serving canadians securely through government on-line global platform business seminar august 21,...
TRANSCRIPT
Serving Canadians Securely Serving Canadians Securely through through
Government On-LineGovernment On-Line
Global Platform Business SeminarGlobal Platform Business Seminar
August 21, 2002August 21, 2002
Michelle d’AurayMichelle d’AurayChief Information Officer Chief Information Officer Government of CanadaGovernment of Canada
2
Implementing the GOC service vision depends on…
The Service VisionThe Service VisionUsing information and communication technology to
enhance Canadians’ access to improved citizen-centred, integrated services, anytime, anywhere
and in the official language of their choice
E-E-Service Delivery TargetService Delivery Target
Most frequently used services on-line by 2005
Service Improvement TargetService Improvement Target
10% increase in citizen satisfaction by 2005
…a government-wide approach to service and infrastructure
3
Service transformation / multi-channel integration : user-centric approach to electronic service delivery, driven by client priorities, satisfaction, efficiencies and feasibility
Common secure infrastructure: electronic service platform to enable integrated services and support secure Internet, telephone and in-person access
Policy and standards frameworks: build citizen confidence in e-services by addressing privacy and security, measure client satisfaction
Communications and measurement: encourage take-up, engage citizens through on-line consultations and public reporting and assure citizens of commitment to channel choice
Human resources: cross-government approach to develop the right skills for electronic and other service delivery, focused on change management and competencies
GoL and service priorities
Service DeliveryService Delivery
5
One department from the perspective of a citizen
Allison’s Life
Death
Low IncomePensioner
Retired
Homeless
Unemployed
Birth School
Work
Sickness
Disability
Maternity /Paternity
Volunteer
Student Loan
Student Loan
Repayment
Insurance
Premium
CPP
Contribution
Employment
Insurance
CPP Disability
Disability Tax Credit
Employment Leave
Education
Savings GrantChild Tax CreditGrant
Contribution
EmploymentInsurance
CommunityAssistance
OAS
Pension
CPP
Pension
OAS -GIS
OAS -Allowance
Chi
ld T
ax
Cre
dit
SIN
OAS Survivor
Allowance
CPP DeathBenefit
CPP ChildBenefit
CPP Survivor
Pension
6
Government from the perspective of a business
Allison’sBusiness
ROE
Customs
BusinessNumber
Taxes
FinancialAssistance
Permits &Licenses
RegulatoryFilings
IntellectualProperty
Spectrum
Imports
Import/Export
HazardousMaterials
Registration
Grants/Loans
Exports
Vendors
Registration
SubsidyPrograms
GST
SourceDeductions
Patents
Trademarks
Copyrights
Invoicing
Bidding
Environmental
Corporate Taxes
7
Transforming Service Delivery
Rethinking service delivery
Integrated services
Shared or common solutions
Single window access
Automation of existing processes
Services provided in e-silos
Program by program solutions
Program by program access
Departmental Focus User / Client Focus
8
Canada Site and Gateways are evolving to…
…become the e-platform for service delivery
Common InfrastructureCommon Infrastructure
10
The federated architecture plan – a strategy to implement…
DepartmentUnique
Components
DepartmentUnique
Components
DepartmentUnique
Components DepartmentUnique
Components
Cluster Department Shared Components
Federated Architecture
Departmental
Departmental Architectures
BusinessProcess
BusinessProcess
BusinessProcess
BusinessProcess
Government-wide Shared Components
…a horizontal, cross-government enterprise architecture…a horizontal, cross-government enterprise architecture
11
. . .
Workflow
Authent.Mgmt
Session Mgmt
Settlement
Profile
Secure Store
CA Mgmt
Directory
Back
C
hannel
Back
C
hannel
Kiosks
Web
MobileClient
Phone
…
Business Logic & Data
Systems
Dept A
Dept B
Dept C
Secure Channel Domain
Central Processes/Dat
a
Departmental Domain
Distributed Processes
Back
Channel
Systems
Systems
Data
Data
Data
Com
mu
nic
ati
on
Ad
ap
ter
Access Domain
Fro
nt C
hann
el P
latf
orm
The Secure Channel anchors the federated architecture
12
Multi-channel Suitability
User FriendlinessEase of Implementation
Privacy and Security
• One or more certificate management facilities support multiple service providers
• Certificates only contain a Meaningless But Unique Number (MBUN) as the Distinguished Name.
• Consent-based model: clients choose whether or not to link multiple programs to the same MBUN (certificate).
• Identity-proofing: done by each program on-line or in person, and can be nominal or robust.
• At each program (only), a program specific client-identifier is associated to each MBUN to ensure repeat recognition..
• Recovery process: uses robust, client- selected shared secrets process (automated & on-line); if successful, a new certificate using the same MBUN is issued
GoC Authentication Model
CA
13
Client is seamlessly passed to the ePASS central key management system
4. Client chooses a User ID and password –the User ID must be unique but need not be the client’s actual name.
5. For recovery purposes, client selects a number of pre-determined questions and provides answers.
4b. Encryption and signing keys are generated and stored in a profile that is protected with double encryption – accessible only to the client..
6. Certificate (ePass) is issued and downloaded to client’s browser.
2. “Shared secret” or in person identity-proofing done by each program with rigor meeting its business/security needs.
3. Shared secrets or access code (in person identity proofing) verified by the program against its records.
1. Client browsing department website is provided option to enroll for a program service and obtain a certificate (“ePass”) for on line transactions.
Client passed back to program area7. Program completes
enrollment process by associating the MBUN with program-specific identifiers.
8. MBUN-Identifier bindings remain only with the program – in an encrypted database.
Certificate Issuance Process
…ID Proofing can occur prior to conducting an online transaction
Cards and BiometricsCards and Biometrics
15
Perceptions of Canadians about privacy and security…
Recent focus testing confirmed that Canadians:
Make the distinction between privacy and security
Feel that the banks do a better job on security
Feel that the government does a better job on privacy
Expect more from government than banks or the private sector in
terms of privacy and security
Are most concerned about privacy of financial & health information
Are strongly influenced by media, family and friends
Want information on privacy and security from GoC
…will determine pace of take up of on-line services…will determine pace of take up of on-line services
16
Provides consistent framework to identify and resolve privacy issues during design or redesign of programs and services
As of May 2, 2002, PIAs mandatory for situations where privacy issues may by be inherent including: increased collection, use or disclosure of personal information broadening of client populations; shift from direct to indirect collection of personal information new data matching or increased reuse or sharing of personal
information
Summaries of PIAs to be made available publicly
Policy and guidelines available at www.tbs-sct.gc.ca
The Privacy Impact Assessment Policy (PIA)…
…a new development on the privacy front…a new development on the privacy front
17
Cards and Biometrics
Cards/biometrics viewed as enablers of service transformation and secure access.
Cards are portable, support security and can be implemented in a privacy friendly way
Cards can leverage the existing infrastructure built for access to Government on Line.
Interoperability, infrastructure, policy and standards are key challenges.
18
Current Situation in the Federal Government
Emerging program requirements for:
(advanced) cards and biometrics (Canada – US Smart Border)
interoperability and document integrity
common IM/IT and infrastructure services
Major challenges:
multiplicity of domestic and international requirements and
interoperable technology platforms
19
GoC Activity
Departments have several card initiatives in planning stages
or underway to improve service or complement US initiatives.
Future phases may include the addition of a smart chip or
biometric.
CIC Optical stripe card for a Permanent Resident card
CCRA Nexus and EPPS for expedited border crossing
Environment: transportation of hazardous materials
Justice: firearms registration card
Passport: travel/visa waiver card
INAC: Access to services for Status Indians
20
Key Issues
Interoperability
Adherence to standards and open systems needed.
Private/public sector working partnership to advance interoperability.
Infrastructure and sustainability
Need to leverage common infrastructure/production facilities.
PKI already in place – considered a major cost of card deployment for applications requiring secure comm.'s.
Standards
Technology standards to be selected to allow the widest compatibility and availability of components.
Stovepipe solutions are not the answer.
21
Our Goal:
any card, any reader,any application
22
Canada no. 1 among 23 countries for 2nd year in a row according to Accenture
We are on the right track for GoL...
1
April 2001April 2001
1
April 2002April 2002
…but must maintain momentum to remain a leader…but must maintain momentum to remain a leader
23
For more information
www.canada.gc.ca
www.gol-ged.gc.ca
www.cio-dpi.gc.ca
Serving Canadians Securely Serving Canadians Securely through through
Government On-LineGovernment On-Line
Global Platform Business SeminarGlobal Platform Business SeminarAugust 21, 2002 August 21, 2002
Michelle d’AurayMichelle d’AurayChief Information Officer Chief Information Officer Government of CanadaGovernment of Canada