CIS14: Kantara - Enabling Trusted and Secure Online Access to Government of Canada Services


Published on

Christine Desloges
Treasury Board of Canada Secretariat
Government of Canada

Published in: Technology
1 Like
  • Be the first to comment

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

CIS14: Kantara - Enabling Trusted and Secure Online Access to Government of Canada Services

  1. 1. Enabling Trusted and Secure Online Access to Government of Canada Services July 2014 Presented by: Christine Desloges Treasury Board of Canada Secretariat Government of Canada
  2. 2. 2 GC Security and Identity Roles & Responsibilities u Treasury Board of Canada Secretariat (TBS) •  Management board and employer •  Sets overall strategy and direction on policy and performance •  E.g. Policy on Government Security, Directive on ID Management u Shared Services Canada •  Delivers common and shared IT services to federal departments •  Enables horizontal policy implementation u Departments and Agencies •  Deliver Government of Canada programs and services •  Apply policies set by TBS •  Integrate to Federated Credential Solution u Office of the Privacy Commissioner •  Independent oversight of Canada’s Privacy Act and Personal Information Protection and Electronic Documents Act (PIPEDA)
  3. 3. 3 Strategic Relationships u  Inter-jurisdictional: Joint Councils – Public Sector Service Delivery Council and Public Sector Chief Information Officer Council •  Identity Management Sub-Committee (IMSC) u  International Dialogues u  Digital ID and Authentication Council of Canada (DIACC) •  A non-profit coalition of public and private sector leaders recommended by the Task Force for Payments System Review •  Committed to develop a pan-Canadian approach to digital identification and authentication and facilitate development of interoperable policies, standards and systems
  4. 4. 4 Committed to Advancing e-Services u  Committed to advancing online services •  Economic Action Plan 2014 highlighted efforts to standardize, consolidate and improve service delivery to achieve efficiencies •  The Policy on Service, coming into effect in fall 2014, provides strategic direction for GC service design and delivery, with a focus on e-services •  Web Renewal Initiative improves effectiveness of the GC’s web presence by streamlining and consolidating online information and services under the portal •  Cyber Authentication and Federating Identity initiatives are underway which will further digital service delivery u  Expectations of Clients •  Seamless, convenient and secure e-enabled delivery channels •  Ability to interact seamlessly with different orders of government, through multiple channels
  5. 5. Pan-Canadian Collaboration 5 Principles: ü  Respects privacy ü  Client choice ü  Governments have a key role to play ü  Collaborate with trusted FPT (Federal, Provincial, Territorial) and private sector institutions ü  Phased approach to evolving services and infrastructure Federated Approach Trusting credentials and identities: • Across jurisdictions • Across sectors • Internationally Federating Credentials Federating Identity ‘trusting credentials issued by other jurisdictions and industry sectors’ ‘trusting identities that have been established by other jurisdictions’ Collaborative  effort  between  jurisdictions  and  sectors    
  6. 6. Private Sector Authoritative Sources (Financial institutions, etc.) Government of Canada Authoritative Sources (Social Insurance Register, ID (Status) Hub, BN Hub, etc.) Provinces / Territories / Municipalities Authoritative Sources (Vital Statistics, Driver’s Licence, etc.) 6 Federating Identity Vision GC Online Service Individual applying for service or benefit 2. Enrol in program (Provide Name, DOB, etc. plus consent to validate) Component CS-01 Page Credential Selector Access Key English Modification Communications Policy Rqts Departmental Banner Français Home Contact Us Help Search Breadcrumb trail > Department Canada Resource Centre Department specific content… Frequently Asked Questions (FAQs) Proactive Disclosure Access My DDDDDD Account My DDDDDD Account provides a single point of access to view and update your information. To access your My DDDDDD account you need to log in using one of two ways: 1. Log in with a Sign-In Partner – this option allows you to log in with a User ID and password that you may already have, such as for online banking. Tell me more. List of Sign-In Partners. Note: When choosing this option, you will be temporarily leaving the DDDDDD. For additional information, please see Important Notices. 2. Log in with Access Key– this option allows you to log in using a Government of Canada User ID and password. For additional information about these services, please refer to the Frequently Asked Questions (FAQs). To log in with a Sign-In Partner, select the Sign-­‐In  Partner   Log  In  button below. To log in with Access Key, select the Access Key Log In button below. If you do not have an Access Key and would like to obtain one, select Register. Date Modified: YYYY-MM-DD Important Notices GCKey Passport To log in or register with GCKey, select the GCKey button below GCKey If you do not have a GCKey and would like to obtain Passport Canada Passport Passport Passport Canada. For additional information, please 1. Authenticate to access service e-Validation Service (Broker) Operational Today Federated Credentials Beyond documents, beyond channel 3. Real-time request for validation of information (e.g Name, DOB) 4. Real-time validation of information enabling end-to-end service fulfillment
  7. 7. Federating Identity Strategy A Phased Approach u Phase 1 – Federation of Credentials •  Privacy central to design with use of anonymous credentials •  Innovative relationship with the private sector provides client choice and convenience •  Ensured access for all GC clients through a GC-issued credential (GCKey) •  Use of online banking credentials (Credential Broker Service & Sign-In Partners) •  Cost effective, standards-based solution u Phase 2 – Federating Identity •  A whole-of-government approach for seamless e-service delivery •  Enables departments to form a Federation of trusted organizations and leverage each others’ identity and credential assurance processes •  Reduces identity management administration costs •  Enables improved client experience and user convenience by supporting a “tell-us-once” approach •  Anchored in the Policy on Government Security and aligned with Pan-Canadian assurance model 7
  8. 8. 8 Bring Your Own Credentials u  Credential Broker Service (CBS) - An innovative relationship with the private sector •  Enhances service to clients by enabling access to Government of Canada online services using commercially available credentials •  Operational since April 2012 with a growing list of Sign-In-Partners •  Leverages private sector investments in cyber security and infrastructure •  Respects privacy through use of minimal, non-personally identifiable information and anonymous credentials •  Positions the Government of Canada to benefit from ongoing industry investments in secure cyber authentication technology u  GCKey Service – Provides option to use a Government of Canada credential •  Ensures all Government of Canada clients have the ability to securely log in to e-services
  9. 9. Cyber Authentication Renewal •  Foundational to the GC’s Federating Identity Strategy •  Leverages private sector investment in secure infrastructure •  A growing list of Sign-In Partners •  BMO Financial Group •  ScotiaBank •  TD Bank Group •  CUETS Choice Rewards (Credit Union Electronic Transaction Services) •  Tangerine 9
  10. 10. 10 Government of Canada Policy Architecture Policy on Government Security (PGS) Directive on Identity Management Directive on Departmental Security Management Directive on IM Roles & Responsibilities Controlled Goods Directive Standard on Identity and Credential Assurance Guideline on Defining Authentication Requirements Guideline on Identity Assurance* Protocol for Federating Identity* Cyber Authentication Technology Solutions (CATS) User Authentication Guidance for IT Systems (CSEC ITSG-31) 5 supporting documents developed by TBS & Communications Security Establishment Canada Mandatory instruments for all departments and agencies * Currently in draft
  11. 11. 11 Moving Forward u  Treasury Board of Canada Secretariat (TBS) – Chief Information Officer Branch is leading discussions on federating identity within the Government of Canada, building on the solid foundation of cyber authentication u  Privacy remains central to the federating identity strategy u  Policy positions will evolve through continuing engagement and consultation with Government of Canada departments and agencies u  TBS is engaging other jurisdictions and the private sector to ensure consistency and a Pan-Canadian approach
  12. 12. Pan-Canadian Identity Messaging Hub u  Feasibility study in progress for a proposed Pan-Canadian ID Messaging Hub which would enable Canadians to inform all orders of government once about important life events : •  A real time, cost-effective service •  Enables the secure confirmation of identity (personal) information •  Federal, provincial, territorial and municipal (FPTM) partners 12
  13. 13. Questions & Discussion 13