GC Credential Management Evolution for the OASISWorld Bank
GC Credential Management Evolution for the OASIS/World Bank e. Gov Workshop 17 th April, 2009 For information, please contact: Bob. Sunday@pwgsc. gc. ca
Secure Channel: The Enabler for Government On-Line • • Citizens Businesses Visitors Federal Provincial Municipal Business Typical GOL Services • Canada Site • Gateways • Clusters • EI on the Web • Census 2006 (surveys. . ) • E-consultation • Dep’t web sites(info) • Tax Filing Online • My Tax Account • Business Tax Account • Record of Employment • Address Change • Interactive Info Service • GC Employee Services • Passport On-line 2
Issued epass Certificates (since Sept 2002) 3
4
So why does GC need to change? • $$$$ Decentralized funding § Expense of PKI § Custom GC code § • Risk based Assurance Model • Multi-jurisdiction environment § Provincial, municipal • Changing policy requirements Digital signature § Positioning for future identity possibilities § 5
Business View of Authentication Interfaces User Department/Agency (RP) Program User Interface Credential Service Interface Credential Provider(CP) 6
Architecture Decisions to support the Business Model Underlying Architecture Proven Implementation Profile One Provider or Many Functional Scope Browser-based Single Sign-On Session Reset (Forced Logon) Provider Discovery Approach Level of Assurance User Interface consistency Language 7 Single Sign. Out
Decision 1: Underlying Architecture èWe are adopting the SAML v 2. 0 architecture and associated set of technical standards: SAML v 2 was standardized by OASIS in 2005 Adopted by the ITU as X. 1141 in 2006 The most frequently recommended standard in the RFI responses § Technical standard most widely supported by COTS products § Most widely implemented in public and private sector federations § § § w Denmark, France, USA, New Zealand, … èPrimary objective is to provide long–term interface stability for departments 8
Decision 2: Proven Implementation Profile èWe are adopting the US E-Authentication Profile for SAML: § The GC interface definition will be based on an existing, live, public sector implementation as a starting point w w w § Less GC customization and associated long-term costs Reduced risk Greater alignment with evolving standards Government’s successful implementations of authentication services based on SAML v 2 were considered: w Denmark, USA, New Zealand èPrimary objective is to ensure availability of proven interoperable COTS products for departments 9
Potential Evolution Strategy Epass Applications Converted Applications Epass Credential GC Federation Hub New GCBranded Credential Agency Federated Credential Provincial Federated Credential 10 New Applications Bank Federated Credential Open. ID etc. Credential
Questions? Thank You bob. sunday@pwgsc. gc. ca 11
- Slides: 11