Enabling Trusted and Secure

Online Access to Government of Canada Services

July 2014

Presented by: Christine Desloges

Treasury Board of Canada Secretariat Government of Canada

2

GC Security and Identity Roles & Responsibilities

u Treasury Board of Canada Secretariat (TBS) •  Management board and employer •  Sets overall strategy and direction on policy and performance

•  E.g. Policy on Government Security, Directive on ID Management

u Shared Services Canada •  Delivers common and shared IT services to federal departments •  Enables horizontal policy implementation

u Departments and Agencies •  Deliver Government of Canada programs and services •  Apply policies set by TBS •  Integrate to Federated Credential Solution

u Office of the Privacy Commissioner •  Independent oversight of Canada’s Privacy Act and Personal Information

Protection and Electronic Documents Act (PIPEDA)

3

Strategic Relationships

u  Inter-jurisdictional: Joint Councils – Public Sector Service Delivery Council and Public Sector Chief Information Officer Council

•  Identity Management Sub-Committee (IMSC)

u  International Dialogues

u  Digital ID and Authentication Council of Canada (DIACC) •  A non-profit coalition of public and private sector leaders recommended by the

Task Force for Payments System Review •  Committed to develop a pan-Canadian approach to digital identification and

authentication and facilitate development of interoperable policies, standards and systems

4

Committed to Advancing e-Services

u  Committed to advancing online services •  Economic Action Plan 2014 highlighted efforts to standardize, consolidate and

improve service delivery to achieve efficiencies •  The Policy on Service, coming into effect in fall 2014, provides strategic

direction for GC service design and delivery, with a focus on e-services •  Web Renewal Initiative improves effectiveness of the GC’s web presence by

streamlining and consolidating online information and services under the Canada.ca portal

•  Cyber Authentication and Federating Identity initiatives are underway which will further digital service delivery

u  Expectations of Clients •  Seamless, convenient and secure e-enabled delivery channels •  Ability to interact seamlessly with different orders of government, through

multiple channels

Pan-Canadian Collaboration

5

Principles: ü  Respects privacy ü  Client choice ü  Governments have a

key role to play ü  Collaborate with

trusted FPT (Federal, Provincial, Territorial) and private sector institutions

ü  Phased approach to evolving services and infrastructure

Federated Approach Trusting credentials and identities:

• Across jurisdictions • Across sectors • Internationally

Federating Credentials Federating Identity

‘trusting credentials issued by other jurisdictions

and industry sectors’

‘trusting identities that have been established

by other jurisdictions’

Collaborative  effort  between  jurisdictions  and  sectors    

Private Sector

Authoritative Sources (Financial institutions, etc.)

Government of Canada

Authoritative Sources (Social Insurance Register, ID (Status) Hub, BN Hub, etc.)

Provinces / Territories /

Municipalities

Authoritative Sources (Vital Statistics, Driver’s Licence, etc.)

6

Federating Identity Vision

GC Online Service

Individual applying for service or benefit

2. Enrol in program (Provide Name, DOB, etc. plus consent to validate)

Component CS-01 Page Credential Selector Access Key English Modification Communications Policy Rqts

Departmental Banner

Français Home Contact Us Help Search canada.gc.ca

Breadcrumb trail >

Department Canada Resource Centre Department specific content…

Frequently Asked Questions (FAQs)

Proactive Disclosure

Access My DDDDDD Account

My DDDDDD Account provides a single point of access to view and update your information. To access your My DDDDDD account you need to log in using one of two ways:

1. Log in with a Sign-In Partner – this option allows you to log in with a User ID and password that you may already have, such as for online banking. Tell me more. List of Sign-In Partners. Note: When choosing this option, you will be temporarily leaving the DDDDDD. For additional information, please see Important Notices.

2. Log in with Access Key– this option allows you to log in using a Government of Canada User ID and password.

For additional information about these services, please refer to the Frequently Asked Questions (FAQs).

To log in with a Sign-In Partner, select the S ign-­‐In  Partner  Log  In  button below.

To log in with Access Key, select the Access Key Log In button below. If you do not have an Access Key and would like to obtain one, select Register.

Date Modified: YYYY-MM-DD

Important Notices

GCKey

Passport

To log in or register with GCKey, select the GCKey button below

GCKey

If you do not have a GCKey and would like to obtain

Passport Canada

Passport

Passport

Passport Canada. For additional information, please

1. Authenticate to access service

e-Validation Service (Broker)

Operational Today

Federated Credentials

Beyond documents, beyond channel

3. Real-time request for

validation of information

(e.g Name, DOB)

4. Real-time validation of information

enabling end-to-end service fulfillment

Federating Identity Strategy A Phased Approach

u Phase 1 – Federation of Credentials •  Privacy central to design with use of anonymous credentials •  Innovative relationship with the private sector provides client choice and

convenience •  Ensured access for all GC clients through a GC-issued credential (GCKey) •  Use of online banking credentials (Credential Broker Service & Sign-In Partners) •  Cost effective, standards-based solution

u Phase 2 – Federating Identity •  A whole-of-government approach for seamless e-service delivery •  Enables departments to form a Federation of trusted organizations and

leverage each others’ identity and credential assurance processes •  Reduces identity management administration costs •  Enables improved client experience and user convenience by supporting a

“tell-us-once” approach •  Anchored in the Policy on Government Security and aligned with Pan-Canadian

assurance model

7

8

Bring Your Own Credentials

u  Credential Broker Service (CBS) - An innovative relationship with the private sector

•  Enhances service to clients by enabling access to Government of Canada online services using commercially available credentials

•  Operational since April 2012 with a growing list of Sign-In-Partners •  Leverages private sector investments in cyber security and infrastructure •  Respects privacy through use of minimal, non-personally identifiable

information and anonymous credentials •  Positions the Government of Canada to benefit from ongoing industry

investments in secure cyber authentication technology

u  GCKey Service – Provides option to use a Government of Canada credential

•  Ensures all Government of Canada clients have the ability to securely log in to e-services

Cyber Authentication Renewal

•  Foundational to the GC’s Federating Identity Strategy

•  Leverages private sector investment in secure infrastructure

•  A growing list of Sign-In Partners

•  BMO Financial Group •  ScotiaBank •  TD Bank Group •  CUETS Choice Rewards

(Credit Union Electronic Transaction Services)

•  Tangerine

9

10

Government of Canada Policy Architecture

Policy on Government Security (PGS)

Directive on Identity Management

Directive on Departmental Security Management

Directive on IM Roles & Responsibilities Controlled Goods Directive

Standard on Identity and Credential Assurance

Guideline on Defining Authentication Requirements

Guideline on Identity Assurance*

Protocol for Federating Identity*

Cyber Authentication Technology Solutions (CATS)

User Authentication Guidance for IT Systems (CSEC ITSG-31)

5 supporting documents developed by TBS & Communications Security Establishment Canada

Mandatory instruments for all departments and agencies

* Currently in draft

11

Moving Forward

u  Treasury Board of Canada Secretariat (TBS) – Chief Information

Officer Branch is leading discussions on federating identity within

the Government of Canada, building on the solid foundation of

cyber authentication

u  Privacy remains central to the federating identity strategy

u  Policy positions will evolve through continuing engagement and

consultation with Government of Canada departments and

agencies

u  TBS is engaging other jurisdictions and the private sector to

ensure consistency and a Pan-Canadian approach

Pan-Canadian Identity Messaging Hub

u  Feasibility study in progress for a proposed Pan-Canadian ID Messaging Hub which would enable Canadians to inform all orders of government once about important life events :

•  A real time, cost-effective service •  Enables the secure confirmation of identity (personal)

information •  Federal, provincial, territorial and municipal (FPTM)

partners

12

Questions & Discussion

13