The document summarizes a presentation on identity and access management (IAM) and its linkage to innovative service delivery. It provides three case studies: (1) Belgium's transition to an e-government model enabled by IAM, (2) using mobile authentication for self-certification of benefits eligibility in the EU, and (3) the potential for mobile voting. It then discusses global IAM business challenges and implications for IAM program design, technologies, reference architectures, and global initiatives before concluding with examples of IAM implementations.

1. Identity and Access Management (IAM) Linkage to
Innovative Service Delivery
February 17th, 2012
Victoria, B.C.
Brian Reed, IAM Practice Lead,
HP Enterprise Services, Canada

2. • Session Objectives
• IAM Linkage to Innovative Service Delivery:
– Case Study 1: Belgium - Flemish e-Government
Transformation
• Shifting from “pull” to innovative “push” models is changing
the urgency for IAM
– Case Study 2: EU Self Certification
• Enabling Self Certification for Benefits Eligibility through
Voice Print Biometrics and Mobile Authentication
– DEMO – live voice print demonstration
– Case Study 3: Mobile Voting
• Global IAM Business Challenges
• Implications for IAM Program Design
• Market trends and models
• Technology considerations
• Reference architectures
• Global Initiatives:
• British Business Federation Authority (BBFA) Federated Identity
Management
• Reference Implementations
• Government of Canada Pension Modernization: IAM
Framework of Enterprise Applications
• U.S. Access
• India UID
• Solution Convergence
• Summary
Presentation Outline

3. Session Objectives
• To share through case studies, the linkages between fiscal climate change
and IAM; and linkages of IAM to innovative service delivery
• To share reference models and innovative strategies for deploying large
scale IAM solutions
• To exchange ideas about the business challenges of the public sector
with respect to identity and access management

4. ©2011 Hewlett-Packard Development Company, L.P.
The information contained herein is subject to change without notice
IAM LINKAGE TO INNOVATIVE
SERVICE DELIVERY
4
HP Restricted

5. A “Climate Change” in Government Finance, not just
a few “Bad Winters”
Sustainability
Tax erosion from globalisation and
ageing population
Ageing population
Factors Impacting Long-Term
Government Finances
Rising citizen service
expectations
20%
40%
25%
35%
1965 200819901970 1980 2000
Taxes as Percentage of
GDP in OECD Countries
(1965 – 2008)
Source: OECD
Source: Office of Management and Budget
US Federal Debt as Percentage of GDP (1900 – 2011)
0%
150%
100%
50%
121%
33%
102%
1940 1950 1960 1970 1980 1990 2000 2010

6. Operating Expense and IT Expenditure
Source: Gartner, Inc., “IT Key Metrics Data 2010: Key Industry Measures: Government Analysis: Multi Year”
Run 73%
Transform and
Grow 27%
Average Breakdown of
IT Expenditure
Average Total
Operating Expense
93.5%
6.5%

7. IT strategy to manage the fiscal crisis
Explore
Disruptive
Solutions
3
Maximize
Government
Return on IT
2
Minimize
IT ‘Run’
Spending
1

8. Maximizing Government Return on IT
IT SPENDING
PUBLIC VALUE RETURN
Public
Policy
Outcomes &
Outputs
Taxpayers
Efficiency
Customers
Quality of
Service
Citizens
Public
Trust
=
Government
Return on IT

9. SERVICE DELIVERY INNOVATION
CASE STUDIES
1) e-Government: Belgium and the Flemish
Government
(2) Human services: EU Self-Certification
using Mobile Telephony
(3) Mobile Voting

10. Belgium / Flanders - MAGDA Platform

11. Case Study 1: Belgium and Flemish Government,
Integrated focus on citizen & business value
“once-only data collection, multiple data (re) use”
i.e. “A government that does not ask for what it already knows, and is truly
certain of what it knows”
Key Drivers :
• Improved service delivery
• reduce administrative burden for enterprises
• pro-active delivery of entitlements to citizens
• Improved internal operations / administration
• avoid unnecessary double work (data entry & quality)
• simplify and streamline existing administrative processes
11

12. Origin: « Only Ask it Once »
• Situation
– Political support: Minister in charge had the key message in
his policy letter
– e-government team in place
• Focus on citizen support – resolution in parlement
– Focus e-gov on citizen and business at the regional level
– Implement the ‘Only ask it once’ @ regional level and extend
to national level
– Ensure maximum privacy
• Only Ask it Once  MAGDA (“Maximum Data Sharing
Between Administrations and Agencies”) Platform
12
Flemish Parliament

13. Framework components: Key Building Blocks
• Goal : Citizen Value
• Platform : MAGDA
• Part of the coalition agreement and long-
term vision (VIA)
• Authentic Data : the information, the value
• Change agent : driver
• Legal & privacy regulation
• E-ID : the key to get access
(Video)
13
Citizen
Value
VIA
2020
strategy
MAGDA
Commit-
ment
E-ID :
key
Authentic
Sources
Legal
Change
agent
Privacy

14. • Desired Policy Outcomes:
– Improve service delivery against
“Customer Charter and Action Plan”
– Increase certification frequency, to
help reduce fraud and overpayments
– Examine new communication
channels, including Self Certification
using mobile telephony
– Ensure on-going controls are in place
• Challenges:
– Increased demand for
unemployment benefits
– Intense manual processes
– On-going certification requires regular
visits to the Department for Social
Protection Local Offices
– Long lines, staff overloaded
– Reduce welfare fraud and
overpayments
Case Study 2: Human services: Self-Certification
using Mobile Telephony: EU Example
14

15. BUSINESS
INITIATIVES
OPERATING KPI
-------------------------------------------
PROCESS/FUNCTION
EXECUTIVE KPI
CORE
FINANCIAL
KPI
PUBLIC VALUE FRAMEWORK – SOCIAL PROTECTION
Application Services, Data Integration Services, Converged Infrastructure
Mobile CertificationPS Initiatives
PUBLIC VALUE
IT Initiatives
Improve Authentication
and Access
--------------
Reporting and Intake
Improve Registration
--------------
Intake / Eligibility
Determination
Improve Accuracy
and Timeliness
--------------
Payment Process
Implement New
Access Channels
Control Benefit
Expenditures /
Reduce Fraud
Improve Registration
and Authentication
Admin Exp. As a Percentage of
Benefits Expenditures
(On-Budget) Planned vs. Actual
QUALITY OF SERVICE EFFICIENCYPUBLIC TRUSTPOLICY OUTCOMES
Easy Access,
Prompt and
Accurate Service
Identity and Secure
Access to Service
Increase
Participation
Maximize FFP
and Incentives ;
Minimize Penalties;
Minimize Fraud

16. 16
Enrolment Best-Practices and Benefits
Enrolment Best Practices
• Explain Enrolment process, obtain consent
• Gather voice sample, verify capture
• Verify enrolment with a test certification
• Enrolment complete
• Opt-in Service
Benefits
• Supports in-country mobility
• Leverages voice print biometrics
• Reduces need to visit local offices
• Reduces program administration costs
Quick Demo

17. • Developed countries
– Decline in voter participation
– Drop in turnout among young people
– Only 37.4 per cent of voters aged 18 to 24-years-old voted
in the 2008 Canadian federal election, similar in US & UK;
49% of all eligible voters in 2011 Ontario election
• Developing countries
– Challenge to communicate information on polling centre
locations and hours of operation
“Haiti elections: cell phones and internet to facilitate voter
turnout” United Nations Development Programme, Newsroom, March 18,
2011
Case Study 3: Mobile Voting; Electoral Participation;
Rising Expectations
17

18. Home Authentication Select candidate Cast Vote Confirmation
Servicios
Candidates
Authentication
Exit
First display shows browser
menu and option to change
language before proceeding.
Authorize access to voting
service through secure
authentication
Confirmation that the vote
has been recorded,
including a proof for the
voter
Help
Help
443456789x
Identification
Authentication
Language
PIN :
Back
Servicios
Next
Select your candidate from
the next list and press ok:
Select Candidates
Back
Send
Servicios
End
Your vote have been sent
and cast.
Receipt:
fdsfksdopfiwpreoiwepoi98098509809
809gghfghfghgfhgfh
Have a nice day!
Confirmation
Candidate 1
Candidate 2
Candidate 3
Servicios
Help
You have selected next
candidate:
Cast vote
Confirm and
Cast vote?
Modify
Send
Candidate 1
Browse through candidates list
(one after one), displaying:
Candidate name and Party
logo
Confirm candidate
selection, cipher the vote
and cast the ballot
Internet mobile phone voting
Example of mobile voting process
Mail receipt
18

19. ©2011 Hewlett-Packard Development Company, L.P.
The information contained herein is subject to change without notice
GLOBAL IDENTITY
MANAGEMENT BUSINESS
CHALLENGES
Implications for IAM Program Design:
•Market Trends and Models
•Reference Architectures
•Global Initiatives
•Reference Implementations
19
HP Restricted

20. Global Identity Management Business
Challenges
• Citizens and businesses are demanding simpler access to government services
across multiple delivery channels
• Privacy must be considered from both a trust and compliance perspective
• Current state: proliferation of identity stores and access management systems
frustrate a citizen-centric transformation
• Citizens not only have multiple ‘personas’ and contexts in terms of their
interaction with government but they have multiple ‘identities’
• Understanding these personas and mapping them to appropriate information
access is a significant business challenge
• Technologies are more mature but integration with legacy systems is still complex

21. Implications for IAM Program Design
• Business strategy and analysis of information management requirements need to
lead introduction of technology
• Need to understand the risk profile of information assets and transactions and
map to required levels of identity assurance
• Need to assess trade-offs: convenience versus control; individual control versus
institutional control; cost versus residual risk
• Identify business partners and establish governance over IAM including trust
agreements and levels of assurance on identity management process

22. Identity, Access and Governance
• Establishing trusted digital identities-identity proofing
• Authentication and risk
• Managing policy - authorization, personas, context
• Governance - authoritative sources, trust relationships, liability

23. What can IAM Enable?
• Streamlined service delivery from a government and citizen/business perspective - cost
to serve, multi-channel
• A trust fabric for e-government…essential for adoption
• A ‘customized’ client experience
• BYOD
• Enhanced program integrity
• Reduced fraud and error
• Increased privacy protection
• Capability to push programs/services as well as provide targeted access to information

24. ©2011 Hewlett-Packard Development Company, L.P.
The information contained herein is subject to change without notice
MARKET TRENDS AND
MODELS
24HP Restricted

25. Gartner IAM Hype Cycle
Key Points:
1.Value drives
adoption
2.Hard to predict
technology curves
3.Industries drive
specific solutions e.g.
healthcare
Less than 2 years
transformational
high
moderate
low
2 to 5 years 5 to 10 years More than 10 years

26. IAM Technology Considerations
• Granularity
• Context awareness
• Adaptive
• Delegation
• Extensibility
• Federation
• Standardization
• Legacy apps support-adapters e.g.
provisioning
• Support for multiple authentication
schemes
• Completeness of applications-
components or suites?

27. ©2011 Hewlett-Packard Development Company, L.P.
The information contained herein is subject to change without notice
REFERENCE ARCHITECTURES
27HP Restricted

28. Citizenship and Immigration Canada -TRBP

29. Oklahoma State Healthcare Information System
Identity Management
Policy & Access Management
Federation & Access Control
Digital Identity (X.509)
SAML Token Service (STS)
Auditing & Reporting
User Registration
Reliability/Data Integrity
Interoperability - HIE, NwHIN Connect
Data Management
Firewall/DMZ
Provisioning & De-provisioning
Authorization (RBAC)
Identity Registry
Escalation - SOA Suite
Governance - NIST Framework
Perimeter Level Security

30. ©2011 Hewlett-Packard Development Company, L.P.
The information contained herein is subject to change without notice
GLOBAL INITIATIVES
British Business Federation
Authority (BBFA) Federated
Identity Management
30HP Restricted

31. Building a Consistent Approach to Customer-Centric
Digital Identity Assurance across all Public Services

32. UK Citizen Access to Government Services

33. Context of Identity

34. ©2011 Hewlett-Packard Development Company, L.P.
The information contained herein is subject to change without notice
REFERENCE
IMPLEMENTATIONS
34HP Restricted

35. Government Canada Application Modernization and
IAM (Pension Modernization)
Authentication
Requests
Authorization Lookups
User Profile Operations
AuthorizationEvents/SingleSign-On/
SessionManagement
OAM Audit
Records
Directory / Data Services
Access Management Applications Identity Management
Oracle Virtual
Directory
IDM
OID
AuthenticationEvents
Genesys
Workforce
Management
Siebel
Call Centre
AM
WebGate
Hyperion
Reports
Synchronization of
user information
via G+ adapter
Identity Manager
Database
OAM Configuration
Manager Database
Access Manager
Audit Database
Portal
OID
Authentication Requests
Provisioning & reconciliation
of user information
Provisioning &
reconciliation of
user information
Trusted
reconciliation
of employer
representative
information
Access
Manager
Administration
Web Server
AMWebGate
Policy Manager
WebPass
Oracle Application
Server / OC4J
Oracle Access
Manager
Configuration
Manager
Oracle
Access
Manager
Access
Manager
Access
Server
Access
Manager
Identity
Server
IDM
Oracle
Single Sign
On
(OSSO)
Server
Oracle
Application
Server / OC4J
Oracle Application
Server / OC4J
Siebel
Connector
OID
Connector
OID
Connector
Penfax
Connector
DCT
Connector
OracleIdentity
Manager
Penfax
AM
WebGate
osso
Provisioning of user info and
reconciliation of groups & users
OSSOSessionCreation
Universal
Customer
Master
Provisioning of user info and
reconciliation of groups & users
Data Capture
Tool
AM
WebGate
Matane Imaging
Web Application
AM
WebGate
Integration
Broker
BPEL
Worklist
Hyperion periodically
connects to the IDM OID and
updates it’s security repository
with the list of valid users.
AM
WebGate
Oracle Business
Intelligence
Dashboard
Answers
AMWebGate
Oracle Portal
Crown Corporation
Portal
Active Member
Pension Application
WebPass
AM WebGate
Userid &
Password
Authentication
Web Server
OracleIdentity
ManagerAPI
PKI Based
Authentication
Web Server
AM WebGate
TruePass
SVM
TruePass
Application
Server
Oracle WebLogic
Application Server
Active
Member
Enrolment
Application
Oracle WebLogic
Application Server
Active
Member
Enrolement
Web Server
AM WebGate
TruePass
SVM
Pay
AM
WebGate
Insurance
AM
WebGate
PenWeb
AM
WebGate
WebLogic
Application
Server Plugin
Web Content
Management
AuthenticationEvents
PenWeb
Database
ActiveMember
AuthoritativeSource
DBTablesConnector
Validation of shared secrets
& reconciliation of
user information
PenWeb
Connector
Provisioning of user info and
reconciliation of groups & users
Identity
Manager
Web Server
AM WebGate
OC4J
Connector

36. USAccess and FEDERATED IDENTITY- CONCEPTUAL ARCHITECTURE
Source: FICAM Roadmap and Implementation Guidance

37. India-Unique ID Programme Architecture

38. SUMMARY

39. 39
Prevention Participation Collaboration
Service Innovation
Technology Innovation
IAM:
Whole-of-
Government
Enablers
Mobility
Cloud
Computing
Analytics
Convergence of "Service Innovation" and "Technology
Innovation" will Deliver Greatest Public Value

40. Summary
• A ‘climate change’ in public finances is helping drive demand for IAM innovation
– IAM is not just a technology – but a critical foundation block for e-Government / m-Government
– IAM must help improve policy outcomes, increase service quality, efficiencies and help build citizen trust
• Need to continue collaboration to develop and leverage IDM policy frameworks (e.g.
Kantara and PanCanadian IDMA model)
• Need for a consistent framework for “Whole of Government Enablers”, to support both
internal and external social media, collaborative tools, mobility, and access to public
sector service delivery through multiple channels-anytime, anywhere
• The movement to cloud based services and mobile access is driving federated identity
solutions. Incremental steps, pilots, and proof of concepts are delivering on the early
promises of federation.

41. Presenter Contact Data
41
Brian Reed, IAM Practice Lead, HP Canada Enterprise Services
brian.reed@hp.com