Government Gateway Remote Authentication Strategy Overview
The authentication strategy for the Government Gateway, as presented by Rod Matthews in September 2009, focuses on various elements such as the presentation agenda, enterprise architecture, common infrastructure, take-up statistics, and safeguarding identity strategy. The strategy includes a comprehensive approach to remote authentication, emphasizing the importance of secure access to public services for citizens, businesses, government employees, EU & foreign nationals. It also highlights the growth of e-payment brokering services through SOAP and GUI interfaces. Overall, the strategy aims to enhance security, streamline access, and improve service delivery in the digital government landscape.
Download Presentation
Please find below an Image/Link to download the presentation.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author. If you encounter any issues during the download, it is possible that the publisher has removed the file from their server.
You are allowed to download the files provided on this website for personal or commercial use, subject to the condition that they are used lawfully. All files are the property of their respective owners.
The content on the website is provided AS IS for your information and personal use only. It may not be sold, licensed, or shared on other websites without obtaining consent from the author.
E N D
Presentation Transcript
Authentication Rod Matthews 30 September 2009
Presentation Agenda 1) DWP Government Gateway Slides 2-5 2) Government Policy Slide 6 3) Remote Authentication Good Bad Different Slides 7-11 4) A Changing Landscape Slide 12 2
xGovernment Enterprise Architecture Government Gateway Strategy E.G. Champion Assets E.G. Transformational Government Safeguarding Identity Integrated Services Channel Services Security Services Service Management Access to Public Services (Remote Access) GG Common White label UI GG Strong Authentication Information Services Process Services GG+ Alerts GG Secure Transaction Engine Local Application Services GG+ Payment Engine GG Transaction Orchestration Common Infrastructure Services GG+ Secure Email Infrastructure Services 3
Common Infrastructure Government Gateway Gateway+ Payment Engine Secure eMail Alerts Transaction Engine Secure Data Transfer Common User Interface 17m Service Users 90 Authenticated eServices Access to Public Services (Remote Access) Remote Authentication Citizens Businesses Government Employees EU & Foreign Nationals Identity and Verification Engine ID&V Hub / Broker 4
Take-up Government Gateway SOAP / GUI Access Submission Volumes Monthly 35000000 3000000 30000000 2500000 08/09 08/09 25000000 2000000 07/08 07/08 20000000 1500000 06/07 06/07 15000000 1000000 10000000 05/06 05/06 500000 5000000 04/05 04/05 0 0 03/04 03/04 June June May May July July November December November December March March January January April April October October September September August August February February 02/03 02/03 e-Payment Brokering Service SOAP / GUI Growth 250000 80000000 70000000 200000 08/09 60000000 07/08 150000 50000000 06/07 100000 40000000 Series1 05/06 30000000 50000 04/05 20000000 0 03/04 10000000 June May July November December March January April October September August February 02/03 0 02/03 03/04 04/05 05/06 06/07 07/08 08/09
Safeguarding Identity Strategy Government Policy The Safeguarding Identity Strategy (published on 23 June) contains 15 Actions; AtPS is leading Actions 6 & 7 in evidencing the shape and implications of a Shared Service to provide xGov Remote Authentication to e-Services AtPS also leads Actions 4 & 5 which defines a trusted set of identity credentials and their convergence across government AtPS contributes to other Actions, for example (11) the facility to repair a compromised identity and (13), which enables avoidable contact through linking services by consent. AtPS is aligned and coordinated with the DWP Change Programme, Identity Programme, and is enabled by shared resources with IPS and Directgov. DCSF lead on the issue of Employee Authentication, working collaboratively with the Government Gateway AtPS reports to the Safeguarding identity Steering Group, chaired by Sir David Normington http://www.ips.gov.uk/cps/rde/xchg/ips_live/hs.xsl/1151.htm Delivering the objectives is a work-in-progress this presentation is not policy 6
Authentication Bad .. Currently: the Provision of authentication facilities is fragmented and will not enable citizen centric services (e.g. Directgov, TUO) DVLA logo Departments have implemented, and may act independently in providing remote credentials, Camden Council home page Department for Work Pensions these require individual support and maintenance facilities and have different lifecycles, 12456 Mums maiden name My date of birth this means multiple credentials and inconvenience and likely confusion for the Citizen, and; the supplier and technology communities find this difficult to engage with effectively DVLA logo Camden Council home page Department for Work Pensions A fragmented approach is a more costly approach 7
The Challenge with Credentials Authentication Normal credentials cannot be used for remote authentication (without enhancement): - a remote credential must be presented via reader hardware and/or network which government may not trust (e.g. home PC) - as currently planned, the UK ID card (even if politically endorsed) will not enable remote authentication without additional readers New remote credentials will be required in addition to the ID card: - CESG anticipate that Shared Secret solutions will be increasingly compromised around 2012 - DWP would not require its customers to enrol in the NIR and purchase an identity card Decisions on selection and provision of remote credentials to citizens must be driven by clear business objectives: - balance cost, integrity and usability for specific user group abilities and usage - failure to achieve this will lead to rejection of remote channels The introduction of new remote credentials may also require new infrastructure, plus process costs of re-enrolment: - there is no remote credential strategy in government (or DWP) to provide: multiple credentials to enable different user groups a succession plan for credentials that become compromised - failure to maintain suitable credentials will compromise secure delivery of public services However, the private sector faces similar challenges: - government should seek opportunities to share cost and risk, and to improve citizen experience, through collaboration and partnership 8
Authentication Trust Silver Identity Gold Identity Bronze Identity National Identity Register DWP CISx Open Identity Foreign National Departmental Case System Verified EU Private (EG Banking) Sector Bronze+ Credential Silver+ Credential Silver Credential Bronze Credential Gold Credential ID & Pwd + (Challenge) ID & Password UK ID Card with Biometric UK ID Card Chipped UK Gov ID Card Chipped UK Gov Card +PIN + C/R Chipped Bank Card + PIN + C/R Memorable Information (C/R) EU State Chipped ID Card Chipped UK Gov Card +PIN + C/R Chipped UK Gov Card + PIN Chipped Card and PIN Memorable Information (C/R) ID & Pwd + Challenge ID & Password Bronze Service Level 1 services Silver Service Level 2 services Gold Services Level 3 services RM 9
Authentication Good AtPS proposed a shared service solution (built on the Government Gateway) that allows multiple remote credentials to be used interchangeably to access a range of Public Services based on the strength of the remote credential, integrity of the identity, and the authentication level required for access to each service. A Shared Service can encourage departments to use, support and sustain the preferred pool of credentials and therefore foster convergence or reduction of Public sector provided credentials Pool of Credentials EG EG EG DVLA logo Department for Work Pensions This in turn enables rapid deployment, seamless convergence, lower cost access, improved citizen experience and greater convenience. Shared Service (Gateway Authentication Broker) DVLA logo Department for Work Pensions The Shared Service provides the vehicle to coordinate the policy, participation, risk management and funding perspectives, and enable a cross-government Governance perspective 10
Authentication Different Point of Contact Pool of Credentials Choices Reduced Credentialing Minimised Redundancy EG EG EG DVLA logo Department for Work Pensions Shared Service (Gateway Authentication Broker) Trust (Bronze, Silver, Gold) Case Based Reasoning Surf Records Matching 1:M (Workflow) 1:1 Tell-Us-Once Self Service & Avoidable Contact DVLA logo Department for Work Pensions EG 11
Direction of Travel A clear Credential Strategy Trust convergence for Departments, Directgov and Tell-Us-Once Matches the drive to single entry points for Gov Services (Directgov) Maximising what can be done once within the perimeter (Tell-Us-Once) Social Inclusion and customer convenience in the e-channel Reaching out to high transactors (vulnerable groups) Minimising the overhead of for inexperienced e-tourists Maximising self-service, via the e-channel Minimises e-service up-front deployment costs Minimises credential dependency enables rolling renewal Sets a landscape for Public / Private Sector coalescence potentially partnership 12
Questions Rod Matthews 30 September 2009 http://informationcard.net/blog/open-identity-initiative-2009-09-09 http://digitaldebateblogs.typepad.com/digital_identity/2009/09/katie-davis-ips.html
