Open standards for government transformation: Panel 1

Notes from the OASIS/World Bank workshop on “Open Standards for Government Transformation: Enabling Transparency, Security and Interoperability” in Washington.


Panel One: Identity, Authentication and Security

Chair: Deepak Bhatia, Practice Leader for e-Government Applications, Global ICT Department, World Bank

Once againback the importance of standards

Vendors and technology can stay and go but open standards should stay forever

It’s really difficult to provide a citizen-centered view


Identity, Authentication Standards: Status Report

Speaker:  Colin Wallis, Identity Standards Manager, New Zealand Government, OASIS eGov Steering Committee, OASIS eGov Steering Committee

Clues, what New Zealand has got and how the development took place+

Life would be easy with just one standardization organization, but there are several such bodies – net sector SDO, sector standards, jurisdiction, protocols – “standards soup”

Some of the organizations:

  • W3C – founder: Tim Berners Lee, important for standards
  • IETF – Internet Engineering Task Force
  • ISO – International Organization for Standardization

We want to get to Web 3.0, Identity 2.0 and Government 2.0 – but first we have to reach Identity 1.0, Interoperability 1.0, Convergence 0.0

eGov profile of SAML – differently applied in different countries

It’s vital to ensure that the applications in different countries “talk to each other”

Developing nations:

  • “have the power”
  • Customer
  • Vote – 1 country, 1 vote – use it responsibly
  • Knowledge – it’s already there and can be used
  • Neutral
  • It’s important to begin


Credential Management Evolution

Speaker: Bob Sunday, Senior Architect, CTO, PWGSC, Canada & OASIS eGov Steering Committee

Canada: 33m population, low density – how to get services to all these people

2000 – strong push to anabling government services online, big success story

  • Building a new Canda-wise network
  • Secure infrastructure

In 2000 PKI (public key infrastructure) was the standard, so Canada build one – now it’s used in 83 different programs

  • epass certificates
  • nowadays: over 5m certificates issued
  • ~0,5m unique logins per week
  • amazing sucess

Now it has to be replaced – opportunity to chose the standards which will stay for the next 10-20 years

Getting ready for the “SAML-wireless world”

Many requierements

  • multiple credential providers
  • multiple levels of assurance
  • technology neutral

It’s important now to chose a standard-based architecture, they have to be fully integrated

A lot of decisions have to be taken:

  • Underlying architecture: long term stability -> SAML , it’s an entire architecture
  • Proven implementation profile: ensure availability of proven interoperable COTS products

Strategy to move to a new system:

  • From an existing epass solution, they users and the applications have to be moved to a new system with a new credential system
  • the new system has to talk to the old system
  • finally the converted applications have to be replaced by new applications, which work with the converted users

“We are just at the beginning of the path”

True messages:

  • It’s vital to have a framework putting the open standards together
  • It’s important for them to be interoperable
  • Testing interoperability is really good
  • Stability for the long term is substantial


Information Security Standards: Promoting Trust, Transparency and Due Diligence

Speaker: Ron Ross, Senior Computer Scientist and Information Security Researcher, National Institute of Standards and Technology

Security is at the core of making the technology work

Security is not an impediment, but an enabler

Security is a combination of management, techical & operational aspects

We need to establish a standard on due diligence

Business relationship: how do I know that I can trust my partner?

  • Common language to describe security
  • Open standards for security

There is big business in destroying customers, breaking into systems, stealing intellectual property, …

It’s important to make a global effort for enhanced security

Today we are so dependent on technology, security should be our first concern

Important parts of an enterprise security concept – framework for managing risk:

  • Security plan
  • Security assesment report – did we do a good job managing riks?
  • Plan of action and milestones – how to manage vulnarabilities


Q & A:

Q: When you have providers in the country, is there also a drive for identity management across the borders?

Bob Sunday: Of course – but you have to define the work “identity”, Canada has gone away from credintialing, anonymous credentialing has big strengths.

A: Standardization around identity management is possible.

Q: Is Ghana a leader in eGovernment and are you willing to share with other African countries?

Sam Somuah: We are quite far ahead, definitely we are willing to share our experiences.

Q:Why is seperation of credential providers necessary?

Bob Sunday: Seperation of credential providers because it’s a commercial market for credential providers – it’s a way to make it more competitive. We don’t want to force the citizins to have a certain credential.

Q: How is membership in OASIS organized?

A: Your membership will be a government membership, so everybody can join there. OASIS is made up of its members, they decide.

Q: Explain more this quote: “We want Web 3.0, Identity 2.0 and Gov 2.0, but 1st: Identity 1.0, Interoperability 1.0, Convergence 0.0”

A: There’s a lot of people looking ahead to what’s in the future – but the developments right now should be to “get the engines going”, the basics have to be in place to start further advances.

Q: Is Cloud Computing already relevant in this enterprise architecture discussion?

A: Just short: it’s much more complex than people think.

Tags: , , , , ,
Open standards for government transformation: Panel 1
was published on 17.04.2009 by Florian Sturm. It files under global
You can follow any responses to this entry through the RSS 2.0 feed.
No Comments AddThis Feed Button

Comments are closed.