Digital Identity in Canada The little Trust Framework that could

Digital Identity in Canada

Today all web services have

dedicated-siloed authentication infrastructure

Tomorrow there will be three types of web services

!

Credential Provider

!

Silo Authentication

•

MasterCard MPRI Study, 2014

"

MPRI - a consolidated measure of mobile payments readiness for a

country (1 to 100)

"

Key filters

•

Collaboration between gov, banks, telcos

•

Level of user adoption

•

Mobile ready

•

UN EGovernment Survey, 2014

"

EGDI – EGovernment Development Index

•

A composite measure of eGovernment service delivery (0 to 1)

–

TII – Telecommunication Infrastructure Index

»

Measures fixed and wireless telecom data and consumer adoption

–

OSI – Online Services Index

»

Measures eGovernment service programs and efficacy

–

HCI – Human Capital Index

MPRI Countries

Figures are MPRI Score

(0 to 100)

Observation:

There is a big spread in

country sizes both in terms of

1)

Land Mass

Egov Services Index EGDI

EGDI Heatmap

Darker colours are better

positioned for eGov services

Two key components of EGDI

TII – Telecom/Internet readiness

OSI – eGov program readiness

Plot of TII to OSI

Telecom to eGov readiness

Four Quadrants

1.

Aspirational Economies are typically

in the developing world and want to

come up the curve. Likely interested

in eGov messages, but many things

to accomplish at once.

2.

Lethargic Governments have healthy

telecom sector but eGov services

are not there yet. Lower tax jurisdictions.

Lower installed solutions to overcome,

but also may need to

create the case for change.

3.

Gov-Lead Economies have good eGov

services but telecom sector is lagging.

Tend to be left leaning. Likely state

influence over telecom.

4.

Magic Quadrant tend to be healthy

democratic countries with well

developed eGov and telecom.

eGov thinking is there, need to

eGov

L

ag

ga

rd

s

eGov

L

ea

de

rs

Plot of TII to OSI

Telecom to eGov readiness

Bubble size represents population size

There is a wide spectrum of readiness

Plot of TII to OSI

Telecom to eGov readiness

Bubble size represents

population size

Countries broken in to two

groups

MPRI Countries (Orange)

Non MPRI Countries (Blue)

Clear lead in MPRI countries

in

to serve eGovernment use

cases

MPRI Countries:

MPRI vs OSI

(eGov readiness)

All of these countries have the right conditions:

1)

Advanced eGov

2)

Advanced Banks & Telecom

3)

Proven P3 collaboration

4)

Consumer readiness

1)

Internet adoption

2)

Mobile payments

All need

Identity Federation.

Canada has the lead

on P3 Federation

•

Created 2010 by Minister Flaherty

•

Headed by Pat Meredith

•

Cross section of business 250 business people

•

Tasked to find path forward to digital payments in Canada

•

Key Conclusions

"

Requiring electronic invoicing and payments for all government

suppliers and benefit recipients;

"

Supporting the build out of a

digital identification and

authentication

regime; and

"

Partnering with the private sector to create a

mobile ecosystem

to

deliver both commercial and public services to citizens.

The double-barreled

conundrum of the online

channel for some services.

Low transaction velocity

mean low business

assurance.

Users are quick to abandon

when they can’t accomplish

their tasks online.

With more services

access gets harder.

Online authentication

discombobulation.

briidge.net Exchange

Platform deployed as a

branded service called

“SecureKey Concierge”

Credential Providers

Frequently Used Trusted Credentials

Credential Subscribers

Infrequently Used Services

0

500000

1000000

1500000

2000000

2500000

3000000

3500000

4000000

4500000

Jan-15 Feb-15 Mar-15 Apr-15 May-15 Jun-15

Jul-15

Aug-15 Sep-15 Oct-15 Nov-15 Dec-15 Jan-16

You can travel

anywhere in the world

with your bank card

and get cash from the

local ATM.

1)

Federation

2)

Strong

Authentication

3)

Trust Framework

Online identity needs to

work more like that.

•

We all know what trust frameworks are

"

We just don’t call them that

•

Stock markets, credit card networks, real estate

brokers, auto insurance, ATM networks

•

All examples of Trust Frameworks

Forces at play

•

Discovery

•

Privacy & Consent

•

UX

•

SLA

•

Assurance model

•

Liability

•

Non-repudiation

•

Remediation

•

Risk

Transaction

•

Arrange forces at play in a way that transactions can

flow

•

Provide Tools and Rules to operate network

•

Provide a discovery mechanism for transactions to

occur. Plurality is key: choice and coverage

•

Set out details of how to manage: Privacy & Consent,

UX, SLA, Assurance mode, Liability, Non-repudiation,

Risk, Remediation

•

Symmetrical

"

Each endpoint both consumes and provides transactions

"

Example: Stock markets, ATM networks, Real estate networks

•

Asymmetrical

"

Some endpoints produce transactions and others consume

transactions

"

Example: Credit card networks, debit networks

•

Hybrid

"

Every endpoint consumes transactions, some endpoints also

produce transactions

•

Symmetrical

"

Liability is easier to balance

"

Real Estate

•

Asymmetrical

"

Liability is harder to get balance right

"

Credit Cards

•

Hybrid

"

Also hard to get get balance right

•

GC derived CATS2 from Kantara Initiative

•

GC sought authentication only

•

SKC Trust Framework = Contract + CATS2

•

Partner Banks & SecureKey innovated to add

"

Privacy model

"

Business model

"

Liability model

Identity

•

Onboarding

•

Who is this

person?

Authentication

•

Access

•

Is this the same

person originally

onboarded?

Authorization

•

Access Rights

•

What can the

person do?

Identity

Authentication

Authorization

Canada leads at federation globally

USA & UK next

Clear separation between 3 pillars

Separation provides more flexibility

Ecosystem players

Procurement

Attributes are a squeaky wheel.

Need to separate identity

From Authorization

•

RP Sourced (GC model)

•

Bank Sourced (ie: CSP)

•

3

rd

_{Party Sourced (credit bureaus et al)}

•

Digital Credentials (BC model, ePassports)

Street Model

Digital Model

Moving to embrace cloud

“Tokenization”

Online payments more secure

One card + many destinations

Moving to embrace the street

“Beacons”

Same experience online and instore

One ‘card’ with many destinations

3 to 6 cards – many

destinations

One ‘card’ per destination

Market

Opportunity

Pa

ym

en

ts

Id

en

ti

ty

•

$100M savings over 5 years

for card consolidation

•

Est. $600M - $1B / year

savings in health care fraud

alone

•

Utilizes briidge.net Connect

for credential issuance and

•

Objectives

"

Reduce number of citizen credentials.

"

Conversion of Drivers License to “Services Card”.

"

Accelerate shift of services to on-line.

"

Drive point-of-interaction terminal support.

"

Common framework across all channels.

"

CSP accepted by Canadian Federal Gov for future

"

Reduce fraudulent Health Care Cards (…9M to 4.5M).

•

Results

"

Card issuance started in February 2013.

"

Authentication services starting in early 2014.

"

First EMV based framework for Government services

Roles and Responsibilities

Jeff Vining focuses on

government-specific topics, such as digital

government, citizen eID initiatives,

social media tools and mobile

enterprise strategy.

Oct 2014

“"Approaches like BC in

Canada, in partnership with

vendors like SecureKey are the

Future of Citizen Digital ID’s".

He went on to reference

specific details the SDK

approach, and simple “payment

network” style of identity

Identity

Authentication

Authorization

What we are doing is new

Canada is leading the world

The world is following

The transition is happening

– do we create it

- or let it happen to us

Keeping identity/authn/authzn

separate key to success

Trust Frameworks are the

Andre Boysen