1 / 13

Authentication Rod Matthews 30 September 2009

Authentication Rod Matthews 30 September 2009. Presentation Agenda . 1) DWP Government Gateway Slides 2-5 2) Government Policy Slide 6 3) Remote Authentication Slides 7-11 Good Bad Different 4) A Changing Landscape Slide 12. 2.

dasan
Download Presentation

Authentication Rod Matthews 30 September 2009

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript


  1. Authentication Rod Matthews 30 September 2009

  2. Presentation Agenda 1) DWP Government Gateway Slides 2-5 2) Government Policy Slide 6 3) Remote Authentication Slides 7-11 • Good • Bad • Different 4) A Changing Landscape Slide 12 2

  3. Access to Public Services (Remote Access) xGovernment Enterprise Architecture Government Gateway Strategy E.G. Champion Assets E.G. Transformational Government Safeguarding Identity Integrated Services Security Services Channel Services Service Management GGCommon White label UI GGStrong Authentication Information Services Process Services GG+Alerts GGSecure Transaction Engine Local Application Services GG+Payment Engine GGTransaction Orchestration Common Infrastructure Services GG+Secure Email Infrastructure Services 3

  4. Access to Public Services (Remote Access) Common Infrastructure Government Gateway Payment Engine Secure eMail Alerts Gateway+ Secure Data Transfer Transaction Engine Common User Interface • 17m Service Users • 90 Authenticated eServices • Remote Authentication • Citizens • Businesses • Government Employees • EU & Foreign Nationals 4

  5. Take-up Government Gateway

  6. Safeguarding Identity Strategy Government Policy • The Safeguarding Identity Strategy (published on 23 June) contains 15 Actions; • AtPS is leading Actions 6 & 7 in evidencing the shape and implications of a Shared Service to provide xGov Remote Authentication to e-Services • AtPS also leads Actions 4 & 5 which defines a trusted set of identity credentials and their convergence across government • AtPS contributes to other Actions, for example (11) the facility to repair a compromised identity and (13), which enables avoidable contact through linking services by consent. • AtPS is aligned and coordinated with the DWP Change Programme, Identity Programme, and is enabled by shared resources with IPS and Directgov. • DCSF lead on the issue of Employee Authentication, working collaboratively with the Government Gateway • AtPS reports to the Safeguarding identity Steering Group, chaired by Sir David Normington http://www.ips.gov.uk/cps/rde/xchg/ips_live/hs.xsl/1151.htm Delivering the objectives is a work-in-progress – this presentation is not policy 6

  7. Bad …….. Authentication Currently: the Provision of authentication facilities is fragmented and will not enable citizen centric services (e.g. Directgov, TUO) • Departments have implemented, and may act independently in providing remote credentials, • these require individual support and maintenance facilities and have different lifecycles, • this means multiple credentials and inconvenience and likely confusion for the Citizen, and; • the supplier and technology communities find this difficult to engage with effectively 12456 Mums maiden name My date of birth A fragmented approach is a more costly approach 7

  8. The Challenge with Credentials Authentication • Normal credentials cannot be used for remote authentication (without enhancement): • a remote credential must be ‘presented’ via reader hardware and/or network which government may not trust (e.g. home PC) • as currently planned, the UK ID card (even if politically endorsed) will not enable remote authentication without additional readers • New remote credentials will be required in addition to the ID card: • CESG anticipate that ‘Shared Secret’ solutions will be increasingly compromised around 2012 • DWP would not require its customers to enrol in the NIR and purchase an identity card • Decisions on selection and provision of remote credentials to citizens must be driven by clear business objectives: • balance cost, integrity and usability for specific user group abilities and usage • failure to achieve this will lead to rejection of remote channels • The introduction of new remote credentials may also require new infrastructure, plus process costs of re-enrolment: • there is no remote credential strategy in government (or DWP) to provide: • multiple credentials to enable different user groups • a succession plan for credentials that become compromised • failure to maintain suitable credentials will compromise secure delivery of public services • However, the private sector faces similar challenges: • government should seek opportunities to share cost and risk, and to improve citizen experience, through collaboration and partnership 8

  9. Gold Identity National Identity Register Silver Identity DWP CISx Departmental Case System Verified EU Private (EG Banking) Sector Silver Credential Chipped UK Gov Card +PIN + C/R Chipped Bank Card + PIN + C/R Memorable Information (C/R) EU State Chipped ID Card Bronze+ Credential ID & Pwd + (Challenge) ID & Password Gold Credential UK ID Card with Biometric UK ID Card Chipped UK Gov ID Card Silver+ Credential Chipped UK Gov Card +PIN + C/R Chipped UK Gov Card + PIN Chipped Card and PIN Memorable Information (C/R) Silver Service Level 2 services Gold Services Level 3 services Trust…… Authentication Bronze Identity Open Identity Foreign National Bronze Credential ID & Pwd + Challenge ID & Password Bronze Service Level 1 services RM 9

  10. Good…… Authentication AtPS proposed a shared service solution (built on the Government Gateway) that allows multiple remote credentials to be used interchangeably to access a range of Public Services based on the strength of the remote credential, integrity of the identity, and the authentication level required for access to each service. • A Shared Service can encourage departments to use, support and sustain the preferred ‘pool’ of credentials and therefore foster convergence or reduction of Public sector provided credentials • This in turn enables rapid deployment, seamless convergence, lower cost access, improved citizen experience and greater convenience. Pool of Credentials EG EG EG Shared Service (Gateway Authentication Broker) The Shared Service provides the vehicle to coordinate the policy, participation, risk management and funding perspectives, and enable a cross-government Governance perspective 10

  11. Different…… Authentication Point of Contact Pool of Credentials Choices Reduced Credentialing Minimised Redundancy EG EG EG Shared Service (Gateway Authentication Broker) Trust (Bronze, Silver, Gold) Case Based Reasoning Surf Records Matching 1:M (Workflow) 1:1 Tell-Us-Once Self Service & Avoidable Contact EG 11

  12. Direction of Travel…… • A clear Credential Strategy • Trust convergence for Departments, Directgov and Tell-Us-Once • Matches the drive to single entry points for Gov Services (Directgov) • Maximising what can be done once within the perimeter (Tell-Us-Once) • Social Inclusion and customer convenience in the e-channel • Reaching out to high transactors (vulnerable groups) • Minimising the overhead of for inexperienced e-tourists • Maximising self-service, via the e-channel • Minimises e-service up-front deployment costs • Minimises credential dependency – enables rolling ‘renewal’ • Sets a landscape for Public / Private Sector coalescence – potentially partnership 12

  13. Questions Rod Matthews 30 September 2009 http://informationcard.net/blog/open-identity-initiative-2009-09-09 http://digitaldebateblogs.typepad.com/digital_identity/2009/09/katie-davis-ips.html

More Related