Upload
elinor-morris
View
215
Download
1
Embed Size (px)
Citation preview
GC Credential Management Evolution
for the OASIS/World Bank eGov Workshop
17th April, 2009 For information, please contact:
2
Typical GOL Services• Canada Site• Gateways• Clusters• EI on the Web• Census 2006 (surveys..)• E-consultation• Dep’t web sites(info)• Tax Filing Online• My Tax Account• Business Tax Account• Record of Employment• Address Change• Interactive Info Service• GC Employee Services• Passport On-line
Secure Channel: The Enabler for Government On-Line
CitizensBusinessesVisitors
• Federal• Provincial• Municipal• Business
3
Issued epass Certificates (since Sept 2002)
Issued 2003Issued 2004
Issued 2005
Issued 2006
Issued 2007
Issued 2008
Issued 2009
0
1,000,000
2,000,000
3,000,000
4,000,000
5,000,000
6,000,000S
ep
Oct
Nov
Dec
Jan
Feb
Mar
Apr
May
Jun
Jul
Aug
Sep
Oct
Nov
Dec
Jan
Feb
Mar
Apr
May
Jun
Jul
Aug
Sep
Oct
Nov
Dec
Jan
Feb
Mar
Apr
May
Jun
Jul
Aug
Sep
Oct
Nov
Dec
Jan
Feb
Mar
Apr
May
Jun
Jul
Aug
Sep
Oct
Nov
Dec
Jan
Feb
Mar
Apr
May
Jun
Jul
Aug
Sep
Oct
Nov
Dec
Jan
Feb
Mar
Apr
May
Jun
Jul
Aug
Sep
Oct
Nov
Dec
Jan
Feb
2002 2003 2004 2005 2006 2007 2008 2009
Issued 2002 Issued 2003 Issued 2004 Issued 2005 Issued 2006 Issued 2007 Issued 2008 Issued 2009
5
So why does GC need to change?
• $$$$ Decentralized funding Expense of PKI Custom GC code
• Risk based Assurance Model
• Multi-jurisdiction environment Provincial, municipal
• Changing policy requirements Digital signature Positioning for future identity possibilities
6
Business View of Authentication Interfaces
Credential User Interface
Program User Interface
Credential Service Interface
UserDepartment/Agency (RP)
Credential Provider(CP)
8
Decision 1: Underlying ArchitectureWe are adopting the SAML v2.0 architecture and
associated set of technical standards: SAML v2 was standardized by OASIS in 2005 Adopted by the ITU as X.1141 in 2006 The most frequently recommended standard in the RFI
responses Technical standard most widely supported by COTS
products Most widely implemented in public and private sector
federations Denmark, France, USA, New Zealand, …
Primary objective is to provide long–term interface stability for departments
9
Decision 2: Proven Implementation Profile
We are adopting the US E-Authentication Profile for SAML: The GC interface definition will be based on an existing, live,
public sector implementation as a starting point Less GC customization and associated long-term costs Reduced risk Greater alignment with evolving standards
Government’s successful implementations of authentication services based on SAML v2 were considered: Denmark, USA, New Zealand
Primary objective is to ensure availability of proven interoperable COTS products for departments
10
Potential Evolution Strategy
New GC-Branded
Credential
Epass Applications
Agency FederatedCredential
ProvincialFederatedCredential
BankFederatedCredential
OpenIDetc.
Credential
New Applications
GC Federation Hub
Converted Applications
EpassCredential