Privacy Enhancing Approach

From IIW

Issue/Topic: A government model for a privacy enhanching approach with user centric claims-based identity information management encorporating strong authentication.

Session: Day 1 – Number 4 - Space Location C

Conference: IIW10 May 17-19, 2009 this is the complete Complete Set of Notes

Convener: Peter.Watkins@gov.bc.ca, Government of British Columbia [1]

A. Tags for the session - technology discussed/ideas considered:

BC Government user centric claims-based identity information management privacy enhancement strong authenticaiton

B. Discussion notes, key understandings, outstanding questions, observations, and, if appropriate to this discussion: action items, next steps:

Presentation showed how a government jurisdiction that performs a high quality identity proofing and registration process could result in the issuance of standard contactless smart cards. Such cards could be used as an authentication credential used to allow the citizen to obtain trusted identity information claims about themselves for online access to information and services as well as identity and eligibility verification at physical points of service.

Large focus was placed on the privacy enhancing aspects of the architecture and solution model that the BC Government presented.

Discussion and dialogue focused on the validity of the various measures being used to limit information sharing between the various solution components and parties associated with the identity interactions.

Comparisons were made illustrating differences between the Canadian and US approaches for registration and identity proofing processes for government services. Particular area of concern is the avoidance of depending on a universal identifier for the citizen as they interact with government services.

The model shown utilized a variety of current techniques, but in unique ways or combinations, such as to improve privacy protections. In addition it would provide the convenience and simplicity of contactless smart cards for interacting with multiple programs and services.

Additionally, a strength of the approach was the ability to obtain identity claims such as age, or province/state of residence without personally identifying the citizen, and to allow citizens to obtain such trusted identity information from government and use it, at their discretion, on general internet sites or commercial sites.