Child pages
  • 2015-05-04 eGov WG Meeting Notes
Skip to end of metadata
Go to start of metadata


Mai 05, 2015

1. Attendees

  • Denny Prvu

    John Spicer

    Ken Dagg

    Rainer Hörbe (taking notes)

    Thomas Gundel


2. Approve minutes of previous meeting

- no quorum


Discussion Items

3. Work item "Gathering of requirements for government acting as relying parties"

- no new input

4. Q&A session Canada Cyber-Authentication Architecture

Ken provides a brief overview of the topic. (Disclaimer: Ken providing his private view as an ex-employee of the CA government).

Govmnt departments in their role as relying parties are responsible for getting the identity assurance they require. Thy are following a standard published by the CA government to figure out the LoA they need for each service they have on-line.

CA govmnt implemented Logon service, offering either a govmnt or a financial institution credential. Financial institutions are connected via a broker. The broker is CSP to department on one side and RP to financial institutions on the other side. The user identifier is the MBUN (meaningless but unique number) and a yes/no authentication decision.


This design is referred to as „triple blind“, because no party knows all parts: The department knows who is asking for, broker knows the department, but no user attributes. This is anonymous. Identity information is collected and validated via another channel by the RP.


Clarification: This is partial anonymous – with a good reason like a court order and some effort the identity at the CSP could be recovered.


The government is working on a new service for validation and verification of identity data. If will allow users to choose where their identity data will come from. It will in most cases not be the same service that is providing the logon. There are still issues. (Who are authoritative parties for the data, and are the registries accessible – these are pretty old systems)


Liability: If any of the players are performing according to LoA2 the not liable. Ultimately the RP is liable, unless they can prove, that any other party dod not perfor as specified.


Usage pattern: government cred. 10:1 EI claims. Factors: RP’ screen design: government 1st initially; not all banks participate; If you have one already from previous system.


Rainer will provide slides for a talk to be given on May 21. at the IEEE workshop on privacy engineering at the next meeting. The talk covers a comparison of several privacy-enhancing approaches to federation IDM, including the Canadian approach.


5. Reports from recent conferences

Rainer reported from the MAPPING Round Table in Geneva, March 16./17., where there are intersections in the topics of internet governance, surveillance, privacy enhancing architectures in internet identities. Link:


6. AOB



Next Meeting: June 1., 2015