Enabling Trusted and Secure
Online Access to
Government of Canada Services
July 2014
Presented by: Christine Desloges
Treasury Board of Canada Secretariat
Government of Canada
GC Security and Identity
Roles & Responsibilities
 Treasury Board of Canada Secretariat (TBS)
• Management board and employer
• Sets overall strategy and direction on policy and performance
• E.g. Policy on Government Security, Directive on ID Management
 Shared Services Canada
• Delivers common and shared IT services to federal departments
• Enables horizontal policy implementation
 Departments and Agencies
• Deliver Government of Canada programs and services
• Apply policies set by TBS
• Integrate to Federated Credential Solution
 Office of the Privacy Commissioner
• Independent oversight of Canada’s Privacy Act and Personal Information
Protection and Electronic Documents Act (PIPEDA)
2
Strategic Relationships
 Inter-jurisdictional: Joint Councils – Public Sector Service Delivery
Council and Public Sector Chief Information Officer Council
• Identity Management Sub-Committee (IMSC)
 International Dialogues
 Digital ID and Authentication Council of Canada (DIACC)
• A non-profit coalition of public and private sector leaders recommended by the
Task Force for Payments System Review
• Committed to develop a pan-Canadian approach to digital identification and
authentication and facilitate development of interoperable policies, standards
and systems
3
Committed to Advancing e-Services
 Committed to advancing online services
•
•
•
•
Economic Action Plan 2014 highlighted efforts to standardize, consolidate and
improve service delivery to achieve efficiencies
The Policy on Service, coming into effect in fall 2014, provides strategic
direction for GC service design and delivery, with a focus on e-services
Web Renewal Initiative improves effectiveness of the GC’s web presence by
streamlining and consolidating online information and services under the
Canada.ca portal
Cyber Authentication and Federating Identity initiatives are underway which will
further digital service delivery
 Expectations of Clients
•
•
Seamless, convenient and secure e-enabled delivery channels
Ability to interact seamlessly with different orders of government, through
multiple channels
4
Pan-Canadian Collaboration
Collaborative effort between jurisdictions and sectors
Principles:
 Respects privacy
 Client choice
 Governments have a
key role to play
 Collaborate with
trusted FPT (Federal,
Provincial, Territorial)
and private sector
institutions
 Phased approach to
evolving services and
infrastructure
Federated Approach
Trusting credentials and identities:
•Across jurisdictions
•Across sectors
•Internationally
Federating Credentials
Federating Identity
‘trusting credentials
issued by other jurisdictions
and industry sectors’
‘trusting identities
that have been established
by other jurisdictions’
5
Federating Identity Vision
Beyond documents, beyond channel
4.
Real-time validation
of information
enabling end-to-end
service fulfillment
Government of
Canada
GC Online Service
2. Enrol in program
3.
Authoritative Sources
(Social Insurance Register, ID
(Status) Hub, BN Hub, etc.)
e-Validation
Service
(Broker)
Private Sector
Real-time
request for
validation of
information
(Provide Name, DOB, etc.
plus consent to validate)
Federated
Credentials
(e.g Name, DOB)
Component
Access Key
Authoritative Sources
CS-01
English
Page
Modification
Credential Selector
Communications Policy Rqts
Departmental Banner
Français
Breadcrumb trail >
Department
Passport Canada
Canada
Department specific
content…
(Financial institutions, etc.)
Proactive Disclosure
Home
Contact Us
Help
Search
canada.gc.ca
Passport Account
Access My DDDDDD
Resource Centre
My DDDDDD
Passport Account provides a single point of access to view and update your information.
Frequently Asked
Questions (FAQs)
To access your My DDDDDD
Passport account you need to log in using one of two ways:
Provinces / Territories
/ Municipalities
1.
Log in with a Sign-In Partner – this option allows you to log in with a User ID and password that you may already
have, such as for online banking. Tell me more. List of Sign-In Partners.
Note: When choosing this option, you will be temporarily leaving the
DDDDDD.
For additional
information,
please
Passport
Canada.
For additional
information,
please
see Important Notices.
2.
GCKey
Log in with Access
Key– this option allows you to log in using a Government of Canada User ID and password.
For additional information about these services, please refer to the Frequently Asked Questions (FAQs).
To log in with a Sign-In Partner, select the Sign-In Partner
Log
In button
button
below below.
To log
Access w
Key,
select theselect
Access
Log In
log in
inwith
or register
ith GCKey,
theKey
GCKey
button below.
If you
anaAccess
and
wouldlike
liketotoobtain
obtain
you do
donot
nothave
have
GCKeyKey
and
w ould
one, select Register.
GCKey
1. Authenticate to
access service
Authoritative Sources
(Vital Statistics, Driver’s Licence, etc.)
Individual applying for
service or benefit
Date Modified: YYYY-MM-DD
Important Notices
Operational
Today
6
Federating Identity Strategy
A Phased Approach
Phase 1 – Federation of Credentials
•
•
•
•
•
Privacy central to design with use of anonymous credentials
Innovative relationship with the private sector provides client choice and
convenience
Ensured access for all GC clients through a GC-issued credential (GCKey)
Use of online banking credentials (Credential Broker Service & Sign-In Partners)
Cost effective, standards-based solution
Phase 2 – Federating Identity
•
•
•
•
•
A whole-of-government approach for seamless e-service delivery
Enables departments to form a Federation of trusted organizations and
leverage each others’ identity and credential assurance processes
Reduces identity management administration costs
Enables improved client experience and user convenience by supporting a
“tell-us-once” approach
Anchored in the Policy on Government Security and aligned with Pan-Canadian
assurance model
7
Bring Your Own Credentials
 Credential Broker Service (CBS) - An innovative relationship with
the private sector
• Enhances service to clients by enabling access to Government of Canada
online services using commercially available credentials
• Operational since April 2012 with a growing list of Sign-In-Partners
• Leverages private sector investments in cyber security and infrastructure
• Respects privacy through use of minimal, non-personally identifiable
information and anonymous credentials
• Positions the Government of Canada to benefit from ongoing industry
investments in secure cyber authentication technology
 GCKey Service – Provides option to use a Government of Canada
credential
• Ensures all Government of Canada clients have the ability to securely log in to
e-services
8
Cyber Authentication Renewal
• Foundational to the GC’s
Federating Identity Strategy
• Leverages private sector
investment in secure
infrastructure
• A growing list of Sign-In
Partners
•
•
•
•
BMO Financial Group
ScotiaBank
TD Bank Group
CUETS Choice Rewards
(Credit Union Electronic
Transaction Services)
• Tangerine
9
Government of Canada Policy Architecture
Policy on
Government Security (PGS)
Mandatory
instruments for
all departments
and agencies
Directive on
Identity Management
Directive on Departmental Security Management
Directive on IM Roles & Responsibilities
Controlled Goods Directive
Standard on Identity and
Credential Assurance
Cyber Authentication
Technology Solutions (CATS)
Guideline on Defining
Authentication Requirements
User Authentication Guidance
for IT Systems (CSEC ITSG-31)
Guideline on Identity Assurance*
5 supporting
documents
developed by TBS
& Communications
Security
Establishment
Canada
Protocol for Federating Identity*
* Currently in draft
10
Moving Forward
 Treasury Board of Canada Secretariat (TBS) – Chief Information
Officer Branch is leading discussions on federating identity within
the Government of Canada, building on the solid foundation of
cyber authentication
 Privacy remains central to the federating identity strategy
 Policy positions will evolve through continuing engagement and
consultation with Government of Canada departments and
agencies
 TBS is engaging other jurisdictions and the private sector to
ensure consistency and a Pan-Canadian approach
11
Pan-Canadian Identity Messaging Hub
 Feasibility study in progress for a proposed Pan-Canadian ID
Messaging Hub which would enable Canadians to inform all
orders of government once about important life events :
• A real time, cost-effective service
• Enables the secure confirmation of identity (personal)
information
• Federal, provincial, territorial and municipal (FPTM)
partners
12
Questions & Discussion
13