Keynote Speakers:

Brendan Boyle commenced his role as Chief Executive of the Department of Internal Affairs on 4 February 2008, having been Chief Executive of Land Information New Zealand since August 2003. Prior to that he was the inaugural Director of the e-Government Unit at the State Services Commission, charged with leading the development of an e-government strategy and work programme. He holds a law degree (1990) from Otago University and an MBA (2000) from the Sloan School of Management at the Massachusetts Institute of Technology. He has also completed further executive education at the Harvard Business School.

A framework for effective management of identity

Identity policy in the past has largely been driven by particular concerns, such as security, or the intensification of risks to privacy as a result of technological advances.

Policy and operational decisions have been made largely on a case-by-case basis as government seeks to balance competing interests – especially privacy versus security, and freedom of inquiry, movement and trade.

This paper addresses the need for a framework for consideration of identity issues and advances ideas for its development.

Stefan Brands is a Principal Architect at Microsoft’s Identity and Access Group. In his spare time Stefan is an adjunct professor in modern cryptology at McGill University, and is a principal member of ADAPID and "On The Identity Trail", two consortiums that focus on investigating identity and privacy. Prior to joining Microsoft, Stefan worked three pioneering privacy technology companies: Credentica (minimal disclosure credentials), Zero-Knowledge Systems (anonymous data transport), and DigiCash (electronic cash systems). Stefan serves on the ISPI advisory counsel of Information and Privacy Commissioner of Ontario, and has previously served on the external advisory board of the Office of the Privacy Commissioner of Canada. Stefan is the author of a book on multi-party security and privacy, published by The MIT Press, available for free download from www.credentica.com/the_mit_pressbook.php. Stefan maintains a blog on digital identity at www.idcorner.org.

Identity Management – Challenges and Solutions

It is a formidable challenge to reconcile imperatives for streamlined service delivery and unified authentication with requirements for multi-party security and privacy. Sensitivities relating to digital identity and authentication abound, not just for citizens but also for service providers. These sensitivities intensify as government seeks to implement electronic data sharing mechanisms and to roll out new authentication services. This presentation provides an overview of the sensitivities and outlines possible solutions. Topics that will be discussed include: centralized versus federated versus user-centric identity management, light-weight identity management, multi-party security, minimal disclosure tokens, and privacy by design. The presentation will include some important lessons learned in the context of government online in Canada.

Roger Clarke is a consultant specialising in strategic and policy aspects of eBusiness, information infrastructure, and data surveillance and privacy. He has spent 40 years in the information technology industry. Roger interprets technology so as to make its relevance, opportunities and impacts accessible to executives and managers, and provides expert evidence in a variety of areas. He works out of Canberra, Australia, through his own company, Xamax Consultancy Pty Ltd, and through a small number of strategic alliances. Roger worked as a senior Information Systems academic at the Australian National University. Prior to that, Roger spent 17 years in the I.T. industry in Sydney, London and Zürich. He holds Visiting Professorships at the University of Hong Kong (in eCommerce), at the University of N.S.W. (in Cyberspace Law & Policy), and at the A.N.U. (in Computer Science).

(Id)Entities (Mis)Management: The Mythologies underlying the Business Failures

The identity management arena is full of misunderstandings and mythologies. This presentation highlights why most initiatives have fallen far short of their promise, and why they will continue to do so until technology providers change their mind-set, and user-organisations are offered much more appropriate products. The analysis has substantial implications for government agencies concerned with public policy. It also delivers important messages for the strategies of user-organisations in both the public and private sectors, and technology vendors.

Malcolm Crompton is Managing Director of Information Integrity Solutions P/L, advising private and public sector organisations on building trust through the way they collect and use personal information. He is also a Director of Bellberry Limited, a private not-for-profit organisation that provides health ethics committee services.

IIS has advised Australian Government departments and agencies, Australian financial services institutions and many of the leading global ICT companies, often through Privacy Impact Assessments or strategic thought leadership.

He was Australia’s Privacy Commissioner for five years until April 2004. He led the implementation of Australia’s private sector privacy law. Malcolm has advised APEC regularly on implementation of the APEC privacy framework, including leading seminars in 2005 and 2007.
 

He is also a member of the Board of the International Association of Privacy Professionals, the Microsoft Trustworthy Computing Academic Advisory Board, the global External Advisory Board of the IBM Privacy Institute and the Reference Group for the Privacy and Identity Management for Europe (PRIME) project. He has been a member of a number of international privacy award judging panels.

In the previous 20 years, Malcolm held senior executive positions in the Australian Public Service. He has degrees in Chemistry and Economics.

His work was recognised in 2004 when he was awarded the inaugural Chancellor’s Medal for distinguished contribution to the Australian National University.

User centric IdM – an oxymoron or the key to getting IdM right

There are many drivers for strengthening identity management (IdM) in the digital environment. They include: countering identity fraud, identity theft or identity takeover border control and traveller identification; individual convenience; or better customer service for individuals. A range of approaches are being considered and some both in the public and private sector have already hit significant shoals. Experience is showing that IdM succeeds best where it builds in two way trust and is not perceived as yet another policing action. The challenge is even greater if individuals believe that IdM will put all the powers and discretions in the hands of the institution to collect more personal information which is then linked, used, or disclosed. The key to success is increasingly to understand and design with individual interests, as well as government or organisation interests, in mind.

This presentation will look at the concept of user-centric IdM and suggest some defining features. It will draw on experience and developments in Australia, New Zealand, the United Kingdom and Scandinavia to highlight issues that may help or hinder the delivery of effective user centric IdM. These include choices about centralised versus distributed identity, the impact of each country’s culture and history, the approach taken to risk allocation and the importance of keeping agendas simple and transparent. Recognition of the importance of these issues is gathering pace. It has moved from the realm of the advocate, through academia and into mainstream, commercial development, even to the point of creating a unique effort at building interoperable ID management systems that respect user centric principles. User centric IdM is possible with right mix of individual control, fair risk allocation and accountability.

Dick Hardt, Founder & CEO, Sxip Identity

A visionary in web applications and open source software, Dick Hardt has been active in technology development for over two decades. His most recent venture, Sxip Identity, is the leader in Identity 2.0, creating simple, secure, and open solutions for the next generation of internet identity. Sxip provides on-demand identity management for the enterprise and user-centric solutions that securely automate the exchange of identity data online. Prior to Sxip, Dick founded ActiveState in 1997. Under his leadership as CEO, ActiveState became a leader in tools for open source programming languages and in anti- spam software and was acquired by UK-based security company, Sophos in 2003. As a successful entrepreneur and technology expert, Dick is very involved in the community; he is co-author of the OpenID 2.0 specification and holds a board position with the OpenID Foundation.

Identity 2.0: A User-Centric Approach to Internet Identity

Identity online is undergoing a substantive evolution as a new generation has grown up with the web and expects to do everything digitally. Yet, despite the demands of these "digital natives", many tasks can still not be performed online. While the web has made it is easy to gather information online, there is substantial friction in being able to provide it let alone prove who they are.

Additionally, most e-government services that can increase efficiency and provide better outcomes require knowledge of the citizen.

Protocols such as OpenID are starting to solve these issues and with the endorsement of industry giants, are positioned to be the basis for online identity. This fast paced keynote will explore what is identity, its evolution on the web, and what might happen in the future.

Miriam Lips is the first Professor of E-Government at Victoria University of Wellington with positions in the School of Information Management and the School of Government, and a Research Associate at the Oxford Internet Institute, University of Oxford. Her Chair at Victoria University is sponsored by Datacom systems Limited, State Services Commission , Cisco New Zealand Limited and FX Networks Limited.
 

Miriam recently completed a two-year qualitative research project sponsored by the UK Economic and Social Research Council ‘Personal Identification and Identity Management in New Modes of e-Government’ (2005-2007). Moreover, before moving to New Zealand in January 2007, Miriam was Activity Leader of social scientific research in the European FP6 Integrated Project 'Privacy and Identity Management for Europe' (PRIME; 2004-2006).

Miriam holds memberships of IFIP Working Groups 8.5 (Information Systems in Public Administration) and 11.6 (Identity Management), the editorial board of Information Polity (IOS Press), the editorial board of Online Information Review (Emerald), and the editorial board of Information, Communication & Society (Taylor & Francis). For a full bio please visit her website at http://e-government.vuw.ac.nz/index.aspx

Eve Maler is a Principal Engineer at Sun Microsystems, developing interoperability strategies and leading partner engagements related to web services, security, and identity.
 

Eve was one of the inventors of the Extensible Markup Language (XML), a key technology for worldwide electronic communications. She has also made major leadership, technical, and educational contributions to other successful standards, such as the Security Assertion Markup Language (SAML), the Liberty Alliance, the Universal Business Language (UBL), and DocBook.

Eve speaks frequently on technical subjects and serves as the chair of the Web Services and Identity track of the annual XML Summer School held at University of Oxford.

Eve co-authored Developing SGML DTDs: From Text to Model to Markup, a book that provided a unique methodology for information analysis and SGML schema design. Eve’s blog, Pushing String at xmlgrrl.com, touches on topics both technical and whimsical.

The Design of Everyday Identity

In making digital identities portable across the network, we hope to offer valuable online experiences to users and to improve costs, all while meeting stringent demands for security, privacy, and control. Some goals sit in uneasy tension with others, and often our chosen solutions take a toll on the people we serve -- imposing costs on citizens and employees, and disappointing consumers. This talk will examine people's tendencies in interacting online, analyze the ways in which these tendencies can be frustrated by other goals, and suggest some lessons for architecting federated identity systems that focus on empowering people.

Hon David Parker has been in Parliament since 2002. He was elected to Cabinet in October 2005 and presently holds the State Services, Energy, Climate Change and Land Information portfolios.
 

Hon Parker has extensive experience as a chief executive and company director. His business start-ups include Fund Managers Holdings Limited, a substantial fund management company, and various related companies. He has also been involved in the creation and management of a number of agri-biotechnology companies.

In earlier years, he was a civil litigation specialist and a managing partner in the largest South Island-based law firm, Anderson Lloyd.

Hon Parker is married with three children and lives in Dunedin.

Innovation and Transformation: The New Zealand Experience

The Minister will open the second day of the conference with the official launch of igovt. The igovt service will provide trusted, secure and convenient on-line services from the New Zealand government. igovt has a world-leading design for privacy protection because it separates technically the logon process from the identity verification process. Ultimately, most New Zealand government agencies will use igovt so it is set to become one of the nation’s most recognised and trusted brands.

Mark Prebble took up the position of State Services Commissioner in May 2004.
 

Prior to his appointment, Mark Prebble was Chief Executive of the Department of the Prime Minister and Cabinet. A career public servant, he has worked in a number of policy and managerial roles, including as Deputy Secretary to the Treasury.

Earlier in his career Mark Prebble worked in Treasury and the Department of Labour, in areas including Budget management, health and social assistance reform, employment policy and land use. He began his working life as an alpine guide and mountaineering instructor at Mt Cook, and as a tutor in economics in Auckland and Wellington.

Mark Prebble has a PhD in public policy from Victoria University of Wellington, and an MA in economics from Auckland University.

Identity Management: How Kiwi’s Count

The State Services Commissioner will talk about the six policy principles of authentication and how they have shaped the all-of-government authentication programme of work since 2002. He will also discuss how they have set the fundamental direction of the programme and how they fit within the goals of transforming the State Services.

Robert Russell took up his position of Commissioner and Chief Executive of Inland Revenue on 21 May 2007. Robert had previously undertaken the role of Deputy Commissioner, Service Delivery since commencing with Inland Revenue in October 2006.
 

Prior to coming to New Zealand, Robert had over 30 years in public service in Canada, including various positions with the Canada Revenue Agency, Industry Canada and Energy, Mines and Resources Canada.

Robert holds a Master of Business Administration degree from Saint Mary’s University, a Master of Urban and Regional Planning and a Bachelor of Education from Queen’s University, and a Bachelor of Science from Dalhousie University.

Away from the workplace, Robert has extensive volunteer experience, primarily in amateur sport, and is an avid runner and cyclist. He is married and has four sons.

Identity Management in practice

Inland Revenue New Zealand is a large and complex organisation, for which assuring the identity of customers is fundamental to the business. Inland Revenue has a customer base of over six million, and manages huge amounts of data, which are aligned to identities established through the allocation of IRD numbers.

The presentation will review current and planned identity management practices, and implications for the business undertaken by Inland Revenue. This will include the evolution of the identity management philosophy of the department; the balance between ensuring the security of sensitive personal information and providing accessible customer services; the impacts of increasingly moving to electronic programme delivery channels; and other changes in the way the department manages its business.

Marie Shroff was appointed New Zealand Privacy Commissioner, an independent statutory office, in late 2003. Her responsibilities include independent comment on significant personal information policies and issues, providing opinions on privacy complaints made against government and business, monitoring government data matching and promoting good personal information handling practices in New Zealand. Marie has published speeches and articles on government and constitutional issues, and on privacy issues. She was awarded an Australia/New Zealand Foundation Fellowship in 1995 and a Chevening Fellowship in 2002, and is a member of the Board of the Equal Opportunities Trust. Marie was appointed to represent New Zealand on the Board of Directors of the Commonwealth Association for Public Administration and Management (CAPAM) in August 2005. She was awarded a CVO in 1995 and a CNZM in January 2004.

“Do you know who I am?”: Exploring identity and privacy

Identity-related issues underpin and shape many aspects of privacy. We need to explore some of the points of intersection and issues that emerge. What is identity – plain and simple? Why do we care so much about identity anyway? I’ve found my identity – now can I lose it?

Technology raises both problems and solutions for personal identity. Will government and business control our identity through the powers of technology? What options are there for New Zealanders? To what extent can individuals control their “digital shadow” – or is it just a case of what goes around, sticks around.

A growing surveillance society and demands for increased security throw down some of the greatest challenges for privacy and identity management. How does New Zealand stack up?