In October 2008, I wrote a five part review of identity assurance, based on the framework contained in the Pan-Canadian Strategy for Identity Management and Authentication. At the time these blog posts were the only Canadian resource available for analyzing and planning identity assurance.
Since then a number of changes have occurred that have prompted me to update these posts. For example, an Assurance, Identity and Trust Working Group was established by the national Identity Management Steering Committee. This team prepared a report, the Pan-Canadian Assurance Model, that provides more guidance and detail than the original framework.
Having said this, the goal of the model remains unchanged; it strives to standardize identity assurance to allow for provincial and federal systems to interoperate. It is foundational to the broader Pan-Canadian framework, and is key to implementing citizen services across the country.
The identity assurance model is primarily concerned with establishing agreed-to levels of assurance and defining the concepts and terms each party need to understand. It has an emphasis on federation and looks to support risk management activities within partnering organizations.
The Pan-Canadian identity assurance model is represented as follows (click/tap to enlarge):
While this model is an important input into this blog post series, it needs to be supplemented by real-world experience. For each topic in the series, I will inject examples from my experience implementing IAM solutions over the past ten years, and provide insight into the opportunities and challenges offered by the model.
First in the series, click here for the post on Information Classification.