Refeds


Subject Fwd: [BoT] FYI: GC Guideline on Identity Assurance - Draft for Consultation
From Nicole Harris <harris@xxxxxxxxxx>
Date Tue, 14 May 2013 11:52:10 +0200

 The following may be of interest.

From: Dagg, Kenneth
Sent: May-13-13 3:19 PM
To: 'wg-idassurance@xxxxxxxxxxxxxxxxxxxxx'; 'wg-attributes-in-motion@xxxxxxxxxxxxxxxxxxxxx'
Cc: 'Joni Brennan (joni@xxxxxxxxxxxxx)'; 'Andrew Hughes (andrew@xxxxxxxxxxxxxxxxxxxxx)'; 'Heather Flanagan (heather@xxxxxxxxxxxxxxxxxxxxx)'; Bouma, Tim
Subject: GC Guideline on Identity Assurance - Draft for Consultation

 

Please find attached the  consultation draft of the Government of Canada’s Guideline on Identity Assurance. We have distributed this document to our provincial and territorial government counterparts in Canada for consultation. We plan to finalize this document in early summer. I have received the go-ahead to provide to Kantara initiative Working Groups. Please do not hesitate to forward it to other Kantara Initiative members to whom it might be of interest. We have also forwarded the document to representatives of other foreign governments for their comments.

A few notes on the draft guideline:

·         This guideline supports the implementation of the Standard on Identity and Credential Assurance, specifically, Appendix C:  Minimum Requirements to Establish an Identity Assurance Level . It is mandatory that federal departments comply with this standard, including the appendix. This policy can be found at: http://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=26776.

·         This version of the guideline has undergone extensive consultation with federal government departments and we are now comfortable with sharing this with the broader community.  We believe we’ve created something that gives departments reasonably precise parameters but without being unnecessarily prescriptive (always a challenge). Departments will be able to implement this guideline within their respective legislative frameworks and comply with the standard. The standard and the guideline are also intended to facilitate the adoption of trust frameworks where appropriate. It should be noted that both the standard and guideline were developed by users, rather than providers, of identity.

·         The guideline pays significant attention to articulating requirements and guidelines that are ‘independent of channel’ (e.g. in-person, remote, etc.) and that are ‘beyond the document’ (to allow for digital alternatives). As such, it does not unnecessarily constrain departments to providing in-person processes and/or require that physical documentary evidence be provided. While this may be difficult, if not impossible today, these possibilities cannot be discounted in the future.

·         You will notice there are many similarities to US government documents such as OMB M04-04, and NIST SP 800-63-2. We have also taken a very close look at the United Kingdom GPG-45  and the New Zealand Evidence of Identity (EOI) Standard. We have also kept up to date on the work being done by the ANSI/NASPO/IDPV-2013. We have taken the very best of these documents/efforts, and adapted/evolved it for Canadian context.

·         The ‘normative’ section of the guideline is Section 3.0 (Sections 3.1 to 3.10). Within these sections you will see various tables with specific criteria and guidelines. We envision these sections as forming the basis of an implementation assessment framework. The primary focus of this guideline has been on programs providing services to external clients, however, it also applies to programs providing services to internal clients (e.g. employees and contractors), including PKI.

·         This guideline is  a companion to the TBS  Guideline of Defining Authentication Requirements, found at: http://www.tbs-sct.gc.ca/pol/doc-eng.aspx?id=26262 . This guideline provides departments with a definitive assessment framework to determine an assurance level requirement (similar to OMB M04-04 but with some key differences). There are some other technical companion documents (described in Section 2.5).

We look forward to any comments, questions, and/or feedback.  I will keep you up to date as the document is finalized.

Regards,

Ken

 

Kenneth Dagg
Senior Project Co-ordinator | Coordonnateur de projet supérieur
Security and Identity Management | Sécurité et gestion des identités
Chief Information Officer Branch | Direction du dirigeant principal de l'information
Treasury Board of Canada Secretariat | Secrétariat du Conseil du Trésor du Canada
Ottawa, Canada K1A 0R5
Kenneth.Dagg@xxxxxxxxxxxxx

Telephone | Téléphone 613-957-7041 / Facsimile | Télécopieur 613-954-6642 / Teletypewriter | Téléimprimeur 613-957-9090
Government of Canada | Gouvernement du Canada

cid:image001.gif@01CDF886.3DB7BC50

 



Attachment: Guideline on Identity Assurance Consultation Draft Apr 25 2013.pdf
Description: Adobe PDF document

_______________________________________________
Trustees mailing list
Trustees@xxxxxxxxxxxxxxxxxxxxx
http://kantarainitiative.org/mailman/listinfo/trustees