Sunday, September 17, 2006
Not The 9 o'clock Awards
The Government Gateway won an award this week ("another one?" I hear you cry). It's an IDDY award, or perhaps an IDDYIOT award. Apparently it's only for those deployments of Liberty technology. Here's what was done to win it: - Deployment -- The Government Gateway Authentication Service has been designed as the authentication server for all e-government services in the UK. Nearly eight million citizens in the UK are registered to use the gateway service. - Circle of Trust -- The Gateway provides authentication services on behalf of multiple other public-sector bodies, based on trust principles established in UK e-government legislation. The Gateway also supports a "tiered" authentication scheme according to the level of assurance provided by the user enrolment process and the type of credentials issued. - User-Centric Capabilities -- The project has been developed to provide citizens and businesses with ease-of-use capabilities for accessing a variety of UK government services; not only does the Gateway provide a single authentication and entry-point for online government services, it now supports the predominant open standards on the market, making it easier for public sector bodies to integrate its authentication capability with their own service provision systems. - Highlights -- Deployment supports all federation standards to allow for complete interoperability between government agencies nationwide, there is less need for each local authority to develop or implement its own secure authentication mechanism. The Gateway provides local authorities with a single, consistent and robust security mechanism at minimal cost and effort on their part. - Interoperable Federation Technologies -- A principal aim of this project was to reduce the cost and complexity experienced by government departments and other public sector bodies (such as Local Authorities) in making use of the centralized authentication service. To that end, the Gateway was enhanced to support both WS-Federation and the Liberty Alliance Identity Federation Framework standards. This delivers a level of interoperability and protocol-independence which greatly simplifies the task of integrating service-provision systems with the Gateway's authentication functions. It also means the Gateway can deliver consistent authentication to its users without requiring them all to adopt a single standard, which could potentially alienate a substantial segment of the user-base. All those apart from the last bullet have been true for a while. I didn't know the Gateway did (used? incorporated?) Liberty so I asked the guys back at the Cabinet Office what was with that. Jim (It's life but not as we know it), replies: This year we built a single sign on portal as part of the Gateway UI. The business objective was to deliver a white labeled common authentication page that would manage the authentication calls with the Gateway. In order to do this we had to implement single sign on to mange the user’s authenticated session between the Gateway domain and the participating portal domain. We did this by implementing an interoperable SSO protocol handler that allows the portal to select whether they want to use one of the Liberty, WS-Federation or SAML protocols. The security token that they receive is a SAML 1.1 token but each one can be customised per portal. So that's all clear then. Congratulations. Nearly 6 years on, it's great to see the Gateway still be recognised as leading the way.
Posted by Alan at Sunday, September 17, 2006