Project Abstract Cyber AuthN Renewal
Key data see [overview|bctf:Implemented Trust Frameworks].
Key purpose, services, user community, numbers: Secure access to on-line government services currently 23 departments and 80 applications, 9 million active credentials, in production since 2004. Going out of production end of 2012. Replacement to start rolling out fall 2011.
Inception: Government on-line Initiative (2002) needed this infrastructure to move government services on-line
Maturity: Operated for 8 years, Canada was reported by the Anderson global study to be on the top in government services.
Business case:
Legal framework: Fully compliant with Canada’s privacy, common look-and-feel standards. Has 2 official languages. W3C accessibility level 2.
Technical standards: Uses proprietary custom-developed PKI-based technology. Replacement will be open-standard SAML 2.0 based; reuse of credentials that user already have if users have a business relationship with the CSP. Banks will be allowed as private CSPs by the government.
Assurance levels and policy profiles: Assurance Level 2, no privacy profile, but underwent privacy impact assessment to meet the requirements of our privacy act.
Lessons learned: Keep it open standards. Base it on per-user pricing model, rather that per-transaction.