BLUEPRINT FOR THE FEDERATION OF IDENTITY MANAGEMENT

BLUEPRINT FOR THE FEDERATION OF IDENTITY MANAGEMENT Identity Policy and Programs (IPP) June 7, 2010 - Draft Page 1 of 29

TABLE OF CONTENTS BLUEPRINT FOR THE...4 Executive Summary...4 FEDERATION OF IDENTITY MANAGEMENT...5 1. IdM FEDERATION BLUEPRINT PROFILE...5 1.1 Context...5 1.2 Forum to Share Best Practices...5 2. IDM FEDERATION...5 2.1 BLUEPRINT PROFILE...5 2.1.1 Objectives... 5 2.1.2 Level of Integration... 6 2.1.3 Stakeholders and Beneficiaries... 6 2.1.4 Resources... 6 2.2 EXPECTED RESULTS...6 2.2.1 Management Summary... 7 2.2.2 IdM Principles... 8 Consistency... 8 Security... 8 Transparency... 8 2.2.3 Monitoring, Evaluating and Auditing... 8 2.3 GOVERNANCE...9 2.3.1 Identity Management Steering Committee (IMSC)... 9 2.3.2 Governance and Membership... 9 2.4 KEY CONSIDERATIONS AND DECISIONS...9 2.4.1 Overall Complexity... 9 2.4.2 Benefits... 9 2.4.3 Key challenges... 10 3. ACTIVITY STREAMS OF THE BLUEPRINT...10 Blueprint Matrix...11 3.1 BUSINESS NEEDS STREAM...12 3.1.1 Legislative Authorities... 12 3.1.2 Privacy Authorities and Practices... 12 3.1.3 Security Practices... 12 3.1.4 Risk Assessment and Mitigation Strategies for IdM... 12 3.1.5 IdM Requirements for Multi-Channel Universe... 12 3.1.6 Trust Criteria Identified... 12 3.1.7 IdM for Client Needs and Multi-Channel Universe... 12 3.2 WORK PROCESS STREAM...12 3.2.1 Alignment with Legal Authorities and Jurisprudence... 12 3.2.2 Privacy Impact Assessments for Multi-Channel Universe... 13 3.2.3 Security Practices... 13 3.2.4 Risk Assessment and Mitigation Strategies... 13 3.2.5 IdM Requirements for Multi-Channel Universe... 13 3.2.6 Trust Components for IdM... 13 3.2.7 Business Processes for Multi-Channel Universe to Support IdM for Client Needs... 13 3.3 INFORMATION (MANAGEMENT) STREAM...13 Identity Policy and Programs (IPP) June 7, 2010 - Draft Page 2 of 29

3.3.1 Authorities in Place for IdM Information Management Practices... 13 3.3.2 Compliance to the Privacy Code... 13 3.3.3 Compliance with Security Practices... 14 3.3.4 Risk Mitigation Strategies for Assurance... 14 3.3.5 Standards on Identity Attributes... 14 3.3.6 Trust for Identity Attributes... 14 3.3.7 Client-Centric Information Management Practices... 14 3.4 ARCHITECTURE (DESIGN) STREAM...14 3.4.1 Reference Model for Owners and Users of IdM Systems and Technologies.. 14 3.4.2 Guidelines Management of Identity Attributes... 14 3.4.3 Guidelines for System Certification... 14 3.4.4 Design Guidelines for Risk Mitigation... 15 3.4.5 Standard Format for the Exchange of Identity Attributes... 15 3.4.6 Guidelines for Building Trust Components into Business Processes and Systems... 15 3.4.7 Design guidelines for Consistent Identity Treatment for Multi-Channel Universe... 15 3.5 SYSTEM APPLICATIONS (SUPPORT) STREAM...15 3.5.1 Supporting Legal authorities... 15 3.5.2 Privacy Compliant Systems... 15 3.5.3 Guidelines for Secure Systems Applications... 15 3.5.4 IdM Testers and Users Systems Code... 15 3.5.5 Capture and Use of Identity Attributes Appropriate for Assurance Levels... 15 3.5.6 Testers and Users Code that support Trust Components... 16 3.5.7 Client-Centred Identity Life Cycle Guidelines... 16 4. BUILDING THE IdM FEDERATION...16 4.1 Key Projects...16 4.2 Key projects will inform on current situation of IdM:...16 4.3 The Key project results will contribute to:...16 4.4 Methodology...17 4.4.1 Key Projects (to be completed by the organizations)... 17 4.5 Commitment to the IdM...17 Appendix A: Identity Management Questionnaire...19 Identity Policy and Programs (IPP) June 7, 2010 - Draft Page 3 of 29

BLUEPRINT FOR THE FEDERATION OF IDENTITY MANAGEMENT Executive Summary Identity management (IdM) is about ensuring the integrity of identity information. It is about giving the right person/organization the right benefit/service, in the right amount, at the right time and for the intended purpose. The Blueprint for the of Identity Management is a guide to achieving an interoperable approach to identity management; working across channels, services and organizations to provide, within legislated parameters, timely access to integrated service delivery. It means setting an organization-wide framework and principles, standards, and tools to ensure the quality of identity management and integration across organizations who adhere to a federated approach to identity management. The Blueprint supports the recommendations of the Identity Management and Authentication Task Force (IATF) and the proposed solutions of Identity Management Steering Committee (IMSC) by consolidating elements such as legal, privacy, security, assurance, identity, trust and identity experience. The Blueprint will build upon activity streams to allow organizations to target their identity management activities across all aspects of their program management activities (including across multiple channels). Organizations will be asked to look at their business needs, their work processes, their information management practices, their program architecture design and their system applications to develop a foundation for a federated IdM. An IdM is a forum of like-minded organizations who manage the identity information of organizations and individuals established to allow information sharing, including the sharing of best practices on identity management. It is a forum for the development of a common understanding of identity management that will allow for the consistent treatment of identity across service channels, organizations and jurisdictions. Identity Policy and Programs (IPP) June 7, 2010 - Draft Page 4 of 29

BLUEPRINT FOR THE FEDERATION OF IDENTITY MANAGEMENT 1. IdM FEDERATION BLUEPRINT PROFILE 1.1 Context Identity is the cornerstone to access services and to receive benefits. As a result, identity must be well-managed throughout the identity information life cycle; allowing for increased public confidence and trust in the government. Identity management (IdM) is about ensuring the integrity of identity information and is about giving the right person / organization the right benefit, in the right amount, at the right time and for the intended purpose. The Blueprint for the of Identity Management is a guide to achieving an interoperable approach to identity management; working across channels, services and organizations to provide, within legislated parameters, timely access to integrated service delivery. It means setting an organization-wide framework and principles, standards, and tools to ensure the quality of identity management and integration across organizations who adhere to a federated approach to identity management. 1.2 Forum to Share Best Practices An IdM is a forum of like-minded organizations who manage the identity information of organizations and individuals established to allow information sharing, including the sharing of best practices on identity management. It is a forum for the development of a common understanding of identity management that will allow for the consistent treatment of identity across service channels, organizations and jurisdictions. 2. IDM FEDERATION 2.1 BLUEPRINT PROFILE 2.1.1 Objectives The objective of the Blueprint is to identify the steps necessary to achieve interoperable identity management and provide a consistent treatment of identity across multiple channels, services and organizations. It means that: The right person or organization, receives the right service or benefit for the right amount, at the right time, for the intended purpose; Privacy and security of the client s personal information is ensured; Organizational savings are realized; Strong performance, security and ethical culture are built. Identity Policy and Programs (IPP) June 7, 2010 - Draft Page 5 of 29

2.1.2 Level of Integration The Blueprint supports the Pan-Canadian Strategy for Identity Management and Authentication as laid out by the Inter-Jurisdictional Identity Management and Authentication Task Force (IATF) 1. It will promote the consistent treatment of identity across services and channels which is replicable across multiple jurisdictions. The following principles will guide the development of the Blueprint for the of Identity Management 2 : Achieve consensus through accepted, mutually respected assurances (of credential or identity), risk levels, and accountabilities; Respect program accountability programs maintain the responsibility (and accountability) for ensuring they are dealing with the intended client in accordance with their mandate; Let the citizen decide clients are provided with choices regarding which identity credentials to use to access government services which are recognized throughout the federation; Enable interoperability provide direction to assist departments in implementing trusted identity management practices that support the sharing of assurances of credential or identity; and Promote a fair and competitive marketplace maintain neutrality with respect to technologies and solutions and allow multiple providers to be part of the federation. This allows for the possibility of choice and competition. 2.1.3 Stakeholders and Beneficiaries An organization can become a member of the IdM by making a commitment to follow the identity management principles and standards of the. 2.1.4 Resources Each member of the will be required to manage its identity management activities and tools by using its own resources in accordance with the s objectives and by demonstrating their compliance with the identity principles and standards of the. Resource allocation by members to the will be optional, with shared activities carried out through formalized agreements. 2.2 EXPECTED RESULTS In the short term, the Blueprint s vision and goals will be presented to the Identity Management Steering Committee (IMSC) and to all stakeholders who have been consulted. In the medium term, the goal is to achieve consistent identity processes across multiple service channels within particular organizations. In the long term, the expected 1 http://www.cio.gov.bc.ca/idm/idmatf/idmafinalreport.pdf 2 Federating Identity Management in the Government of Canada: Initiating the Dialogue, TBS Identity Policy and Programs (IPP) June 7, 2010 - Draft Page 6 of 29

result is that trusted identity management practices exist across jurisdictions, amongst services, programs, and organizations. 2.2.1 Management Summary Each member will be required to attest to their capacity to federate by confirming their abilities to: Coordinate, manage and respond to the diverse information needs on identity management of the public. Raise privacy issues for, and during the design, implementation and evolution of programs and services. Manage the consequences in the event of harmful or damaging incidents arising from identity management risks, and to provide for adequate and timely compensation, restoration and recovery. Develop and implement common definitions and requirements that can be used by government departments operating in different jurisdictions and at different levels, and by commercial organizations that have relations with government. Develop and implement identity management frameworks, guidelines, procedures, etc. to ensure effective identity management practices by outlining requirements to support departments in the establishment, use and validation of identity. Develop and implement security and information management frameworks, guidelines, procedures, etc. to effectively manage security activities. Develop and implement a comprehensive and reliable base of evaluation methods/reports used to support identity management. Most of the requirements are already mandatory for many organizations and many are considered best practices. Membership in the provides the added value of improving internal management practices through the sharing of ideas and experiences. The methodology chosen by members for key projects in the Blueprint should be applicable across organizations and demonstrate an organizational capacity to integrate the identity management interoperability. The organization s strategic objectives for identity management should be aligned with the principles and standards of the. Identity Policy and Programs (IPP) June 7, 2010 - Draft Page 7 of 29

2.2.2 IdM Principles Consistency A key enabler to achieving coherent identity management is the consistent treatment of identity across multiple service channels and organizations that supports the integrity of the delivery of benefits and services. A consistent approach means timely, seamless, and integrated identity management processes to ensure the quality of identity information collected by programs and services. Consistency means the use of common assurance levels and credential solutions to eliminate duplication and redundancy, maximizing investments and minimizing costs. Above all, a consistent approach means that, while individuals interact with many different services via different channels, their experience with the department remains consistent and their identity information remains secure. Privacy Respect for the privacy applies across the identity processes of registration, authentication and validation. Respecting privacy means limiting organization interventions into the private lives of clients to lawful and necessary purposes, and ensuring adequate protection of personal and organizational information in accordance with applicable legislation. Security Ensuring the confidentiality, integrity, and availability of identity information is essential for service delivery, preventing identity fraud and ensuring that our clients identity information is secure. Registration, authentication and validation of identity will be carried out with the appropriate controls for individual security screening, physical and IT security. Transparency Personal and organizational information is accessible to anyone who is authorized to have access, including those individuals and organizations exercising their rights to access identity information. 2.2.3 Monitoring, Evaluating and Auditing Organizations will be responsible for training their staff and monitoring adherence to the IdM principles within their services, in keeping with consistent identity management across channels, services and organizations. They will be responsible for ensuring that appropriate remedial action is taken to address any deficiencies within their services and to protect the integrity of identity data and processes. Each member should take an integrated approach in assessing all service channels; taking into consideration the privacy impact, security, assurance levels, identity information, trust levels and identity service experience to ensure compliance with the principles and standards of the. Current standards such as the Institute of Internal Audit (IIA), International Standards Organization (ISO), and Information Technology Infrastructure Library (ITIL) will be explored to ensure interoperability of the. Identity Policy and Programs (IPP) June 7, 2010 - Draft Page 8 of 29

2.3 GOVERNANCE 2.3.1 Identity Management Steering Committee (IMSC) The IMSC is mandated by the Federal, Provincial. and Territorial (FPT) Deputy Ministers Table on Service Delivery to explore ways to enhance identity management practices across jurisdictions; with a view to develop a federated approach to identity management. The Blueprint will support the recommendations of the IATF and the proposed solutions of IMSC by consolidating the IATF IdM Framework components such as legal, privacy, security, assurance, identity, trust and identity experience service. 2.3.2 Governance and Membership To remain relevant, the IdM will need to be responsive and open to the varied and changing needs of its members. The voluntary nature of the, along with its diverse membership and interests, will present unique and ongoing challenges requiring an effective governance and decision making structure representative of the breadth of its membership. 2.4 KEY CONSIDERATIONS AND DECISIONS 2.4.1 Overall Complexity The interoperability of the will require coordinated communication amongst its members. Some may now rely on another party for identity claims; others will now rely on record retention practices and forensic techniques that must now span organizational boundaries. Failures of trust could proliferate across organizations and jurisdictions, making cross-over attacks possible 3. Addressing these issues will be key to ensuring that the exchange of identity information across different systems and networks is done with the trust and assurance necessary to enhance the integrity of benefits and the client experience. This will have to be achieved with clear legal authorities that incorporate issues related to cross border data flows. 2.4.2 Benefits A key benefit of particular value to members of an integrated will be the ability to pool and standardize identity management practices. It will reduce the misidentification of individuals, where errors can often lead to significant negative consequences for both individuals and organizations. That will contribute to increase the integrity of the identity management activities by reducing the rate of the identity fraud and enhancing the privacy protection that can be offered to individuals and businesses. The ability to leverage the will allow organizations to enhance their own internal security functions through the collective development and use of best practices and principles. The recruitment and sharing of scarce external human resource expertise and resources in identity management will further reduce costs and build a collective knowledge base from which the and its members can draw. 3 Federating Identity Management in the Government of Canada : Initiating the Dialogue, TBS Identity Policy and Programs (IPP) June 7, 2010 - Draft Page 9 of 29

2.4.3 Key challenges To consolidate identity principles and standards, additional research will be required to build on current practices, identifying the strengths and weaknesses of existing standards, and making them applicable to an integrated federation. Each member will need to assess the standards and principles against their own requirements, and propose any additions or modifications necessary to reduce fraud and prevent identity errors. The development of an effective communication strategy and reporting tool for cases that require investigation or additional follow-up will be required. Individual member reports detailing these cases will need to be consolidated into a collective knowledge base, allowing federation members the opportunity to learn from the experiences of other members. The knowledge gleaned through shared reporting will be used to inform future enhancements to federation principles and standards, ensuring a raised benchmark for all federation members. Risk and privacy assesments which take into account all potential service channels will be required to ensure compliance is uniform across all channels. Currently, risk and privacy assessments for program services may not cover all service channels or be representative all the challenges faced. The issue of liability will need to be addressed before members agree to participate in a federation. With members responsible for their own individual actions, the onus will be on its members to advise the federation of evolving jurisprudence within their jurisdiction. The development of standardized liability sharing agreements will need to take these considerations into account. 3. ACTIVITY STREAMS OF THE BLUEPRINT The activity streams in the Blueprint have been designed to allow organizations to target their identity management activities across all aspects of their program management activities (including across the multi-channel universe). Organizations will be asked to look at their business needs, their work processes, their information management practices, their program architecture design and their systems applications. In each of these activities and across the multi-channel universe, organizations will be asked to evaluate how they are managing the different components of the IATF Identity Management Framework: legal, privacy, security, assurance, identity, trust and service experience. The results of these evaluations will be collected and shared with members of the, in order to gather best practices in all the activity streams, which can then be used as the basis for building the Identity Management. Identity Policy and Programs (IPP) June 7, 2010 - Draft Page 10 of 29

Blueprint Matrix Identity Policy and Programs (IPP) June 7, 2010 - Draft Page 11 of 29

Integrated Questionnaire for Identity Management (IdM) 3.1 BUSINESS NEEDS STREAM 3.1.1 Legislative Authorities The authority to identify individuals/organizations that exists for the program or service. 3.1.2 Privacy Authorities and Practices The privacy arrangements in a jurisdiction that allow for the collection, use, disclosure and storage of identity information that is considered personal information. 3.1.3 Security Practices Existing security practices that allow the business needs of the program/service to be met. 3.1.4 Risk Assessment and Mitigation Strategies for IdM Existence of risk assessments for identity management, and a determination of the required level of assurance, and clear risk mitigation options. 3.1.5 IdM Requirements for Multi-Channel Universe The selection of identity attributes that can meet the different needs of specific service channels (mail, in-person, telephone, on-line). 3.1.6 Trust Criteria Identified Key trust components of identity management (i.e. assurance between parties, use of appropriate credentials, transparency, and client trust) are in place for the program or service. 3.1.7 IdM for Client Needs and Multi-Channel Universe The business needs allow for the adoption of Identity Management practices that are adapted to client needs across multiple service channels. 3.2 WORK PROCESS STREAM 3.2.1 Alignment with Legal Authorities and Jurisprudence The work processes of the program/service will be aligned to respect existing legal authorities and jurisprudence, while striving to achieve a greater degree of interoperability amongst jurisdictions. Questionnaire Page 12 of 29

Integrated Questionnaire for Identity Management (IdM) 3.2.2 Privacy Impact Assessments for Multi-Channel Universe The program/service has completed a multi-channel Privacy Impact Assessment (PIA) of its work processes to ensure consistent treatment of identity across channels, services and organizations. 3.2.3 Security Practices The work processes of the program/service have been assessed and conform to security practices that protect the treatment of identity. 3.2.4 Risk Assessment and Mitigation Strategies The work processes of a program/service have undergone an identity risk assessment and are subject to mitigation strategies to ensure compliance with the Pan-Canadian Assurance Model. 3.2.5 IdM Requirements for Multi-Channel Universe The work processes of the program/service have consistent IdM requirements across service channels and, to the extent possible, common identity attributes will be collected for registration, authentication and validation. A clear linkage will be made between the assurance level for the program/service and the identity attributes used for registration, authentication, validation and storage. 3.2.6 Trust Components for IdM The work processes of the program/service will support the key components of trust of identity management: assurance between parties, use of appropriate credentials, transparency, and client trust. 3.2.7 Business Processes for Multi-Channel Universe to Support IdM for Client Needs The work processes for the program/service will support client-centric business processes across service channels. 3.3 INFORMATION (MANAGEMENT) STREAM 3.3.1 Authorities in Place for IdM Information Management Practices Information management practices that support the program/service must comply with existing legislative authorities. 3.3.2 Compliance to the Privacy Code Information management practices that support the program/service must comply with existing privacy practices. Questionnaire Page 13 of 29

Integrated Questionnaire for Identity Management (IdM) 3.3.3 Compliance with Security Practices Information management practices that support the program/service must comply with existing security practices. 3.3.4 Risk Mitigation Strategies for Assurance Information management practices that support the program/service will support the organizations risk mitigation strategies for assurance and seek to comply with the Pan- Canadian Assurance Model. 3.3.5 Standards on Identity Attributes Information management practices that support the program/service will use commonly accepted standards on the collection, use and sharing and management (modification, deletion, etc) of identity attributes. 3.3.6 Trust for Identity Attributes Information management practices that support the program/service will support the key components of trust of identity management: assurance between parties, use of appropriate credentials, transparency, and client trust. 3.3.7 Client-Centric Information Management Practices Information management practices that support the program/service will support clientcentric service delivery. 3.4 ARCHITECTURE (DESIGN) STREAM 3.4.1 Reference Model for Owners and Users of IdM Systems and Technologies The reference model for business processes and supporting system complies with the legislative authorities for a particular program/service. 3.4.2 Guidelines Management of Identity Attributes The reference model for business processes and supporting system complies with the privacy arrangements in the jurisdiction. 3.4.3 Guidelines for System Certification The systems that support your program have been certified to meet the security requirements of the jurisdiction. Questionnaire Page 14 of 29

Integrated Questionnaire for Identity Management (IdM) 3.4.4 Design Guidelines for Risk Mitigation The reference model includes guidelines to ensure the design of business processes and systems meets the needs of the assurance level of the program/service. 3.4.5 Standard Format for the Exchange of Identity Attributes The reference model includes the requirement of a standard format for the use, transmission and exchange of identity attributes. 3.4.6 Guidelines for Building Trust Components into Business Processes and Systems The reference model allows for the creation and sustaining of the trust components of IdM such as assurances, credential usage, transparency and client trust. 3.4.7 Design guidelines for Consistent Identity Treatment for Multi-Channel Universe The reference model ensures the consistent treatment of identity across multiple service channels. 3.5 SYSTEM APPLICATIONS (SUPPORT) STREAM 3.5.1 Supporting Legal authorities The business and systems of the program/service must support the legal authorities for IdM. 3.5.2 Privacy Compliant Systems The business and systems of the program/service must support existing privacy practices. 3.5.3 Guidelines for Secure Systems Applications The business and systems of the program/service must support security controls that manage identity information / attributes exchanges. 3.5.4 IdM Testers and Users Systems Code The business and systems of the program/service must be implemented following a verification and certification process and need to following role-based user code for systems access. 3.5.5 Capture and Use of Identity Attributes Appropriate for Assurance Levels The business and systems of the program/service will collect and use the appropriate identity attributes per assurance level and seek to comply with the Pan-Canadian Assurance Model. Questionnaire Page 15 of 29

Integrated Questionnaire for Identity Management (IdM) 3.5.6 Testers and Users Code that support Trust Components The business and systems of the program/service will be deployed to support the trust components of IdM such as assurances, credential usage, transparency and client trust. 3.5.7 Client-Centred Identity Life Cycle Guidelines The business and systems of the program/service will be deployed to support the management of identity in a client-centred identity information life cycle across channels. 4. BUILDING THE IdM FEDERATION The Blueprint will build upon the IMSC concepts and key projects to enable the of identity. 4.1 Key Projects Why: study practical IdM issues related to areas such as legal, privacy, security and operations Who: domestic and international public sector and private sector organizations When: Start upon IMSC approval, reporting on a regular basis to IMSC meetings What: information / attributes collected, channels used, system operated, etc. How: run key projects and collect information as it becomes available 4.2 Key projects will inform on current situation of IdM: The legal roles and responsibilities of the federal, provincial and territorial entities with regards to the diversity of and capacity for identity management practices; The management of risk and the privacy protection practices from each entity; The security processes regarding follow-up, operations, storage, certification of systems; The quantity and the type of identity attributes and information and the capacity of the systems to support them. The elements in use by each entity to allow for the development of a trust model to manage registration, authentication and validation activities. The importance of strong identity management practices when organizations develop, implement, manage (training, monitoring, etc.) evaluate and report on their service offerings. 4.3 The Key project results will contribute to: Standardizing the identity attributes to ensure interoperability and ensure efficient data exchange amongst system; Questionnaire Page 16 of 29

Integrated Questionnaire for Identity Management (IdM) Standardizing the process of the registration, authentication, validation and storage of the identity attributes to achieve standardized trust and assurance levels; Coordinating practices for data exchange to ensure the availability of real-time information; Consolidating identity management activities to ensure a strong trust relationship amongst organizations (e.g. security level requirements to handle personal information may not be currently consistent amongst organizations and jurisdictions) 4.4 Methodology Key projects need to analyze through the prism of the Blueprint. Each activity stream of the Blueprint should be applied to the design and implementation of each key project. The methodology applied to each of the key projects should be applicable to other projects and the lessons learned from this analysis will represent key steps forward in understanding identity management practices across jurisdictions and will assist in building a federated approach to identity management. 4.4.1 Key Projects (to be completed by the organizations) Labour Workforce Development (NS, CRA & SC) Vital Events Initiatives (SC) Bundled Birth Services (NS, CRA, SC & ON) Next Generation epass (TBS) Online Planning Application Submission (ON) Affordable Housing Information Management System (ON) Integrated Registration for Business (MB) MyBizAccount (ON) 4.5 Commitment to the IdM Members of the are committed to the following: 4.5.1 Ensuring that identity information is processed consistently within and across channels, services and organizations, while respecting assurance levels and privacy requirements; 4.5.2 Ensuring that programs/services integrate the identity management principles of the IdM into development, implementation, evaluation, and reporting activities; Questionnaire Page 17 of 29

Integrated Questionnaire for Identity Management (IdM) 4.5.3 Ensuring that identity components are managed to support consistent and coherent practices for creating, modifying, exchanging, pending, cross-checking and deleting identity information and that allows for independent evaluation, audit, and review; 4.5.4 Ensuring that all identity management respects user agreements and/or licensing conditions, and for ensuring the relevance, authenticity, quality, and cost-effectiveness of identity information for as long as it is required to meet operational needs and accountabilities; 4.5.5 Ensuring its on-going participation in setting services-wide direction for identity information and recordkeeping; 4.5.6 Contributing to the IdM for the development and monitoring of Principles and Standards; 4.5.7 Developing and maintaining business cases to manage costs; 4.5.8 Developing a communication plan to respond to the public in a manner consistent with the principles and standards of the IdM ; 4.5.9 Communicating with the IdM in a timely manner (re: a potential breach of data). Questionnaire Page 18 of 29

Integrated Questionnaire for Identity Management (IdM) Appendix A: Identity Management Questionnaire 1. What is Identity Management? Identity management is the set of principles, practices, processes and procedures used to realize an organization's mandate and its objectives related to identity - a reference or designation used to distinguish a unique and particular individual or organization. 4 2. Purpose and Rationale Managing identity has taken on heightened importance in both the public and private sectors as a result of increased demands by individuals and organizations to access the right benefits and services. Individuals and/or organizations are looking for seamless and secure transactions across jurisdictions. At the June 26, 2009 meeting of the Federal, Provincial and Territories (FPT) Deputy Ministers responsible for Service Delivery, Deputies agreed to continue work to enhance identity management practices in use within their jurisdictions through the pragmatic application of the Pan-Canadian Assurance Model in existing or planned key projects, and to continue advancing learning through testing other components of the Pan-Canadian Identity Management Framework. The purpose of the Integrated Questionnaire is to provide a generic tool for organizations to assist them in determining the efficiency and effectiveness of identity management processes within their respective departments and/or with its service delivery partners. The questionnaire will also be used to help organizations assess the integrity of the delivery of their benefits and services. 3. Who should use the Integrated Questionnaire for IdM and when? The questionnaire should be completed by employees responsible for the management of the identity processes (i.e. registration, authentication, validation, privacy, and assurance) within a program or service. It can be used for any program or service during its development, management, implementation, evaluation, and audit cycle. Attachments: Annex A Identity Attributes Annex B - Questionnaire Annex C - Example of How to Complete the Questionnaire Annex D - Guidelines for Managing the Questionnaire Annex E - Sample Call Letter 4 http://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=16578&section=text Questionnaire Page 19 of 29

Integrated Questionnaire for Identity Management (IdM) Annex A Key Identity Attributes As an example, here is some identity attributes used in Service Canada including: Given Name Family Name Date of Birth Gender Social Insurance Number (SIN) Address (home, mailing, e-mail) Citizenship Questionnaire Page 20 of 29

Integrated Questionnaire for Identity Management (IdM) Annex B 1. The goal of the questionnaire is to help: Standardize the format of identity attributes to ensure interoperability and ensure efficient data exchange amongst the system and partners; Standardize the process of the registration, authentication, validation and storage of the identity attributes to achieve standardized trust and assurance levels; Coordinate practices for data exchange to ensure that real-time information is available; Consolidate identity management activities to ensure a strong trust relationship amongst organizations and practices (e.g. security level requirements to handle personal information not currently consistent amongst organizations and jurisdictions) 2. The results from the questionnaire will inform about: The legal roles and responsibilities of the federal, provincial and territorial entities with regards to the diversity of and capacity for identity management practices (sections B, C.1 and C.3); The management of risk and the privacy protection practices from each entity (section C.3); The security processes regarding follow-up, operations, storage, certification of systems (section C.3); The quantity and the type of identity attributes and information, and the capacity of the systems to support them (section C.2). The elements in use by each entity to allow for the development of a trust model to manage registration, authentication and validation activities (section C.2). The importance of strong identity management practices when organizations develop, implement, manage (training, monitoring, etc.) evaluate and report their service offering (section D). 3. Point of Contact If there are any further questions or comments regarding the questionnaire, please contact (contact name) at (e.g. email of contact name). Questionnaire Page 21 of 29

Integrated Questionnaire for Identity Management (IdM) Section A. Information about the respondent A To be completed by the program / service manager: A.1 Full name: A.2 Work phone number: A.3 Work email: Section B. Information about the organization in assessment B.1.1 B.1.2 Legal name of Department, Ministry, Organization/Company: User name of Department, Ministry, Organization/Company: B.2 Organization type (check all that apply): B.2.1 Government B.2.2 Non-profit B.2.3 Corporation B.2.4 Partnership B.2.5 Sole proprietor B.2.6 Other B.2.7 If other, please specify: B.3 Organization authority (check all that apply): B.3.1 Canadian B.3.2 Alberta (AB) B.3.3 British Columbia (BC) B.3.4 Manitoba (MB) B.3.5 New Brunswick (NB) B.3.6 Newfoundland and Labrador (NL) B.3.7 Northwest Territories (NT) B.3.8 Nova Scotia (NS) B.3.9 Nunavut (NU) B.3.10 Ontario (ON) B.3.11 Prince Edward Island (PE) B.3.12 Quebec (QC) B.3.13 Saskatchewan (SK) B.3.14 Yukon (YT) B.3.15 Other B.3.16 If other, please specify: Questionnaire Page 22 of 29

Protected Please indicate the security level Integrated Questionnaire for Identity Management (IdM) Section C. For each Program / Service, please complete the following related tables: C.1 Name of Program or Service *Please add a new row to the table for each identity attribute included on the application form** C.2 Identity Elements C.3 Administration of Identity Elements C.2.1 C.3.1 All identity Authority to use attributes identity attribute and data or data element elements listed in C.2.1. asked on Acts/Regulations/ application Policy, User form. Guides, etc. C.2.2 Channel(s) used for program or service for identity attribute or data element listed in C.2.1. Phone, mail, internet, etc. C.2.3 Storage format of identity attribute or data element listed in C.2.1. Alpha format, numeric format, alphanumeric format, code, etc. C.2.4 Maximum number of characters or pixels allowed for storage for identity attribute or data element listed in C.2.1. C.3.2 Frequency of modification for identity attribute or data element listed in C.2.1. How often can the applicant s information be modified (e.g. updated, changed, suspended, deleted, or recovered)? C.3.3 Internal transfer mechanism for identity attribute or data element listed in C.2.1. How is the applicant s information transmitted to its final storage location? C.3.4 Location and security level of stored information for identity attribute or data element listed in C.2.1. C.3.5 If applicable, please list any exceptions for sections C.2.3, C.2.4, C.3.1, C.3.2, C.3.3 and C.3.4 Questionnaire Page 23 of 29

Protected Please indicate the security level Integrated Questionnaire for Identity Management (IdM) Section D. Identity Management Practices D.1 Questions on Identity Management Practices D.1.1 How do you coordinate, manage and respond to the diverse information needs on identity management of the public? D.1.2 How do you raise privacy issues for, and during the design, implementation and evolution of programs and services? D.1.3 How do you manage the consequences in the event of harmful or damaging incidents arising from identity management risks, and to provide for adequate and timely compensation, restoration and recovery? D.1.4 Do you have common definitions and requirements that can be used by government departments operating in different jurisdictions and at different levels, and by commercial organizations who have relations with government? D.1.5 Do you have any identity management frameworks, guidelines, procedures, etc. to ensure effective identity management practices by outlining requirements to support departments in the establishment, use and validation of identity? D.1.6 Do you have any security and information management frameworks, guidelines, procedures, etc. to effectively manage security activities? D.1.7 Do you have a comprehensive and reliable base of evaluation methods/reports that is used to support identity management? D.2 Response D.3 Please indicate the service delivery channels analyzed in section D.2 Questionnaire Page 24 of 29

Protected Please indicate the security level Integrated Questionnaire for Identity Management (IdM) Annex C - Example of How to Complete Questionnaire The following three pages is an example of how to complete sections A to C of the questionnaire, using the Social Insurance Number (SIN) application process. Please note that the example is not fully complete, but rather it is to demonstrate how the questionnaire should be completed. The content of the example is fictitious information and does not represent reality. Questionnaire Page 25 of 29

Protected Please indicate the security level Integrated Questionnaire for Identity Management (IdM) Section A. Information about the respondent A To be completed by the program / service manager: A.1 Full name: John Smith A.2 Work phone number: 819-999-9999 A.3 Work email: john.smith@hrsdc-rhdcc.gc.ca Section B. Information about the organization in assessment B.1.1 B.1.2 Legal name of Department, Ministry, Organization/Company: User name of Department, Ministry, Organization/Company: B.2 Organization type (check all that apply): B.2.1 Government B.2.2 Non-profit B.2.3 Corporation B.2.4 Partnership B.2.5 Sole proprietor B.2.6 Other B.2.7 If other, please specify: Department of Human Resources and Skills Development Canada Human Resources and Skills Development Canada (HRSDC), Service Canada Initiative B.3 Organization authority (check all that apply): B.3.1 Canadian B.3.2 Alberta (AB) B.3.3 British Columbia (BC) B.3.4 Manitoba (MB) B.3.5 New Brunswick (NB) B.3.6 Newfoundland and Labrador (NL) B.3.7 Northwest Territories (NT) B.3.8 Nova Scotia (NS) B.3.9 Nunavut (NU) B.3.10 Ontario (ON) B.3.11 Prince Edward Island (PE) B.3.12 Quebec (QC) B.3.13 Saskatchewan (SK) B.3.14 Yukon (YT) B.3.15 Other B.3.16 If other, please specify: Questionnaire Page 26 of 29

Protected Please indicate the security level Integrated Questionnaire for Identity Management (IdM) Section C. For each Program / Service, please complete the following related tables: C.1 Name of Program/Service Social Insurance Number (SIN) *Please add a new row to the table for each identity attribute included on application form* C.2 Identity Elements C.3 Administration of Identity Elements C.2.1 All identity attributes and data elements asked on application form. C.2.2 Channel(s) used for program or service for identity attribute or data element listed in C.2.1. Phone, mail, internet, etc. C.2.3 Storage format of identity attribute or data element listed in C.2.1. Alpha format, numeric format, alpha-numeric format, code, etc. C.2.4 Maximum number of characters or pixels allowed for storage for identity attribute or data element listed in C.2.1. C.3.1 Authority to use identity attribute or data element listed in C.2.1. Acts/Regulations/ Policy, User Guides, etc. C.3.2 Frequency of modification for identity attribute or data element listed in C.2.1. How often can the applicant s information be modified (e.g. updated, changed, suspended, deleted, or First Given Name In-person, mail Alpha format 200 characters Employment Insurance Act s.138 recovered)? EI Act s.140 C.3.3 Internal transfer mechanism for identity attribute or data element listed in C.2.1. How is the applicant s information transmitted to its final storage location? Electronically C.3.4 Location and security level of stored information for identity attribute or data element listed in C.2.1. Social Insurance Database C.3.5 If applicable, please list any exceptions for sections C.2.3, C.2.4, C.3.1, C.3.2, C.3.3 and C.3.4 Privacy Act s.6(2) s.71(4) EI Regulations s.89(3)(a) Privacy Act s.10(1) Family Name In-person, mail Alpha format 200 characters Employment Insurance Act s.138 EI Act s.140 Electronically Social Insurance Database Privacy Act s.6(2) s.71(4) EI Regulations s.89(3)(a) Privacy Act s.10(1) Questionnaire Page 27 of 29

Protected Please indicate the security level Integrated Questionnaire for Identity Management (IdM) Annex D - Guidelines for Managing the Questionnaire 1. Determine a point of contact, who will act as the lead for the questionnaire. The lead will be responsible for distributing and collecting the questionnaire from his or her respondents. 2. Determine how many employees manage the registration, authentication, validation, privacy, and assurance processes of your project. 3. Determine a security level for the completed questionnaire. The questionnaire was developed to be completed on the computer, but it may also be completed in other ways, as in compliance with the security requirement levels. 4. Verify contact information of the employees whom you wish to complete the questionnaire to ensure it is up-to-date/current. 5. Determine a communications plan to inform employees of the questionnaire (see Annex D for an example of a call letter). 6. Determine timelines for follow-up and collection of questionnaires. 7. After all the questionnaires have been collected, analyze your results to determine whether they correspond to the goals of the questionnaire (see Annex A). 8. Prepare an assessment report based on the results from the questionnaire. 9. Determine a communication strategy to communicate results to your organization. Questionnaire Page 28 of 29

Protected Please indicate the security level Integrated Questionnaire for Identity Management (IdM) Annex E Sample Call Letter TO: Insert Name(s) of Employee(s) FROM: Insert Name of Questionnaire Point of Contact SUBJECT: Questionnaire for IdM DATE: Managing identity has taken on heightened importance in both the public and private sectors as a result of increased demands by individuals and organizations to access the right benefits and services. Individuals and/or organizations are looking for seamless and secure transactions across jurisdictions. This goes in line with our current project (insert name of project). In order to make sure that our (choose one of the following: benefit/program/service/project) is delivered to the right person or organization at the right time, we need to ensure that we properly address identity management elements (i.e. registration, authentication, and validation in a privacy and assurance context) in the areas of legal, security, and service delivery. The questionnaire aims to help us determine areas that need to be addressed in order to further enhance the integrity of our program/service. Attached to this letter is the questionnaire. Please send it to all staff, stakeholders and partners responsible for the management of the identity processes (i.e. registration, authentication, validation, privacy, and assurance) within your program or service. Please complete and return the questionnaire to (insert Point of Contact name) by (insert date). Any questions regarding the questionnaire should be directed to (insert Point of Contact name) at (insert contact information). Thank you in advance, (Questionnaire manager full name) (Job title) (Organization title) (Phone number) (Email address) Attachment (1): Integrated Questionnaire for Identity Management (IdM) Questionnaire Page 29 of 29