Employee Authentication Services EAS

1
Employee Authentication Services (EAS)

• A potential pan-government service

13 June 2008
Yasmine Dlia, John Skipper Chief Information
Officer Group DCSF
2
EAS Scope and target benefits

• Scope
• A scalable, sustainable and secure solution for
  local government employees to access sensitive
  information in central government systems
• Ready to roll out from November 2008
• Scalable and flexible to support multiple
  applications across government
• Endorsed and security accredited as a core shared
  government asset
• Set-up funded by DCSF and CLG
• DCSF acting as driving customer
• Target Benefits
• Avoid the need for employees to use multiple
  authentication processes/tokens
• Support greater collaboration/joint working for
  the benefit of citizens, children, learners
• Provide cross government aligned processes and
  systems for secure sharing/ accessing of
  sensitive data
• Improve efficiency through re-use within central
  and local government
• Consistent with pan-government policies and
  architecture

3
Project development since March 2007

• Completed high level solution architecture
• Design reviewed with CJIT, GG and ContactPoint
  and endorsed by Cross Gov CIO Council
• Evaluation of assets against requirements
• GG, CJIT, NHS and market sounding
• Response to invitation to participate from GG and
  CJIT
• Local Authorities positively engaged
• 11 early adopter LAs on working groups
  (Registration and operation)
• Sub-group reports defining policy on key areas
• Registration, Operational Impact, Trust and
  Sustainability
• Full business case and evaluation of proposals
  completed end November
• Government Gateway appointed to develop
  components of solution

4
EAS Governance
SRO
DCSF (Tim Wright)
CLG(Roy Marshall)
DWP(Kenny Robertson)
CIO/CTO Council (Kevin Murphy)
ContactPoint Brent LA Becta Gov Connect EDT
EAS Project Board
EAA Working Group
LAs Salford Newham St Helens Herts Derbysh
ire Hants LeedsLondon ConnectsLeGSB DWPCabine
t Office / eDTNHSMinistry of Justice /
CJITMoDCSIA / CESGBecta
CLG/DCSF CoIworking group
Operational model implementation guide
Policy on min registration procedures
Achieving shared trust
Sustainability and migration
Salford6
LeGSBHantsNewhamBrent
CSIADCSFCESGGov Connect
CLG DCSFEDT DWP
5
How will the solution look?
Common Trust Framework (rules standards)
LA
SharedIdentityProviderService(IDP)
AuthenticationBroker
DCSF Applications
Quick and simple integration
LA
DWP Applications
LA
LA
Own IDPService
Othercentral govt apps
NHS
Own IDPService
6
Components of the solution
Central Hub
Registration Authority (LA or National Partner)
Service Provider
Service Provider
Shared Identity Provider
Administrator
Administrator
Authentication Broker
People andprocesses
Account
Service
Attributes
Web
service
portal
Integration support forcentral government
services
People andprocesses
Service Integration Support
Application integration service
Test environment provision
People andprocesses
Existing Government Gateway platforms
New Government Gateway capability
7
Proposed Cross Government Trust Architecture
Communities Of Interest
ServiceProviders
Trust Broker
IDP
Authn/ Authz
Governance and standards
IDP
Authentication
IDP
Trust enforcementservices
Noaccessmgmt
IDP
8
Registration Policies Subgroup

• Sources
• Baseline Personnel Standard
• Minimum Requirements for the Identification of
  Individuals
• ContactPoint Security Policy
• Approach
• Identity a set of scenarios where Registration
  policies will be required.
• Identify a set of Actors to represent types of
  Employee
• Generate Use Cases from each of the scenarios
  and for each EmployeeType.
• For each step in the Use Cases, construct the
  Policy implications drawn from existing Law, and
  Good Practice.

9
Operation Model Subgroup

• Deliverables
• The subgroup will build upon the existing work
  and take this analysis to the next level of
  detail to produce an Implementation Guide for
  Local Authorities who wish to participate in the
  scheme. This guide will include the following
• readiness assessment
• training information
• guidelines on activities that are required and
  when they should take place
• what technology is required
• roles and responsibilities
• document management advice

10
The EAS project is delivering according to plan
Government Gateway
Development
Test
Test
Develop
Develop
Test
ID Provider
Full federation
WAYF page
Pilot Roll out
2nd pilot
Early Adopters
DCSF Pilot
Proof of Concept
CP EA
The Proof of Concept to get Local Authority and
Govt Dept. feedback
DCSF Pilot will reuse the Proof of Concept
solution to prove usability and technical solution
2nd pilot with local registration and using
production environment to prove business processes
11
Key to Success Pilot

• Approx 500 users in 150 local authorities
• DCSF have registered users and issues tokens
  centrally
• Refining workflows fro shared IDP
• Strong, two factor authentication for Key Stage 2
  data
• User enters PIN into token
• Token generates secure one-time password
• Login uses Authentication Broker functionality on
  proof of concept system
• Pilot live since beginning of last week
• 240 users have activated tokens
• 210 have logged on
• One lost PIN so far!

12
Standards for Trust assertions
Authentication Assertion
PersonalAttributes
MaturityAttributes
Service 1Attributes
Service 2Attributes
Actor ID
IDP ID
Confidence
Role
Role
M
O
M
Minenrolmentflag
O
13
Sustainability Working Group

• Outcome
• Understand requirements for wider adoption by LAs
  and schools and maximise the use as a shared
  asset.
• Complete sustainability model/route map for
  deployment across LA domain ( up to 2m users.
• Membership includes DCSF, CLG and DWP, LAs and
  EDT (Government Gateway)
• Key Deliverables
• Sustainability Business model
• Deployment Strategy
• Marketing Strategy
• Support Strategy