Authentication slides 04.07.2003

Are you who you say you are? 2005 100% online Authentication 2002 e-government usage at 11% of online users 1995: UK has 2% using Internet 2003 Still at 11% 2003: UK has 62% using Internet (51% regularly) 2004 Something has to change … 2003: 16% of UK What’s the Internet?

Mechanics of Authentication (registration and enrolment)
Need to establish who someone is
What they want to do
Whether they have the right to do it
Goes from simple to hard
One time tax return …
Application for benefit (long term payments out)
Nurse in hospital accessing patient records

Do you need authentication?
Send a tax return
Probably doesn’t need authentication
But what if there’s a question
And you want to ask it by email? Who do you ask?
What if there’s a dispute, or an outright fraud?
What about next year when we want to send the form online to the citizen pre-populated?
Very hard to see many transactional scenarios where we’d not use at least some level of authentication
Booking a squash court, renewing a library book, paying a bill?

Private Sector Proof
Verifiable
Passport
Driving Licence
Utility bill
Tax demand
Address / Prior addresses
Challenge
Mother’s maiden name
Favourite colour
Favourite place
Date of birth
Usually verified by
Experian
Equifax
Dun and Bradstreet
etc.
And. for challenges, the initial registration profile

Public Sector Proof
Verifiable
UTR (?!)
NINO (?!)
PAYE reference
VAT number
Etc.
Challenge
Digital certificate
Usually verified by
Checking the back end system
Or, for a certificate, the certificate provider’s revocation list

Public Sector Complexity Me My Employer My Colleagues Does my self assessment Do her self assessment Do his VAT and PAYE Stand in for me when I’m away Does Payroll My Accountant My Mother Citizen’s Advice Bureau? Local Authority? Post Office? Payroll Provider Their mothers Their accountants

What’s a Gateway? Rules Web services Portals Gateway Traditional Backend Systems Who? Where? How? What? When? What?

Where do we stand today?
99% of transactions via userid and password
Simple, government focused, verifiable information
Vast range of potential identifiers, but much overlap
Userid is specified, password is chosen
Some component (userid) sent via post
No cross trust
Each separate transaction must be separately verified
No joined up services

Network of Cross Trust
Bank
Insurance company
Accountant
Other intermediary
Citizen’s Advice Bureau
Central government
Passport office
DVLA
Inland Revenue
Local government
NHS
Trust is all one way today

Network of Cross Trust
Egg trusts me (they let me spend money)
DWP trusts Egg (up to a point?)
DWP trusts Egg to trust me (for benefit payments)
IR trusts DWP (for tax credits)
IR trusts DWP to trust Egg to trust me (and pays me)
Southwark trusts IR …
The green shield stamps version of authentication?

What issues do we have?
Userid/password has real limits
Simple to use, but no legal validity
Works fine for banks so far
Banks have back end controls (funds transfer limits, monthly statements etc)
Government userid standards horrible
But what are the alternatives?
Email address (not stable, easy to guess and many people don’t like government to have it)?
Strangely, when people fail to login, 50% get password wrong

More issues
No online assurance that someone really is who they say they are
Tied into the postal loop
20% of addresses are out of date
No “instant on” for first time users
Cannot setup to e.g. send VAT returns online
Puts pressure on citizen when deadlines loom
E.g. must register for self assessment 5-7 days before 31 st January

More issues
Digital certificates on life support
Technology solution hunting a problem
For some departments even these aren’t enough
Smart cards proliferating
But not being tied into government services
Limited readers, no national standards
Probably the only truly portable solution though
Mobile phone as a portable solution?
70% of phones are pre-pay … no owner information

The future?
Entitlement cards
Biometrics?
Common Information Database
One citizen identifier?
The NHS spine
Health record aggregation as the common link?
BT URU
Part of the network of trust
All of them probably 3-5 years away?

What Should We Do?
Address the real issues
Too easy to look to blame someone else
Authentication process is simple …
Government forms are far, far harder to complete!
Focus on identifiers
Which ones for which services … national standard
Construct a “one time” registration process?
All key identifiers supplied, even if services are not yet online
Help construct the network of trust

And just a bit about content

Six things to think about
There is no blueprint for joining up government
Replicating what we already have is not e-government
There is no silo in “citizen focus”
Technology is not a differentiator
No-one wins when others lose
Having a policy is not the same as delivering it

e-Government evolution? We’re in the trough for sure Government websites % Transactions Online 95%+ Stage 1 Stage 2 Stage 3 Maturity 2,800 websites …. £270-583 million AM rough figure Supplier Gain, .gov Pain Citizen Value 5-7%, less than 3 million per year

What’s wrong with our websites? More than 2,800 sites More than 5 million pages Up to 70,000 pages Nine levels deep More than 200 URLs More than 300 authors Some parts of the site not linked to others ‘ orphan content’ 100s of broken links Download time more than one minute Poor uptime Five different look and feels More than three navigation designs The product of unplanned growth

Usage (or lack of it) Audience penetration (Active reach among total UK Internet users %) Loyalty (Visits per person per month ) = Audience size ( ‘000 unique visitors per month) Commercial Public sector Individual Government sites Source: NNR, UK windowsupdate.microsoft.com 5,378 google.com 6,281 microsoft.com 6,477 bbc.co.uk 4,994 ask.co.uk 3,997 amazon.co.uk 4,281[hidden] loginnet.passport.com 4,972 google.co.uk 4,060 msn.co.uk 3,674 freeserve.com 3,613 dfes.gov.uk 566 0 1 2 3 4 5 6 7 8 9 0 5 10 15 20 25 30 35 All govt. 5,565 Central govt. 4,325 Local govt. 2,427

Do we have enough yet? 5 million pages of content 5.5 million visitors per month Low repeat visits per visitor £5-£10 per visitor, per year 0 20000 40000 60000 80000 100000 120000 1 21 41 61 81 101 121 141 161 181 201 221 241 261 281 301 321 341 361 381 401 421 441 461 481 501 521 541 561 581 601 621 641 661 681 701 721 741 761 781 0.0% 10.0% 20.0% 30.0% 40.0% 50.0% 60.0% 70.0% 80.0% 90.0% 100.0% % of all government content Pages per site Hants Medical Devices Scotland HMSO DH IR Dorset CC Castle Morpeth London Online

Countering the “rules”
Customer-centric content aggregation
Life events  life styles  “franchises”
Consistent look and feel
Across all government websites
Economies of scale
Do it once, do it right, do it all over
Take spend away from technology
Focus it on information and services (use the source, Luke)
Central infrastructure – local, regional and national
Drive customer take-up
Partnerships with intermediaries

Things to Think About It’s not technology for technology’s sake
Opportunity to fail
54% projects suffer (HMT Green Book, 2002)
15% cancelled (Chaos Chronicles, 2002)
Over-specification
45% of product features never used, 19% rarely used
The more you build, the less they use
No benefit likely
Your return on investment begins the day you switch it on
Start small, add rapidly, make it great a bit at a time
High yield, low risk.
Source: Jim Johnson, The Standish Group

And finally
It’s not just about websites
Kiosks, DTV, offline/online consistency, intermediaries etc.
Cross-channel capability
Cohesive brand … focused marketing £
Integrated content and transactions
The more people can do, the more they’ll want to do
Today’s one time “tax”, “benefit” transactions not enough
The UK is far behind its peers in online government usage
Yet we bank and buy books online more than anyone
Fragmentation, competition, squabbling make us suffer
Too expensive to go solo (silo)

Authentication slides 04.07.2003

by Alan Mather on Jun 14, 2010

Accessibility

Categories

Upload Details

Usage Rights

2 Embeds 118

Statistics

Authentication slides 04.07.2003 — Presentation Transcript

http://blog.diverdiver.com	117
http://www.slideshare.net	1