Authentication slides 04.07.2003


Published on

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Authentication slides 04.07.2003

  1. 2. Are you who you say you are? 2005 100% online Authentication 2002 e-government usage at 11% of online users 1995: UK has 2% using Internet 2003 Still at 11% 2003: UK has 62% using Internet (51% regularly) 2004 Something has to change … 2003: 16% of UK What’s the Internet?
  2. 3. Mechanics of Authentication (registration and enrolment) <ul><li>Need to establish who someone is </li></ul><ul><li>What they want to do </li></ul><ul><li>Whether they have the right to do it </li></ul><ul><li>Goes from simple to hard </li></ul><ul><ul><li>One time tax return … </li></ul></ul><ul><ul><li>Application for benefit (long term payments out) </li></ul></ul><ul><ul><li>Nurse in hospital accessing patient records </li></ul></ul>
  3. 4. Do you need authentication? <ul><li>Send a tax return </li></ul><ul><ul><li>Probably doesn’t need authentication </li></ul></ul><ul><ul><li>But what if there’s a question </li></ul></ul><ul><ul><ul><li>And you want to ask it by email? Who do you ask? </li></ul></ul></ul><ul><ul><li>What if there’s a dispute, or an outright fraud? </li></ul></ul><ul><ul><li>What about next year when we want to send the form online to the citizen pre-populated? </li></ul></ul><ul><li>Very hard to see many transactional scenarios where we’d not use at least some level of authentication </li></ul><ul><ul><li>Booking a squash court, renewing a library book, paying a bill? </li></ul></ul>
  4. 5. Private Sector Proof <ul><li>Verifiable </li></ul><ul><ul><li>Passport </li></ul></ul><ul><ul><li>Driving Licence </li></ul></ul><ul><ul><li>Utility bill </li></ul></ul><ul><ul><li>Tax demand </li></ul></ul><ul><ul><li>Address / Prior addresses </li></ul></ul><ul><li>Challenge </li></ul><ul><ul><li>Mother’s maiden name </li></ul></ul><ul><ul><li>Favourite colour </li></ul></ul><ul><ul><li>Favourite place </li></ul></ul><ul><ul><li>Date of birth </li></ul></ul><ul><li>Usually verified by </li></ul><ul><ul><li>Experian </li></ul></ul><ul><ul><li>Equifax </li></ul></ul><ul><ul><li>Dun and Bradstreet </li></ul></ul><ul><ul><li>etc. </li></ul></ul><ul><ul><li>And. for challenges, the initial registration profile </li></ul></ul>
  5. 6. Public Sector Proof <ul><li>Verifiable </li></ul><ul><ul><li>UTR (?!) </li></ul></ul><ul><ul><li>NINO (?!) </li></ul></ul><ul><ul><li>PAYE reference </li></ul></ul><ul><ul><li>VAT number </li></ul></ul><ul><ul><li>Etc. </li></ul></ul><ul><li>Challenge </li></ul><ul><ul><li>Digital certificate </li></ul></ul><ul><li>Usually verified by </li></ul><ul><ul><li>Checking the back end system </li></ul></ul><ul><ul><li>Or, for a certificate, the certificate provider’s revocation list </li></ul></ul>
  6. 7. Public Sector Complexity Me My Employer My Colleagues Does my self assessment Do her self assessment Do his VAT and PAYE Stand in for me when I’m away Does Payroll My Accountant My Mother Citizen’s Advice Bureau? Local Authority? Post Office? Payroll Provider Their mothers Their accountants
  7. 8. What’s a Gateway? Rules Web services Portals Gateway Traditional Backend Systems Who? Where? How? What? When? What?
  8. 9. Where do we stand today? <ul><li>99% of transactions via userid and password </li></ul><ul><ul><li>Simple, government focused, verifiable information </li></ul></ul><ul><ul><ul><li>Vast range of potential identifiers, but much overlap </li></ul></ul></ul><ul><ul><li>Userid is specified, password is chosen </li></ul></ul><ul><ul><li>Some component (userid) sent via post </li></ul></ul><ul><li>No cross trust </li></ul><ul><ul><li>Each separate transaction must be separately verified </li></ul></ul><ul><ul><li>No joined up services </li></ul></ul>
  9. 10. Network of Cross Trust <ul><li>Bank </li></ul><ul><li>Insurance company </li></ul><ul><li>Accountant </li></ul><ul><li>Other intermediary </li></ul><ul><ul><li>Citizen’s Advice Bureau </li></ul></ul><ul><li>Central government </li></ul><ul><ul><li>Passport office </li></ul></ul><ul><ul><li>DVLA </li></ul></ul><ul><ul><li>Inland Revenue </li></ul></ul><ul><li>Local government </li></ul><ul><li>NHS </li></ul>Trust is all one way today
  10. 11. Network of Cross Trust <ul><li>Egg trusts me (they let me spend money) </li></ul><ul><li>DWP trusts Egg (up to a point?) </li></ul><ul><li>DWP trusts Egg to trust me (for benefit payments) </li></ul><ul><li>IR trusts DWP (for tax credits) </li></ul><ul><li>IR trusts DWP to trust Egg to trust me (and pays me) </li></ul><ul><li>Southwark trusts IR … </li></ul><ul><li>The green shield stamps version of authentication? </li></ul>
  11. 12. What issues do we have? <ul><li>Userid/password has real limits </li></ul><ul><ul><li>Simple to use, but no legal validity </li></ul></ul><ul><ul><li>Works fine for banks so far </li></ul></ul><ul><ul><ul><li>Banks have back end controls (funds transfer limits, monthly statements etc) </li></ul></ul></ul><ul><li>Government userid standards horrible </li></ul><ul><ul><li>But what are the alternatives? </li></ul></ul><ul><ul><li>Email address (not stable, easy to guess and many people don’t like government to have it)? </li></ul></ul><ul><ul><li>Strangely, when people fail to login, 50% get password wrong </li></ul></ul>
  12. 13. More issues <ul><li>No online assurance that someone really is who they say they are </li></ul><ul><ul><li>Tied into the postal loop </li></ul></ul><ul><ul><li>20% of addresses are out of date </li></ul></ul><ul><li>No “instant on” for first time users </li></ul><ul><ul><li>Cannot setup to e.g. send VAT returns online </li></ul></ul><ul><ul><li>Puts pressure on citizen when deadlines loom </li></ul></ul><ul><ul><ul><li>E.g. must register for self assessment 5-7 days before 31 st January </li></ul></ul></ul>
  13. 14. More issues <ul><li>Digital certificates on life support </li></ul><ul><ul><li>Technology solution hunting a problem </li></ul></ul><ul><ul><li>For some departments even these aren’t enough </li></ul></ul><ul><li>Smart cards proliferating </li></ul><ul><ul><li>But not being tied into government services </li></ul></ul><ul><ul><li>Limited readers, no national standards </li></ul></ul><ul><ul><li>Probably the only truly portable solution though </li></ul></ul><ul><li>Mobile phone as a portable solution? </li></ul><ul><ul><li>70% of phones are pre-pay … no owner information </li></ul></ul>
  14. 15. The future? <ul><li>Entitlement cards </li></ul><ul><ul><li>Biometrics? </li></ul></ul><ul><li>Common Information Database </li></ul><ul><ul><li>One citizen identifier? </li></ul></ul><ul><li>The NHS spine </li></ul><ul><ul><li>Health record aggregation as the common link? </li></ul></ul><ul><li>BT URU </li></ul><ul><ul><li>Part of the network of trust </li></ul></ul><ul><li>All of them probably 3-5 years away? </li></ul>
  15. 16. What Should We Do? <ul><li>Address the real issues </li></ul><ul><ul><li>Too easy to look to blame someone else </li></ul></ul><ul><ul><li>Authentication process is simple … </li></ul></ul><ul><ul><ul><li>Government forms are far, far harder to complete! </li></ul></ul></ul><ul><li>Focus on identifiers </li></ul><ul><ul><li>Which ones for which services … national standard </li></ul></ul><ul><li>Construct a “one time” registration process? </li></ul><ul><ul><li>All key identifiers supplied, even if services are not yet online </li></ul></ul><ul><li>Help construct the network of trust </li></ul>
  16. 17. And just a bit about content
  17. 18. Six things to think about <ul><li>There is no blueprint for joining up government </li></ul><ul><li>Replicating what we already have is not e-government </li></ul><ul><li>There is no silo in “citizen focus” </li></ul><ul><li>Technology is not a differentiator </li></ul><ul><li>No-one wins when others lose </li></ul><ul><li>Having a policy is not the same as delivering it </li></ul>
  18. 19. e-Government evolution? We’re in the trough for sure Government websites % Transactions Online 95%+ Stage 1 Stage 2 Stage 3 Maturity 2,800 websites …. £270-583 million AM rough figure Supplier Gain, .gov Pain Citizen Value 5-7%, less than 3 million per year
  19. 20. What’s wrong with our websites? More than 2,800 sites More than 5 million pages Up to 70,000 pages Nine levels deep More than 200 URLs More than 300 authors Some parts of the site not linked to others ‘ orphan content’ 100s of broken links Download time more than one minute Poor uptime Five different look and feels More than three navigation designs The product of unplanned growth
  20. 21. Usage (or lack of it) Audience penetration (Active reach among total UK Internet users %) Loyalty (Visits per person per month ) = Audience size ( ‘000 unique visitors per month) Commercial Public sector Individual Government sites Source: NNR, UK 5,378 6,281 6,477 4,994 3,997 4,281[hidden] 4,972 4,060 3,674 3,613 566 0 1 2 3 4 5 6 7 8 9 0 5 10 15 20 25 30 35 All govt. 5,565 Central govt. 4,325 Local govt. 2,427
  21. 22. Do we have enough yet? 5 million pages of content 5.5 million visitors per month Low repeat visits per visitor £5-£10 per visitor, per year 0 20000 40000 60000 80000 100000 120000 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 0.0% 10.0% 20.0% 30.0% 40.0% 50.0% 60.0% 70.0% 80.0% 90.0% 100.0% % of all government content Pages per site Hants Medical Devices Scotland HMSO DH IR Dorset CC Castle Morpeth London Online
  22. 23. Countering the “rules” <ul><li>Customer-centric content aggregation </li></ul><ul><ul><li>Life events  life styles  “franchises” </li></ul></ul><ul><li>Consistent look and feel </li></ul><ul><ul><li>Across all government websites </li></ul></ul><ul><li>Economies of scale </li></ul><ul><ul><li>Do it once, do it right, do it all over </li></ul></ul><ul><li>Take spend away from technology </li></ul><ul><ul><li>Focus it on information and services (use the source, Luke) </li></ul></ul><ul><ul><li>Central infrastructure – local, regional and national </li></ul></ul><ul><li>Drive customer take-up </li></ul><ul><ul><li>Partnerships with intermediaries </li></ul></ul>
  23. 24. Things to Think About It’s not technology for technology’s sake <ul><li>Opportunity to fail </li></ul><ul><ul><li>54% projects suffer (HMT Green Book, 2002) </li></ul></ul><ul><ul><li>15% cancelled (Chaos Chronicles, 2002) </li></ul></ul><ul><li>Over-specification </li></ul><ul><ul><li>45% of product features never used, 19% rarely used </li></ul></ul><ul><ul><li>The more you build, the less they use </li></ul></ul><ul><li>No benefit likely </li></ul><ul><ul><li>Your return on investment begins the day you switch it on </li></ul></ul><ul><ul><ul><li>Start small, add rapidly, make it great a bit at a time </li></ul></ul></ul><ul><ul><ul><li>High yield, low risk. </li></ul></ul></ul>Source: Jim Johnson, The Standish Group
  24. 25. And finally <ul><li>It’s not just about websites </li></ul><ul><ul><li>Kiosks, DTV, offline/online consistency, intermediaries etc. </li></ul></ul><ul><ul><li>Cross-channel capability </li></ul></ul><ul><ul><li>Cohesive brand … focused marketing £ </li></ul></ul><ul><li>Integrated content and transactions </li></ul><ul><ul><li>The more people can do, the more they’ll want to do </li></ul></ul><ul><ul><li>Today’s one time “tax”, “benefit” transactions not enough </li></ul></ul><ul><li>The UK is far behind its peers in online government usage </li></ul><ul><ul><li>Yet we bank and buy books online more than anyone </li></ul></ul><ul><ul><li>Fragmentation, competition, squabbling make us suffer </li></ul></ul><ul><ul><li>Too expensive to go solo (silo) </li></ul></ul>