Identity Management

Identity Management Forum

The Office of the Chief Information Officer (OCIO) established the B.C. Identity Mangement Forum by successfully bringing together representatives from the Provincial Government, broader public sector and industry experts to develop a future-state, claims-based, citizen-centric identity management architecture.

This group has developed a set of requirments, and a conceptual architecture for identity management which include:

a user-centric architecture where identity information passes through the user at the initiation of the user,
privacy best practices,
a security gradient,
authoritative sources of identity claims, and
loose coupling of architecture components to allow the system to scale.

The result is a claims-based approach to identity management involving three key actors:

the authoritative party (an authority over a given identity attribute),
the relying party (that needs to receive proof of the identity attribute), and
the identity agent for the person who is attempting to interact with the relying party.

This architecture holds great promise in that it appears to solve many of the challenges that plague more traditional identity management models. For example, in this model:

Trust is established by providing user control and visibility over what identity information is being used and how it is transferred.

Clear accountabilities are established in terms of which authority is standing behind which piece of identity information.

Privacy is enhanced by enabling e-government services to request only the identity information that is needed, and nothing more, from the user. The user then decides whether he wishes to provide the identity information.

An additional benefit of this architecture is it maps well to the “real-world” of how identity information is created and used; and will therefore be familiar to citizens and easier to integrate with "real world" processes.

The two major deliverables of the Identity Management Forum were:

Requirements Document (Version 10.3 - August 10, 2007) (PDF 59KB)
Architecture Document (Version 3.0 - August 10, 2007) (PDF 316KB)

In addition to these deliverables, the OCIO invited all vendors working on the project to provide their perspective on the project and the architecture. The OCIO has received the following appendices to the architecture document:

IBM Canada Ltd. (PDF 180KB)
Novell Canada Ltd. (PDF 260KB)

The OCIO would like to thank the contributors to the BC Identity Management Forum. Without whose efforts, the deliverables would not have been realized.

For more information on the BC Identity Management Architecture Project please contact the Architecture and Standards Branch of the OCIO.