On a bright sunny day this past June in Niagara-on-the-lake, while tourists were arriving to take in the plays at the Shaw Festival, Dave Nikolejsin climbed onstage for what could end up being the most provocative performance of his career.
The CIO for the province of British Columbia was at Lac Carling Congress, an annual gathering of public sector technology professionals and public servants, to lead a session on how the government could do a better job of offering "trusted services" in an online world. The introduction from Nunavut CIO Peter Baril, however, made it sound as though his peer was about to be thrown to the dogs. A panel of fellow CIOs and deputy ministers were ready to "rip him apart," once he presented his idea, Baril said, adding that Nikolejsin was "looking forward to it."
When he finally stood up at the podium, however, Nikolejsin didn't seem like a man spoiling for a fight. Tall, bespectacled and projecting an easygoing manner, he simply spent the next 30 minutes outlining an approach that would fundamentally change the way governments and even private businesses handle identity management. In other words, a way for banks, agencies and other organizations to verify who someone is when they need to access personal information in order to provide a service involving the Internet.
More on IT World Canada3 quick wins in identity managementRight now, most Web sites require users to register for anything important they want to do online. This involves filling out a form with name, address and other contact information, as well as choosing a unique user name and password. As you use more and more online services, of course, you end up with a laundry list of passwords you can't remember, and some frustrated Internet users are reaching "registration fatigue," avoiding signing up altogether if possible.
The usual alternative is a "common credential service," where, for example, the government could provide users with something to identify themselves without having to sign up. This would include the number mailed out to citizens every year to file their taxes using NetFile -- a service Nikolejsin, for one, loves. "It's a great service, but the problem is I can't take that four-digit code and do anything else with it," he says.
Instead, common credential services are typically tied to one or a few systems, so they're not interoperable. Nikolejsin claims they're also much slower to use on the back end and increase risk.
Claims-based ID
Nikolejsin's vision is based on what's called "claims-based" identity management, which would provide a similar interface for booking a hotel, buying a book or registering for a course online, but allow the user to choose the credential that verifies who they are.
Here's how it works: An organization such as Canada Revenue Agency or Chapters.Indigo.ca is the "relying party" which controls access to a service, such as processing a tax return or selling a book. Relying parties require proof of identity online to provide that service. If it's the CRA, a user's name, SIN number and employer might be good enough. To buy a book, Chapters.Indigo.ca would need a shipping address but also the ability to ensure the online customer's credit card is valid.
This kind of personal information is already stored by a number of organizations. The government of Canada would have users' SIN numbers, for instance, and a bank like RBC would have access to their credit information. There might be other so-called "authoritative parties," however. A provincial agency might also have a user's SIN number on file, or the same book buyer might also be a BMO customer. Under the claims-based model, the user would tap into a sort of electronic wallet on their computer called an identity agent. This software would let the user choose which "informaton card" -- electronic versions of their bank card, their health card, or even a university alumni card -- they want the relying party to use to verify their
Post new comment