in a National Service Delivery Model 3 rd Annual Privacy, Access and Security Congress October 4, 2012

Similar documents
Employment Ontario Information System (EOIS) Case Management System

Ministry of Government and Consumer Services. ServiceOntario. Figure 1: Summary Status of Actions Recommended in June 2016 Committee Report

Efficient, broad-based solution for a Swiss digital ID

STRATEGY ATIONAL. National Strategy. for Critical Infrastructure. Government

Federated authentication for e-infrastructures

5LINX ID GUARD Product Overview. Credit/Presenter Goes Here

Federated Authentication for E-Infrastructures

Red Flags/Identity Theft Prevention Policy: Purpose

If you have any questions or concerns about this Privacy Policy, please Contact Us.

Red Flags Program. Purpose

GRANTS AND CONTRIBUTIONS ONLINE SERVICES USER GUIDE: ACCOUNT REGISTRATION AND MANAGEMENT

IDENTITY THEFT PREVENTION Policy Statement

Extractive Sector Transparency Measures Act. NRCan eservices Portal User Guide

ACF Interoperability Human Services 2.0 Overview. August 2011 David Jenkins Administration for Children and Families

Prevention of Identity Theft in Student Financial Transactions AP 5800

Privacy Impact Assessment (PIA) Tool

Ouachita Baptist University. Identity Theft Policy and Program

ECA Trusted Agent Handbook

ONE ID Identification Information and User Name Standard

FinFit will request and collect information in order to determine whether you qualify for FinFit Loans*.

NOW IS THE TIME. to secure our future

CHAPTER 13 ELECTRONIC COMMERCE

Accelerate Your Enterprise Private Cloud Initiative

[Utility Name] Identity Theft Prevention Program

CERT Symposium: Cyber Security Incident Management for Health Information Exchanges

STOCKTON UNIVERSITY PROCEDURE DEFINITIONS

Defense Security Service. Strategic Plan Addendum, April Our Agency, Our Mission, Our Responsibility

Seattle University Identity Theft Prevention Program. Purpose. Definitions

Shaw Privacy Policy. 1- Our commitment to you

TRUSTIS FPS. Enrolment Requirements: Acceptable Evidence in Support of an Application for a Digital Certificate

Elders Estates Privacy Notice

Securing Americans Identities: The Future of the Social Security Number

It applies to personal information for individuals that are external to us such as donors, clients and suppliers (you, your).

Overview of NIPP 2013: Partnering for Critical Infrastructure Security and Resilience October 2013

Canadian Access Federation: Trust Assertion Document (TAD)

The Benefits of Strong Authentication for the Centers for Medicare and Medicaid Services

MNsure Privacy Program Strategic Plan FY

Registration and Authentication

Department of Justice Policing and Victim Services BUSINESS PLAN

Provincial IDIM Program BC Services Card Project Identity Assurance Services Solution Architecture Overview

Canadian Access Federation: Trust Assertion Document (TAD)

Gramm Leach Bliley Act 15 U.S.C GLBA/HIPAA Information Security Program Committee GLBA, Safeguards Rule Training, Rev.

Stakeholder and community feedback. Trusted Digital Identity Framework (Component 2)

Canadian Access Federation: Trust Assertion Document (TAD)

TRUST IDENTITY. Trusted Relationships for Access Management: AND. The InCommon Model

Identity Proofing Standards and Beyond

PREPARE FOR TAKE OFF. Accelerate your organisation s journey to the Cloud.

Fleet Fuel Management Referral Program

FACTS WHAT DOES FARMERS STATE BANK DO WITH YOUR PERSONAL INFORMATION? WHY? WHAT? HOW? L QUESTIONS?

Recognition as an Account Agent (User Registration) in the Compliance Instrument Tracking System Service (CITSS)

UNCLASSIFIED. National and Cyber Security Branch. Presentation for Gridseccon. Quebec City, October 18-21

13.f Toronto Catholic District School Board's IT Strategic Review - Draft Executive Summary (Refer 8b)

How Cybersecurity Initiatives May Impact Operators. Ross A. Buntrock, Partner

Oman Medical Specialty Board (OMSB) Sultanate of Oman FAQs

Canadian Access Federation: Trust Assertion Document (TAD)

Will Federated Cross Credentialing Solutions Accelerate Adoption of Smart Card Based Identity Solutions?

Identity Theft Prevention Program. Effective beginning August 1, 2009

Canadian Access Federation: Trust Assertion Document (TAD)

Canadian Access Federation: Trust Assertion Document (TAD)

Introduction of the Identity Assurance Framework. Defining the framework and its goals

National Strategy for Trusted Identities in Cyberspace

Data Compromise Notice Procedure Summary and Guide

Information Classification & Protection Policy

I-765 Specific Instructions for Filing STEM OPT Application

Proposal for a model to address the General Data Protection Regulation (GDPR)

Stakeholder and community feedback. Trusted Digital Identity Framework

Metadata Framework for Resource Discovery

Principles for a National Space Industry Policy

GovernmentOnline Gatekeeper The Government s Public Key Infrastructure

FINANCIAL AND CONSUMER SERVICES COMMISSION

Criteria to Participate as an ACE Authorized Test Provider

Legal, Ethical, and Professional Issues in Information Security

eidas Regulation in the context of Cybersecurity: Electronic seals and website certificates: Two sides of a (gold) medal?

Exploring the Maturity of Risk Management Process in Government: An Integrated ERM Model at the U.S. Department of Education

NATIONAL GUIDELINES ON CLOUD COMPUTING FOR GOVERNMENT, MINISTRIES, DEPARTMENTS AND AGENCIES

Application for anonymous registration. How do I register as an anonymous elector? Returning the form. More information

IFIP - FIDIS Summer School

Policy 24 Identity Theft Prevention Program IDENTITY THEFT PREVENTION PROGRAM OF WEBB CREEK UTILITY DISTRICT

Commonwealth Telecommunications Organisation Proposal for IGF Open Forum 2017

CITY COUNCIL AGENDA REPORT

Smart Cards and Authentication. Jose Diaz Director, Technical and Strategic Business Development Thales Information Systems Security

ISSUES FOR RESPONSIBLE USER-CENTRIC IDENTITY

Canadian Access Federation: Trust Assertion Document (TAD)

Union Bank s NMLS REGISTRATION GUIDE. PREVIOUSLY REGISTERED Mortgage Loan Originator (MLO)

eidas Regulation eid and assurance levels Outcome of eias study

Policy & Procedure Privacy Policy

Beam Technologies Inc. Privacy Policy

INCOMMON FEDERATION: PARTICIPANT OPERATIONAL PRACTICES

Trusted Identities That Drive Global Commerce

Security and Privacy Governance Program Guidelines

Data Subject Access Request Form (GDPR)

Interagency Advisory Board HSPD-12 Insights: Past, Present and Future. Carol Bales Office of Management and Budget December 2, 2008

Department of Homeland Security Customs and Border Protection. Centers of Excellence and Expertise

COMESA CYBER SECURITY PROGRAM KHARTOUM, SUDAN

FiXs - Federated and Secure Identity Management in Operation

Identity Management: Setting Context

Joint Declaration by G7 ICT Ministers

UAE National Space Policy Agenda Item 11; LSC April By: Space Policy and Regulations Directory

WHITE PAPER. OAuth A new era in Identity Management and its Applications. Abstract

ANNUAL SECURITY AWARENESS TRAINING 2012

Transcription:

Identity Management and Federation of Identity in a National Service Delivery Model 3 rd Annual Privacy, Access and Security Congress October 4, 2012

HRSDC - National Service Delivery HRSDC and its service delivery arm, Service Canada, are responsible for the delivery of many programs and services that impact on the lives of Canadians including: Employment Insurance (EI); Canada Pension Plan (CPP); Canada Education Student Loan Program; Child Tax Credit; Grants and Contributions; and, The Social Insurance Number (SIN) Program. A coherent and consistent identity management approach is essential to assist HRSDC in delivering to the right person/organization the right access, service or benefit, in the right amount, at the right time and for the intended purpose. Identity management is the foundation for all programs, benefits and service delivery processes in HRSDC. 2

The Importance of Identity Management to Service Delivery Integrated identity management allows for improved service delivery, better privacy protection practices and increased program integrity which in turn, enables the achievement of HRSDC s service delivery objectives. The trust that is established between the client and the government, as soon as identity information is captured becomes the starting point of an improved service delivery experience. Efficient identity management is essential to meet the expectations of Canadians for; electronic interactions, tell us once, increased quality of service, and rigorous safeguards for personal and organizational security and personal information 3

The Importance of Identity Management in Prevention HRSDC dispenses over $100 billion in benefits per year Occasionally overpayments /underpayments can occur due to improper identification of individuals The identity of an individual or an organization with whom HRSDC is dealing must be managed effectively to mitigate the risks related to: identity theft; fraudulent use of identity documents; improper granting of entitlements; inappropriate allocation of benefits and services; financial losses to affected parties; and, the breach of an individual s right to privacy. 4

HRSDC s Identity Management Program HRSDC has developed the foundation for an Identity Management Program - a centralized and rigorous identity proofing policy suite for all programs and services within the national portfolio. The elements of the Identity Management (IdM) Policy Suite are; IdM Framework IdM Policy Identity Assurance Standard Evidence of Identity (Proof of Identity) Standard IdM Policy Suite supports the Department to: achieve an integrated, coherent and consistent approach to IdM in HRSDC enable implementation of business transformation initiatives (new service offerings, Cyber Authentication, bundling of services) 5

The IdM Framework and Policy Framework Describes the strategic context and direction for IdM: Sound IdM practices across services, channels (in-person, phone, mail, on-line) and organizations mandated to deliver services, benefits or programs on behalf of HRSDC Management of identity is guided by the following principles: consistency, privacy, security, transparency and the highest quality service Policy Supports consistent treatment of IdM across all channels Integrates identity management requirements at all stages of planning, implementation and evaluation of programs/services Ensures coherence and consistency in identity activities Ensures that IdM practices support registration, authentication and validation and address legal, security, privacy issues Provides guidance and tools for IdM to staff 6

Identity Standards Identity Assurance Standard Provides risk-based approach to identifying clients and how to register, authenticate and validate in consistent and rigorous fashion Registration: collecting individual s identity attributes (e.g. names; date of birth; Canadian citizenship, Aboriginal or foreign status; sex; SIN) or organization s identity attributes (e.g. name; status - owner-operated, partnership, corporation, etc.; date of creation) Authentication: establishing confidence that an identity claim made by a client (individual or organization) is true Validation: verifying client (individual or organization) identity attributes with appropriate source Evidence of Identity Standard Sets out requirements for the evidence that supports Identity Assurance: Acceptable evidence of identity (documents/credentials) to authenticate each identity attribute requested during registration, based on assurance levels Two types of evidence required: existence (e.g. birth certificate); linkage of applicant to existence (e.g. driver s licence) 7

HRSDC s Standardized Approach Registration: Standardizing how we collect identity attributes: Names: - legal name only - no nicknames or preferred names - all legal names - given name, family name, mother s maiden name Date of Birth: YYYY/MM/DD - format standardized to be interoperable across channels, jurisdictions, organizations and internationally Authentication: Validation: Organizations: Standardizing the process that establishes confidence in the validity of an identity claim or credential submitted in support of an identity claim (authenticating identity attributes collected at registration) Standardizing the verification of identity attributes and evidence of identity presented by the client Standardizing the verification to identify an organization (registration, authentication, validation) Representatives: Standardizing and clarifying the link between clients and representatives Evidence of Identity: Streamlining acceptable evidence to authenticate a client s identity - reduce from 71 to far fewer authentication tools/credentials - evidence that links identity to an individual for lower risk transactions - evidence that proves existence for higher risk transactions 8

HRSDC IdM Program and Federation of Identity Key components of HRSDC s IdM Program: Vital Events Linkages agreements signed with provinces for the secure electronic validation of birth certificates of Canadians, as well as enable the Social Insurance Register to be up to date on birth and deaths occurring across Canada. SIN@Birth (newborn registration) Agreements with other government departments such as CIC, CRA, DoJ to confirm identity attributes and status in Canada. Secure Key provides the ability for clients to use their bank card to authenticate their identity. The IdM program will support new e-services and proactive services for Canadians esin Death bundling of services CPP/OAS auto enrolment SIN@ arrival HRSDC s IdM Program will be a key part of a broader public/private partnership. 9

HRSDC IdM Program and Federation of Identity HRSDC IdM Program: 90% completed Enabling IdM Federation beyond the GoC Legend NB, YT, NT, NU CIC DoJ 9 Provincial Birth/Death agreements Provincial Programs SIN SIR IdM Program Secure Key HRSDC Programs IdM Assurance Standard IdM Policy Suite Law enforcement CRA Broker Access Key Other GoC programs Municipalities Insurance Companies Other Provincial Departments Employers Banks Credit agencies GoC Provinces Territories Municipalities Private Sector Agreements completed In progress Future Proactive Services Bereavement Historical Birth/CPP-OAS auto-enrolment SIN@arrival eservices epassport eveterans esin eaboriginal Card elanding 10

Federation of Identity Federation of Identity proposes leveraging different sources of identity and personal information to assist GoC departments in electronically validating the identity of clients for program administration and service delivery. Validation, instead of exchanges of information, ensures there is no requirement to create a central repository or database, or to store information beyond the moment of validation. The Social Insurance Number (SIN)/Social Insurance Register (SIR) is a significant component of identity validation and confirmation. The use of a variety of existing sources of information to validate identity will allow for end-to-end electronic transactions and improved client service. The Federation of Identity will facilitate the migration of services online and allow the GoC to realize both costs savings and service delivery efficiencies as part of the service delivery transformation agenda. 11

Registration and Authentication To respond to requests from Canadians for easier access to on-line services HRSDC has developed a new process called the Enterprise Cyber Authentication Solution (ECAS) that will simplify use and increase security when clients use their online My Service Canada Account (MSCA). The ECAS system authenticates an individual s identity information against a program information source, usually the Social Insurance Registry (SIR) database, before an online service can be accessed. When a client first registers for a MSCA their identity credential information is matched with an anonymous identifier so that when they return, we can easily confirm they are the same user. If the client comes in with a new credential that we don't recognize, we will ask the client to revalidate their identity with ECAS or use their previous credential. 12

Conclusion IdM is essential to good governance in Canada and is key to Service Canada s vision of achieving better outcomes for Canadians through service excellence. Ultimately, IdM allows the Department to foster a climate of trust with citizens by ensuring privacy of personal information and security of access for citizens, employers and organizations. 13

Questions? 14

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback