Liberty, Privacy & The Public Sector

2

Agenda

Liberty & Privacy E-government and identity

The promise of e-government Importance of identity to e-government

Identity defined and explained Liberty Alliance and e-government Benefits of Federated Identity to Governments Illustrated use cases

3

Liberty & Privacy

4

Privacy

The ability to control my identity on your network

Who I am What you know about me When you know it How you can use it

5

Data on the Internet

Easy and inexpensive to gather, store, analyze, transmit and reuse

More readily accessible to a wider circle of data users

Inherently global: The Internet knows no boundaries

6

Privacy Concerns

Citizens are most concerned about

Security of sensitive information

Sharing personal information

Identity Theft

7

Liberty’s Focus on Privacy

• One objective of Liberty: Improve privacy through the federated model

• Liberty addresses privacy in specification development process Public Policy Expert Group exerted influence from day 1 on privacy

issues Liberty invites input from policy makers and privacy advocates Technology decisions are made to enhance privacy and make it easier

to implement good privacy practices

Privacy and Security Best Practices were developed to promote privacy-friendly implementations and deployments

Security & Privacy Overview provides technical guidance on security and privacy ramifications of ID-WSF implementations

8

Liberty's Structure Promotes Privacy and Security

Federated structure means no centralized data storage that would be vulnerable to attack

Customer has more control of data because the permissions related to a piece of data can stay with that piece of data, guiding its use.

Use of unique identifier for each pair of service providers means that one key will not unlock all data

9

E-Government and Identity

10

The Promise of e-Government

Transform the business of government through Internet technologies to: Improve public services Increase convenience for citizens Streamline business processes and improve efficiency Reduce costs Implement citizen-centric (rather than agency-centric)

services

Prerequisite: e-citizen trust

11

E-Government Needs

Information sharing Government – business – education – citizen

Interoperability Dynamic provisioning, de-provisioning Cohesive way to identify citizens Citizen privacy

12

Why Identity is Important to Governments

Citizen and business identity is key to e-citizen activity Identity is a primary data element Used across all administrations to provide services

Use can result in positive or negative citizen view of government Important for government to use correctly to create

citizen trust

13

Citizens, agencies, business losing trust in web-based systems Privacy concerns:

60% won’t buy online Is my private information kept confidential? Within the administrations ? Can administrations correlate my private information ?

Security failures: ID theft is #1 consumer complaint Bad password management aids hackers

Concerns about Identity

14

Identity Defined and Explained

15

Digital Identity

Prove through authentication: Are you who you say you are?

Authentication is the foundation of all security Security of the system is only as strong as its weakest link Authentication is the only aspect of security that must

involve the user

16

One factor (OK) What you know: password, name What you have: ticket, license, passport

Two factor (Better) Combining factors What you know and what you have

ATM card and PIN

Multi factor (Best) Usually involves biometrics What you know, what you have,

who you are (biometrics) ID Card, spoken pass phrase

Forms of Authentication

Password:

########

17

Challenges with Identity

Administrative issues Multiple authentication mechanisms

Drivers license, passport, national identity card, username/password combinations, certificates…

Difficult to keep track of credentials

Privacy issues Internet usage may proliferate digital identity dissemination Must preserve privacy while sharing information Need solid ways to establish proof of digital Identity Authentication must be done securely

18

Liberty Alliance and e-government

19

• Consortium developing open standards • For federated identity management• In coordination with other standards groups

• More than 150 participating members• Government, business and consumer facing organizations• World-wide cross-section of organizations

• Develops open specifications that anyone can implement• Does not deliver specific products or services• 20+ Liberty-enabled products and services available

• Addresses business & policy issues of identity Guidelines, best practices documents, checklists Support for global privacy regulations built into specs

Liberty Alliance

20

Liberty: Federated Model

ProviderProvider

Provider

Provider

Provider

Provider

The federated model provides an answer to the needs and requirements of governments

Disparate mechanisms joined dynamically into a single, logical whole May be different types, strengths

Trust relationships established Authentication accepted

Independent of mechanism or authority

No centralized control User can authenticate locally, operate globally

21

Win the Citizens' Trust in e-Government

Liberty Alliance standards foster end-to-end authentication and security

Published and adhered-to policies create trust for all parties involved: citizens and government agencies

Maintain trust: protect citizens' personal data by using it only for the mutually intended purpose adhering to the published policies

Implement differential data access according to role and service

22

Freedom of Choice

Choice of solutions from many vendors Open Source Software implementations Conformity with widely accepted industry

standards Public specifications, with unrestricted access

for everybody, create an even playing field Liberty Alliance standards create opportunities

for local industry and SMEs

23

• Liberty adoption can increase confidence in, and use of, mobile and web-based services• Enhances trust among citizens, business, civil servants

• Governments easily, cost-effectively deploy services that appeal to consumers/citizens

• Faster response time for critical communications

• Stronger security and risk management

• Ultimately• Increased use of e-services

• Dramatic cost savings

• Support the Privacy State mission towards the Citizens

The Benefits for Governments

24

The Liberty Advantage

Open specifications — allows different systems to interoperate and allows multiple vendor competition

Federated model — no central point of failure, no intermediation between you and citizen

Built on standards — works with legacy systems

25

Illustrated Use Case

26

Without federated identity

All information must be duplicated,

the citizen registers 5 times, may use 5 different identifications and passwords

A use case without federated identity :A parent registers one of his children in a national school ;he/she uses a government identification number and a password which may be different for each ministry or agency;

Logon to the Ministry of Education : to register the childLogon to the Ministry of Interior : obtain child's birth certificateLogon to the Ministry of Finance : obtain proof of place of residence Logon to the Ministry of Social Aid : if family eligible for social aidLogon to Ministry of Interior : proof of legal guardianship

27

With federated identity

Citizen authenticate to any government authority

Citizen connects to any government authority within the circle of trust of public services. Automatic update through integration between agencies

One sign-on opens all connected services within the circle of trust

education

interior

finance

social aid

Citizen connects once through any government authority; Automatically recognized by other government services

28

• Citizen or business entity authenticates to one organization (e.g. tax portal)

• Results of authentication are accepted by others with whom who you have authenticated• Motor vehicle department

• Land recordation authority

• Citizen aid organizations

• Related businesses, etc.

Ideal situation

29

Other Use Cases

• Liberty-enabled e-learning system • Government to school to citizen• Educational content served to students • Single sign-on, interoperability, openness – and privacy

• Local land records system• Circle of trust among mortgage and title companies, customers and land

records department• Streamlined land recordation with time and money savings• Increased integrity of local government land records system

• Patient Medical File• Circle of trust between the patient and the physicians• Each medical practice accesses the relevant information• Access is given by the patient enabling privacy

30

Board and sponsor members include:

Membership

31

Questions?

Liberty Alliance

www.projectliberty.org