- Microsoft Windows chief decries standards grandstanding
- The 5 best, and 5 worst, features of Google Chrome OS
- Federal government using PS3 to crack pedophile passwords
- 10G Ethernet cheat sheet
- Top 10 free Windows tools for IT pros, at a glance
Dave Kearns provides the information you need to evaluate, install and maintain your corporate identity management system.
Last issue I was talking about the U.S. General Services Administration's recent efforts to develop a trust framework for identity in the federal government. Not to be outdone, our neighbors to the North are embarking on a similar effort.
Actually, the Canadian effort is a bit earlier chronologically as the Treasury Board of Canada Secretariat put out their call on July 1. Called "Directive on Identity Management", the directive's objective is "…to ensure effective identity management practices by outlining requirements to support departments in the establishment, use and validation of identity."
Identity management critical for security, government IT shops say
There's less to do with privacy here (compared with the GSA's project), but Canada does have a privacy commissioner to deal with those issues.
This isn't a long document, but it is important both for its definitions and scope. For example, the definition of identity is concise, easily understood and bears using in a much wider context: "Identity (identité) -- a reference or designation used to distinguish a unique and particular individual, organization or device."
That's another point -- the document actually states the context in which it is to be used and understood. Read section 3 of the document to understand the context. Surprisingly it isn't written in lawyerese but in easily understood English (and I'm sure there's a similar easily understood French version), such as: "Without a coherent, consistent, standardized and interoperable approach for dealing with identity across the federal government and other jurisdictions, successful risk mitigation strategies are increasingly difficult to develop and deploy to manage challenges to national security, respect for privacy, program integrity and the delivery of citizen-centred services."
This is a blueprint for IdM, which governments on all levels should read, adapt to their circumstances and adopt. Enterprises, especially global enterprises and those assembled through frequent mergers, acquisitions and divestations, should pay attention also. It's very hard to argue with the expected outcome of this directive:
The expected results of this directive are:
* 5.2.1 Sound identity management practices that are aligned with an integrated government-wide approach to achieve effective identity management across the GC.
Dave Kearns is a consultant and editor of IdM, the Journal of Identity Management.
Rss FeedRss Feed
The Leader in Network Knowledge
Comment