international law”
course outline “introduction to international law”
Corporate Governance
Corporate Governance
Information Security policy
Information Security policy
Membership Of The Students` Union
Membership Of The Students` Union
Download
advertisement