Enterprise Certificate Services and Identity Management Services Update

By Mike Pomerleau, Project Technical Advisor

We have just completed the Information Phase of the program which consisted of four bi-weekly stakeholder meetings with 17 stakeholders representing the Legislature, Courts, Governor’s Office, Secretary of State, Attorney General, Human Resources, Professional Financial Regulation, Health and Human Services and the Office of Information Technology (OIT) from March 7 through April 18; including hands-on certificate workshops conducted between the bi-weekly meetings. This group:

  • examined the need for an Enterprise Certificate Services and Identity Management Services,
  • studied the business case for these services, and
  • learned how Certificate Services works, what Identity Management is, and how the Federal model for Certificate Services and Identity Management Services could be utilized here in Maine.

The group now understands the need to replace OIT’s five year old Certificate Services Authority by the end of 2007; and recognizes the benefits of doing so with an enterprise solution. Therefore, the stakeholder group reached a consensus recommendation: The State of Maine should move forward with an enterprise solution for Identity Management and Certificate Services.

The first of a series of communications sessions occurred on April 24 when fourteen senior Public Safety business and IT managers and staff were briefed on the program status. In addition, a report was presented to the OIT Portfolio Review Committee (PRC) on Thursday April 26 summarizing the effort to date and our findings:

  • the State of Maine is currently building 1:1 Certificate Services and Identity Management Services solutions. Some of the 1:1 solutions are inadequate or inappropriate solutions. Some needs are not being met at all.
  • an opportunity exists for a standard approach to provide security services with the use of certificates will allow one certificate service to be used for all state computers, users, and services thus eliminating multiple certificates to access various state computers and services. An enterprise identity management solution will prove identity one time, make it portable, and will establish a way to manage it.

The stakeholders reached a consensus recommendation: The State of Maine should move forward with an enterprise solution for Identity Management and Certificate Services.

The rationale to move forward to the next phase is based on an understanding of the benefits of an enterprise solution and the risks associated with staying with the status quo. As part of the next phase, a mitigation plan will be developed for each of the risks associated with moving forward with an enterprise solution.

Based on the project management view of the proposal laid out in the business case, the next phase as defined in the business case (Architectural Phase) will be done in two parts.

The first part will define program scope, create communication plan to launch broader communication and create risk management plan to mitigate each of the risks identified with moving forward with an enterprise solution. The second part will focus on pre - Project Planning – to define the scope for the first project and include the reaching preliminary decisions regarding the architectural foundation for the program.

An updated Program and Business Case plan along with a detailed Project Plan will be documented to provide a report back to the PRC and CIO at the end of the next phase so that decisions can be made to initiate the first project.

Please contact Rachel Garippa or Michael Pomerleau of you would learn more about this program, have technical questions or if you would like to arrange a program briefing for a group of your colleagues.