authentication rod matthews 30 september 2009. 2 1) dwp government gatewayslides 2-5 2) government...
Post on 22-Dec-2015
215 views
TRANSCRIPT
2
1) DWP Government Gateway Slides 2-5
2) Government Policy Slide 6
3) Remote Authentication Slides 7-11 Good Bad Different
4) A Changing Landscape Slide 12
Presentation Agenda
3
xGovernment Enterprise Architecture
Strategy
Channel Services Integrated Services
Process ServicesInformation Services
Infrastructure Services
ServiceManagement
Security Services
Local Application Services
GG+ Alerts
GG+ Secure Email GG Transaction Orchestration
GG Secure Transaction Engine
GG Strong Authentication
GG Common White label UI
GG+ Payment Engine
Common Infrastructure Services
Access to Public Services (Remote Access)
Safeguarding Identity E.G. Champion AssetsE.G. Transformational Government
Government Gateway
Identity and Verification Engine
ID&V Hub / Broker
17m Service Users 90 Authenticated eServices
Remote Authentication • Citizens• Businesses• Government Employees• EU & Foreign Nationals
Secure Data Transfer
Payment Engine Secure eMailAlerts
Transaction Engine
Gateway+
4
Access to Public Services (Remote Access)
Common Infrastructure Government Gateway
Submission Volumes Monthly
0
500000
1000000
1500000
2000000
2500000
3000000
April
May
June Ju
ly
Augus
t
Septe
mbe
r
Octo
ber
Novem
ber
Decem
ber
Janu
ary
Febru
ary
Mar
ch
08/09
07/08
06/07
05/06
04/05
03/04
02/03
SOAP / GUI Access
0
5000000
10000000
15000000
20000000
25000000
30000000
35000000
April
May
June Ju
ly
Augus
t
Septe
mbe
r
Octo
ber
Novem
ber
Decem
ber
Janu
ary
Febru
ary
Mar
ch
08/09
07/08
06/07
05/06
04/05
03/04
02/03
e-Payment Brokering Service
0
50000
100000
150000
200000
250000
08/09
07/08
06/07
05/06
04/05
03/04
02/03
SOAP / GUI Growth
0
10000000
20000000
30000000
40000000
50000000
60000000
70000000
80000000
02/03 03/04 04/05 05/06 06/07 07/08 08/09
Series1
Government Gateway Take-up
The Safeguarding Identity Strategy (published on 23 June) contains 15 Actions;
• AtPS is leading Actions 6 & 7 in evidencing the shape and implications of a Shared Service to provide xGov Remote Authentication to e-Services
• AtPS also leads Actions 4 & 5 which defines a trusted set of identity credentials and their convergence across government
• AtPS contributes to other Actions, for example (11) the facility to repair a compromised identity and (13), which enables avoidable contact through linking services by consent.
• AtPS is aligned and coordinated with the DWP Change Programme, Identity Programme, and is enabled by shared resources with IPS and Directgov.
• DCSF lead on the issue of Employee Authentication, working collaboratively with the Government Gateway
• AtPS reports to the Safeguarding identity Steering Group, chaired by Sir David Normington
6
http://www.ips.gov.uk/cps/rde/xchg/ips_live/hs.xsl/1151.htm
Safeguarding Identity Strategy Government Policy
Delivering the objectives is a work-in-progress – this presentation is not policy
Currently: the Provision of authentication facilities is fragmented and will not enable citizen centric services (e.g. Directgov, TUO)
• Departments have implemented, and may act independently in providing remote credentials,
• these require individual support and maintenance facilities and have different lifecycles,
• this means multiple credentials and inconvenience and likely confusion for the Citizen, and;
• the supplier and technology communities find this difficult to engage with effectively
7
Bad ……..
A fragmented approach is a more costly approach
12456Mums maiden nameMy date of birth
Authentication
• Normal credentials cannot be used for remote authentication (without enhancement): a remote credential must be ‘presented’ via reader hardware and/or network which government may not trust (e.g.
home PC) as currently planned, the UK ID card (even if politically endorsed) will not enable remote authentication without
additional readers
• New remote credentials will be required in addition to the ID card: CESG anticipate that ‘Shared Secret’ solutions will be increasingly compromised around 2012 DWP would not require its customers to enrol in the NIR and purchase an identity card
• Decisions on selection and provision of remote credentials to citizens must be driven by clear business objectives:
balance cost, integrity and usability for specific user group abilities and usage failure to achieve this will lead to rejection of remote channels
• The introduction of new remote credentials may also require new infrastructure, plus process costs of re-enrolment:
there is no remote credential strategy in government (or DWP) to provide:• multiple credentials to enable different user groups• a succession plan for credentials that become compromised
failure to maintain suitable credentials will compromise secure delivery of public services
• However, the private sector faces similar challenges: government should seek opportunities to share cost and risk, and to improve citizen experience, through collaboration
and partnership
8
The Challenge with Credentials Authentication
RM 9
Bronze Identity
Open IdentityForeign National
Bronze Credential
ID & Pwd + ChallengeID & Password
Bronze Service
Level 1 services
Gold Identity
National Identity Register
Gold Credential
UK ID Card with BiometricUK ID Card
Chipped UK Gov ID Card
Silver+ Credential
Chipped UK Gov Card +PIN + C/RChipped UK Gov Card + PIN
Chipped Card and PINMemorable Information (C/R)
Gold Services
Level 3 services
Silver Identity
DWP CISxDepartmental Case System
Verified EUPrivate (EG Banking) Sector
Silver Credential
Chipped UK Gov Card +PIN + C/RChipped Bank Card + PIN + C/R
Memorable Information (C/R)EU State Chipped ID Card
Bronze+ Credential
ID & Pwd + (Challenge)ID & Password
Silver Service
Level 2 services
Authentication Trust……
A Shared Service can encourage departments to use, support and sustain the preferred ‘pool’ of credentials and therefore foster convergence or reduction of Public sector provided credentials
This in turn enables rapid deployment, seamless convergence, lower cost access, improved citizen experience and greater convenience.
AtPS proposed a shared service solution (built on the Government Gateway) that allows multiple remote credentials to be used interchangeably to access a range of Public Services based on the strength of the remote credential, integrity of the identity, and the authentication level required for access to each service.
10
The Shared Service provides the vehicle to coordinate the policy, participation, risk management and funding perspectives, and enable a cross-government Governance perspective
Good…… Authentication
Pool of CredentialsEGEG
EG
Shared Service (Gateway Authentication Broker)
11
Different……
Tell-Us-Once
Surf
Records Matching
Case Based Reasoning
1:M (Workflow)
Self Service & Avoidable Contact
Shared Service (Gateway Authentication Broker)
Pool of CredentialsEG
Point of Contact
ChoicesReduced CredentialingMinimised Redundancy
Trust(Bronze, Silver, Gold)
EGEG
1:1
Authentication
EG
A clear Credential Strategy
Trust convergence for Departments, Directgov and Tell-Us-Once
Matches the drive to single entry points for Gov Services (Directgov)
Maximising what can be done once within the perimeter (Tell-Us-Once)
Social Inclusion and customer convenience in the e-channel
Reaching out to high transactors (vulnerable groups)
Minimising the overhead of for inexperienced e-tourists
Maximising self-service, via the e-channel
Minimises e-service up-front deployment costs
Minimises credential dependency – enables rolling ‘renewal’
Sets a landscape for Public / Private Sector coalescence – potentially partnership
12
Direction of Travel……
Questions
Rod Matthews
30 September 2009
http://informationcard.net/blog/open-identity-initiative-2009-09-09
http://digitaldebateblogs.typepad.com/digital_identity/2009/09/katie-davis-ips.html