Identity and Access Management (IAM) Linkage to Innovative Service Delivery Brian Reed, IAM Practice Lead, HP Enterprise Services, Canada

Transcription

1 Identity and Access Management (IAM) Linkage to Innovative Service Delivery Brian Reed, IAM Practice Lead, HP Enterprise Services, Canada February 17 th, 2012 Victoria, B.C.

2 Presentation Outline Session Objectives IAM Linkage to Innovative Service Delivery: Case Study 1: Belgium - Flemish e-government Transformation Shifting from pull to innovative push models is changing the urgency for IAM Case Study 2: EU Self Certification Enabling Self Certification for Benefits Eligibility through Voice Print Biometrics and Mobile Authentication DEMO live voice print demonstration Case Study 3: Mobile Voting Global IAM Business Challenges Implications for IAM Program Design Market trends and models Technology considerations Reference architectures Global Initiatives: British Business Federation Authority (BBFA) Federated Identity Management Reference Implementations Government of Canada Pension Modernization: IAM Framework of Enterprise Applications U.S. Access India UID Solution Convergence Summary

3 Session Objectives To share through case studies, the linkages between fiscal climate change and IAM; and linkages of IAM to innovative service delivery To share reference models and innovative strategies for deploying large scale IAM solutions To exchange ideas about the business challenges of the public sector with respect to identity and access management

4 IAM LINKAGE TO INNOVATIVE SERVICE DELIVERY 4 HP Restricted 2011 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice

5 A Climate Change in Government Finance, not just a few Bad Winters US Federal Debt as Percentage of GDP ( ) 150% 121% 100% 102% Factors Impacting Long-Term Government Finances 50% 33% Ageing population 0% 40% Taxes as Percentage of GDP in OECD Countries ( ) Source: Office of Management and Budget Rising citizen service expectations 35% Sustainability 25% 20% Source: OECD Tax erosion from globalisation and ageing population

6 Operating Expense and IT Expenditure Average Total Operating Expense Average Breakdown of IT Expenditure 93.5% 6.5% Transform and Grow 27% Run 73% Source: Gartner, Inc., IT Key Metrics Data 2010: Key Industry Measures: Government Analysis: Multi Year

7 IT strategy to manage the fiscal crisis Minimize Maximize Explore 1 IT Run 2 Government 3 Disruptive Spending Return on IT Solutions

8 Maximizing Government Return on IT PUBLIC VALUE RETURN Policy Outcomes & Outputs Efficiency Quality of Service Public Trust Public Taxpayers Customers Citizens Government = Return on IT IT SPENDING

9 SERVICE DELIVERY INNOVATION CASE STUDIES 1) e-government: Belgium and the Flemish Government (2) Human services: EU Self-Certification using Mobile Telephony (3) Mobile Voting

10 Belgium / Flanders - MAGDA Platform

11 Case Study 1: Belgium and Flemish Government, Integrated focus on citizen & business value once-only data collection, multiple data (re) use i.e. A government that does not ask for what it already knows, and is truly certain of what it knows Key Drivers : Improved service delivery reduce administrative burden for enterprises pro-active delivery of entitlements to citizens Improved internal operations / administration avoid unnecessary double work (data entry & quality) simplify and streamline existing administrative processes 11

12 Origin: «Only Ask it Once» Situation Political support: Minister in charge had the key message in his policy letter e-government team in place Focus on citizen support resolution in parlement Focus e-gov on citizen and business at the regional level Implement the Only ask it regional level and extend to national level Ensure maximum privacy Only Ask it Once MAGDA ( Maximum Data Sharing Flemish Parliament Between Administrations and Agencies ) Platform 12

13 Framework components: Key Building Blocks Goal : Citizen Value Platform : MAGDA Citizen Value MAGDA Part of the coalition agreement and longterm vision (VIA) Authentic Data : the information, the value VIA 2020 strategy Authentic Sources Commitment Change agent Change agent : driver Legal & privacy regulation E-ID : the key to get access E-ID : key Legal Privacy (Video) 13

14 Case Study 2: Human services: Self-Certification using Mobile Telephony: EU Example Challenges: Increased demand for unemployment benefits Intense manual processes On-going certification requires regular visits to the Department for Social Protection Local Offices Long lines, staff overloaded Reduce welfare fraud and Desired Policy Outcomes: Improve service delivery against Customer Charter and Action Plan Increase certification frequency, to help reduce fraud and overpayments Examine new communication channels, including Self Certification using mobile telephony Ensure on-going controls are in place overpayments 14

15 PUBLIC VALUE FRAMEWORK SOCIAL PROTECTION PUBLIC VALUE POLICY OUTCOMES QUALITY OF SERVICE PUBLIC TRUST EFFICIENCY EXECUTIVE KPI CORE FINANCIAL KPI Increase Participation Easy Access, Prompt and Accurate Service (On-Budget) Planned vs. Actual Maximize FFP Identity and Secure and Incentives ; Access to Service Minimize Penalties; Minimize Fraud Admin Exp. As a Percentage of Benefits Expenditures BUSINESS INITIATIVES Implement New Access Channels Improve Registration and Authentication Control Benefit Expenditures / Reduce Fraud OPERATING KPI PROCESS/FUNCTION Improve Registration Intake / Eligibility Determination Improve Authentication and Access Reporting and Intake Improve Accuracy and Timeliness Payment Process PS Initiatives Mobile Certification IT Initiatives Application Services, Data Integration Services, Converged Infrastructure

16 Enrolment Best-Practices and Benefits Enrolment Best Practices Explain Enrolment process, obtain consent Gather voice sample, verify capture Verify enrolment with a test certification Enrolment complete Opt-in Service Benefits Supports in-country mobility Leverages voice print biometrics Reduces need to visit local offices Reduces program administration costs 16 Quick Demo

17 Case Study 3: Mobile Voting; Electoral Participation; Rising Expectations Developed countries Decline in voter participation Drop in turnout among young people Only 37.4 per cent of voters aged 18 to 24-years-old voted in the 2008 Canadian federal election, similar in US & UK; 49% of all eligible voters in 2011 Ontario election Developing countries Challenge to communicate information on polling centre locations and hours of operation Haiti elections: cell phones and internet to facilitate voter turnout United Nations Development Programme, Newsroom, March 18,

18 Internet mobile phone voting Example of mobile voting process Home Authentication Select candidate Cast Vote Confirmation Authentication Servicios Select Servicios Candidates Servicios Cast vote Servicios Confirmation Candidates Authentication Help Language Identification x PIN : Select your candidate from the next list and press ok: Candidate 1 Candidate 2 Candidate 3 You have selected next candidate: Candidate 1 Confirm and Cast vote? Your vote have been sent and cast. Receipt: fdsfksdopfiwpreoiwepoi gghfghfghgfhgfh Send Modify Send Have a nice day! Exit Back Help Back Next Help Mail receipt End First display shows browser menu and option to change language before proceeding. Authorize access to voting service through secure authentication Browse through candidates list (one after one), displaying: Candidate name and Party logo Confirm candidate selection, cipher the vote and cast the ballot Confirmation that the vote has been recorded, including a proof for the voter 18

19 GLOBAL IDENTITY MANAGEMENT BUSINESS CHALLENGES Implications for IAM Program Design: Market Trends and Models Reference Architectures Global Initiatives Reference Implementations 19 HP Restricted 2011 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice

20 Global Identity Management Business Challenges Citizens and businesses are demanding simpler access to government services across multiple delivery channels Privacy must be considered from both a trust and compliance perspective Current state: proliferation of identity stores and access management systems frustrate a citizen-centric transformation Citizens not only have multiple personas and contexts in terms of their interaction with government but they have multiple identities Understanding these personas and mapping them to appropriate information access is a significant business challenge Technologies are more mature but integration with legacy systems is still complex

21 Implications for IAM Program Design Business strategy and analysis of information management requirements need to lead introduction of technology Need to understand the risk profile of information assets and transactions and map to required levels of identity assurance Need to assess trade-offs: convenience versus control; individual control versus institutional control; cost versus residual risk Identify business partners and establish governance over IAM including trust agreements and levels of assurance on identity management process

22 Identity, Access and Governance Establishing trusted digital identities-identity proofing Authentication and risk Managing policy - authorization, personas, context Governance - authoritative sources, trust relationships, liability

23 What can IAM Enable? Streamlined service delivery from a government and citizen/business perspective - cost to serve, multi-channel A trust fabric for e-government essential for adoption A customized client experience BYOD Enhanced program integrity Reduced fraud and error Increased privacy protection Capability to push programs/services as well as provide targeted access to information

24 MARKET TRENDS AND MODELS 2011 Hewlett-Packard Development Company, L.P. HP 24 Restricted The information contained herein is subject to change without notice

25 Gartner IAM Hype Cycle Less than 2 years 2 to 5 years 5 to 10 years More than 10 years Key Points: transformational high 1.Value drives adoption 2.Hard to predict moderate technology curves 3.Industries drive specific solutions e.g. healthcare low

26 IAM Technology Considerations Granularity Context awareness Adaptive Delegation Extensibility Federation Standardization Legacy apps support-adapters e.g. provisioning Support for multiple authentication schemes Completeness of applicationscomponents or suites?

27 REFERENCE ARCHITECTURES 2011 Hewlett-Packard Development Company, L.P. HP 27 Restricted The information contained herein is subject to change without notice

28 Citizenship and Immigration Canada -TRBP

29 Oklahoma State Healthcare Information System Identity Management Policy & Access Management Federation & Access Control Digital Identity (X.509) SAML Token Service (STS) Auditing & Reporting User Registration Reliability/Data Integrity Interoperability - HIE, NwHIN Connect Data Management Firewall/DMZ Provisioning & De-provisioning Authorization (RBAC) Identity Registry Escalation - SOA Suite Governance - NIST Framework Perimeter Level Security

30 GLOBAL INITIATIVES British Business Federation Authority (BBFA) Federated Identity Management 2011 Hewlett-Packard Development Company, L.P. HP 30 Restricted The information contained herein is subject to change without notice

31 Building a Consistent Approach to Customer-Centric Digital Identity Assurance across all Public Services

32 UK Citizen Access to Government Services

33 Context of Identity

34 REFERENCE IMPLEMENTATIONS 2011 Hewlett-Packard Development Company, L.P. HP 34 Restricted The information contained herein is subject to change without notice

35 Government Canada Application Modernization and IAM (Pension Modernization) Access Management Applications Identity Management PKI Based Authentication Web Server AM WebGate TruePass SVM Authentication Events Oracle Access Manager AM WebGate AM WebGate Pay Matane Imaging Web Application AM WebGate Insurance AM WebGate Identity Manager Web Server OC4J Connector Active Member Enrolement Web Server AM WebGate TruePass Application Server Oracle WebLogic Application Server Userid & Password Authentication Web Server AM WebGate WebPass Access Manager Administration Web Server Policy Manager WebPass Oracle Access Manager Configuration Manager Oracle Application Server / OC4J OAM Configuration Manager Database Authentication Events AM WebGate Access Manager Access Server Access Manager Identity Server IDM Oracle Single Sign On (OSSO) Server Oracle Application Server / OC4J OAM Audit Records Access Manager Audit Database Authorization Events/Single Sign-On/ Session Management OSSO Session Creation Oracle Virtual Directory AM WebGate AM WebGate AM WebGate AM WebGate AM WebGate AM WebGate osso Siebel Call Centre Oracle Business Intelligence Dashboard Answers PenWeb Data Capture Tool Penfax Oracle Portal Crown Corporation Portal Active Member Pension Application Web Content Management Authentication Requests Authorization Lookups User Profile Operations Synchronization of user information via G+ adapter Authentication Requests Provisioning & reconciliation of user information IDM OID Genesys Workforce Management Provisioning of user info and reconciliation of groups & users Integration Broker BPEL Worklist Provisioning of user info and reconciliation of groups & users Hyperion Reports Provisioning of user info and reconciliation of groups & users Hyperion periodically connects to the IDM OID and updates it s security repository with the list of valid users. Universal Customer Master Portal OID Trusted reconciliation of employer representative information Provisioning & reconciliation of user information Oracle Application Server / OC4J Siebel Connector PenWeb Connector DCT Connector Penfax Connector OID Connector OID Connector Oracle Identity Manager API Oracle Identity Manager Active Member Authoritative Source DB Tables Connector Identity Manager Database Directory / Data Services TruePass SVM WebLogic Application Server Plugin Active Member Enrolment Application Oracle WebLogic Application Server Validation of shared secrets & reconciliation of user information PenWeb Database

36 USAccess and FEDERATED IDENTITY- CONCEPTUAL ARCHITECTURE Source: FICAM Roadmap and Implementation Guidance

37 India-Unique ID Programme Architecture

38 SUMMARY

39 Convergence of "Service Innovation" and "Technology Innovation" will Deliver Greatest Public Value Service Innovation Prevention Participation Collaboration Technology Innovation Mobility IAM: Whole-of- Government Enablers Cloud Computing Analytics 39

40 Summary A climate change in public finances is helping drive demand for IAM innovation IAM is not just a technology but a critical foundation block for e-government / m-government IAM must help improve policy outcomes, increase service quality, efficiencies and help build citizen trust Need to continue collaboration to develop and leverage IDM policy frameworks (e.g. Kantara and PanCanadian IDMA model) Need for a consistent framework for Whole of Government Enablers, to support both internal and external social media, collaborative tools, mobility, and access to public sector service delivery through multiple channels-anytime, anywhere The movement to cloud based services and mobile access is driving federated identity solutions. Incremental steps, pilots, and proof of concepts are delivering on the early promises of federation.

41 Presenter Contact Data Brian Reed, IAM Practice Lead, HP Canada Enterprise Services 41