a user centric and claims based architecture for british columbia
DESCRIPTION
A User Centric and Claims Based Architecture for British Columbia. Ian Bailey Director Application Architecture Office of CIO, Province of BC. Agenda. Background on BC & Use Cases Connected Workforce Citizen Centred Service Authoritative Parties & Claims IDM Architecture Project - PowerPoint PPT PresentationTRANSCRIPT
![Page 1: A User Centric and Claims Based Architecture for British Columbia](https://reader036.vdocuments.site/reader036/viewer/2022062721/5681386c550346895da01dd0/html5/thumbnails/1.jpg)
Ian BaileyDirector Application ArchitectureOffice of CIO, Province of BC
A User Centric and Claims Based Architecture for British Columbia
![Page 2: A User Centric and Claims Based Architecture for British Columbia](https://reader036.vdocuments.site/reader036/viewer/2022062721/5681386c550346895da01dd0/html5/thumbnails/2.jpg)
AgendaBackground on BC & Use Cases
Connected WorkforceCitizen Centred Service
Authoritative Parties & Claims
IDM Architecture Project
IDM Pilots
Claims and Standards
Questions
![Page 3: A User Centric and Claims Based Architecture for British Columbia](https://reader036.vdocuments.site/reader036/viewer/2022062721/5681386c550346895da01dd0/html5/thumbnails/3.jpg)
Province of British Columbia
Here
![Page 4: A User Centric and Claims Based Architecture for British Columbia](https://reader036.vdocuments.site/reader036/viewer/2022062721/5681386c550346895da01dd0/html5/thumbnails/4.jpg)
Province of British Columbia
Western most province in Canada
4.4 Million Citizens
400,000 Businesses
2 Million workers
400,000 people participate in the delivery of public services
![Page 5: A User Centric and Claims Based Architecture for British Columbia](https://reader036.vdocuments.site/reader036/viewer/2022062721/5681386c550346895da01dd0/html5/thumbnails/5.jpg)
Two general use cases
Connected WorkforceMany public and private sector organizations Using different vendor productsSharing information for better outcomes
Citizen Centred ServiceProviding electronic services to citizensPrivacy, safety and ease of use
![Page 6: A User Centric and Claims Based Architecture for British Columbia](https://reader036.vdocuments.site/reader036/viewer/2022062721/5681386c550346895da01dd0/html5/thumbnails/6.jpg)
Connected Workforce400,000 member workforce
Approximately 500 public sector organizations
Government ministries, agencies & boardsHealth authorities and hospitalsSchool districts, universities, collegesMunicipalities, regional districtsCrown Corporations
1000’s Licensed professionals
10,000’s of contracted service providers
![Page 7: A User Centric and Claims Based Architecture for British Columbia](https://reader036.vdocuments.site/reader036/viewer/2022062721/5681386c550346895da01dd0/html5/thumbnails/7.jpg)
Connected Workforce“Information Sharing for better outcomes”
Workforce should be able to get access to the information they need to do their job.
An identity management eco-system is key to ensuring the right person has access to the right information, at the right time, and for the right purpose.
![Page 8: A User Centric and Claims Based Architecture for British Columbia](https://reader036.vdocuments.site/reader036/viewer/2022062721/5681386c550346895da01dd0/html5/thumbnails/8.jpg)
Connected Workforce 400,000 Businesses
They may have their own sophisticated IT infrastructures and have a username & password or smart card at their workplace
Or they may need a common Identity provider service
BCeID is our identity service
![Page 9: A User Centric and Claims Based Architecture for British Columbia](https://reader036.vdocuments.site/reader036/viewer/2022062721/5681386c550346895da01dd0/html5/thumbnails/9.jpg)
Number of Businesses
Siz
e o
f B
usin
ess
Federated Businesses
Common Identity Provider BCeID for small businesses
![Page 10: A User Centric and Claims Based Architecture for British Columbia](https://reader036.vdocuments.site/reader036/viewer/2022062721/5681386c550346895da01dd0/html5/thumbnails/10.jpg)
Citizen Centred Service4 Million citizens
A common Identity provider service for public services in any sector
BCeID is our service
Desire for additional featuresPrivacy protection and Minimal DisclosureInternet Safety
![Page 11: A User Centric and Claims Based Architecture for British Columbia](https://reader036.vdocuments.site/reader036/viewer/2022062721/5681386c550346895da01dd0/html5/thumbnails/11.jpg)
Authoritative Parties and Claims
Government is an authority for personal identification claimsGovernment is an authority for business identity claimsOrganizations are an authority for claims about their employeesProfessional bodies are an authority for claims about their membersIndividuals are the authority for some claims about themselves
![Page 12: A User Centric and Claims Based Architecture for British Columbia](https://reader036.vdocuments.site/reader036/viewer/2022062721/5681386c550346895da01dd0/html5/thumbnails/12.jpg)
BC Identity Management ForumSpring 2006April 2006 we brought together the
largest BC public sector organizations and our major IT suppliers
Invited them to work towards a solution that
Protects privacy & securityLeverages authoritative sources for identity information (claims)Scales to connect our workforce and the public
![Page 13: A User Centric and Claims Based Architecture for British Columbia](https://reader036.vdocuments.site/reader036/viewer/2022062721/5681386c550346895da01dd0/html5/thumbnails/13.jpg)
BC Identity Management ForumFall 2006
Engaged public sector CIO’s and architects
Contracted with Bell, CA, Deloitte, IBM, Microsoft, Nortel, Novell, Oracle, Siemens, Sun Microsystems, Sxip, and Telus
Sxip Identity to coordinate and manage forum
Develop an architecture for the two use cases
![Page 14: A User Centric and Claims Based Architecture for British Columbia](https://reader036.vdocuments.site/reader036/viewer/2022062721/5681386c550346895da01dd0/html5/thumbnails/14.jpg)
BC Identity Management ForumRequirements DocumentContents
An agreed lexicon of terms34 general requirements
Privacy best practices
Security gradient
Authoritative sources of identity claims
Loose coupling for scaling
http://www.cio.gov.bc.ca/idm/idm_forum/
![Page 15: A User Centric and Claims Based Architecture for British Columbia](https://reader036.vdocuments.site/reader036/viewer/2022062721/5681386c550346895da01dd0/html5/thumbnails/15.jpg)
BC Identity Management ForumArchitecture Document July 2007Contents
Background/methodology/principlesCore architecture interactionsAdditional use case interactionsStandards and architecture recommendations
http://www.cio.gov.bc.ca/idm/idm_forum/
![Page 16: A User Centric and Claims Based Architecture for British Columbia](https://reader036.vdocuments.site/reader036/viewer/2022062721/5681386c550346895da01dd0/html5/thumbnails/16.jpg)
Core Architecture
AuthoritativeParty(AP)
Relying Party(RP)
Identity Agent(IA)
Authoritiesrecognized to make claims
Request and accept claimsto satisfy local policy.
Facilitates and controlsthe distribution of claimsfor a principal.
Root Authorities/Trust ModelRoot Authorities/Trust ModelLocal
Policy
au
dit
log
Local
Policy
Au
dit
log
![Page 17: A User Centric and Claims Based Architecture for British Columbia](https://reader036.vdocuments.site/reader036/viewer/2022062721/5681386c550346895da01dd0/html5/thumbnails/17.jpg)
BC Identity Management Forum
Test/Pilot the two main use casesConnected workforceCitizen centred serviceUsing Information Cards
![Page 18: A User Centric and Claims Based Architecture for British Columbia](https://reader036.vdocuments.site/reader036/viewer/2022062721/5681386c550346895da01dd0/html5/thumbnails/18.jpg)
BC Identity Management ForumPilot 1 Connected WorkforceAccess to each other’s wireless LAN’s
using a Managed Information CardMicrosoft is providing software so that we can issue Managed Information Cards from 5 organizationsPing Identity is providing software for authenticating users with Managed Information Cards for WiFi accessTelus is hosting wireless authenticator
![Page 19: A User Centric and Claims Based Architecture for British Columbia](https://reader036.vdocuments.site/reader036/viewer/2022062721/5681386c550346895da01dd0/html5/thumbnails/19.jpg)
Corporate ADAuthoritative Party
(AP)
Shared AuthenticatingWeb Server
(RP)
Wireless LAN configured touse Authenticating Web Server and AP’s
Visiting user selects CorporateManaged Information Card
Internet
![Page 20: A User Centric and Claims Based Architecture for British Columbia](https://reader036.vdocuments.site/reader036/viewer/2022062721/5681386c550346895da01dd0/html5/thumbnails/20.jpg)
BC Identity Management ForumPilot 2 Connected Workforce
Access to a shared collaboration site using Managed Information Cards
Microsoft is providing software so that pilot users from 5 orgs can access a Sharepoint 2007 collaboration site with Managed Information CardsTelus is hosting the Sharepoint Site at their Calgary data centre.
![Page 21: A User Centric and Claims Based Architecture for British Columbia](https://reader036.vdocuments.site/reader036/viewer/2022062721/5681386c550346895da01dd0/html5/thumbnails/21.jpg)
Corporate ADAuthoritative Party
(AP)
Collaboration SiteSharepointWeb Server
(RP)
User selects CorporateManaged Information Card
Internet
![Page 22: A User Centric and Claims Based Architecture for British Columbia](https://reader036.vdocuments.site/reader036/viewer/2022062721/5681386c550346895da01dd0/html5/thumbnails/22.jpg)
BC Identity Management ForumPilot 3 BCeID Business usersIssue Managed Information Cards to
select business users.CA is providing software to authenticate and authorize users based on claims in Managed Information Cards.Microsoft software for Managed Information Cards for our business identity service www.bceid.caAccess to Sharepoint, Wireless, and a test web application.
![Page 23: A User Centric and Claims Based Architecture for British Columbia](https://reader036.vdocuments.site/reader036/viewer/2022062721/5681386c550346895da01dd0/html5/thumbnails/23.jpg)
https://www.bceid.caAuthoritative Party
(AP)
BCeIDPoint of Service
Relying Party(RP)
Issues managed cards
Verifies claims
Accepts managed cards
sends managed card
Visits BCeID service counter
Internet
![Page 24: A User Centric and Claims Based Architecture for British Columbia](https://reader036.vdocuments.site/reader036/viewer/2022062721/5681386c550346895da01dd0/html5/thumbnails/24.jpg)
Claims – a need for information standards
personal identification claimsminimal disclosure claimsassurance level claimsbusiness identity claimsclaims about employeesclaims about professionalsIndividuals are the authority for some claims about themselves
![Page 25: A User Centric and Claims Based Architecture for British Columbia](https://reader036.vdocuments.site/reader036/viewer/2022062721/5681386c550346895da01dd0/html5/thumbnails/25.jpg)
Questions?