London Borough of Newham

London Borough of Newham Pioneers Large-Scale Implementation for Identity Management

Secure identity management system helps build citizen confidence in electronic transactions with government organisations

If social housing tenants in a typical local authority in the United Kingdom (U.K.) want to view the confidential details of their rent accounts, it usually means a trip to the civic centre or local housing office. And that’s only possible during office hours when many of them are at work. What a difference it would make if they could access these details online—from home or work—and also use the same identity management system to unlock other government services.

A trail-blazing project that will pave the way for U.K. citizens to easily and securely access confidential information from government organisations has been successfully launched by a London council. A council, not surprisingly, noted for its IT innovation.

It opens the door for citizens to access, from an ordinary browser, the confidential details held about them by public sector organisations. This may include their council tax balance, social housing rent account, or other payments histories.

To our knowledge, this is the first ever information card implementation in the United Kingdom public sector. It is a pioneering project using Microsoft technology with huge implications for how citizens will interact with government organisations in future. Geoff Connell Chief Information Officer, London Borough of Newham

In what is hailed as a first for the U.K. public sector, the London Borough of Newham is piloting information cards with nine other local authorities for around 200 users to access shared confidential information. The intention is to extend the project over the next nine months, first to partners and then to citizens.
Supporting the Transformational Government Agenda

The 10 local authorities in the pilot programme all belong to the Microsoft® Shared Learning Group, a local government alliance, which helps to exchange best practice and promote collaboration on innovative IT solutions. This cooperation supports the aims set out in the U.K.’s national “Transformational Government” strategy to improve e-government services through business process re-engineering and re-design.

Since April 2008, the 10 councils have used their new online IDs to share internal documents relating to the Shared Learning Group, which focuses on employee productivity, flexible and collaborative working, business integration, child protection solutions, performance management, and maximising IT support for elected members. Previously, Newham had to run a separate database to manage identity and passwords for collaborating with partners through its extranet.

This initial roll out of the access and identity management system to the 10 councils is just the beginning of a revolution in customer service. As more and more government departments and councils join together to offer shared services, a common way of authenticating users becomes increasingly necessary. Another key driver is to limit the number of identities that people use to access applications, thereby improving productivity and cutting administration costs.

However, while saving time and making identity management more efficient is valuable, it is not the most important consideration behind this pioneering project. It will be offered free to other local authorities to trial through the U.K. arm of the Microsoft Shared Solutions Network—an online environment that helps foster collaboration in the public sector.

Geoff Connell, Chief Information Officer, London Borough of Newham, says: “We need to address the issue of trust. Then we can extend this initial pilot programme—first, to partner organisations in our Local Strategic Partnership and then to citizens in their routine transactions with local and national government. Recent security breaches have highlighted the need to enhance IT security in governmental organisations.”

Public sector spending on identity management is set to grow by almost 50 per cent in 2008, to £1.2 billion (U.S.$2.34 billion) from £825 million in 2007, driven by major programmes such as e-Borders, the Police National Database, and the National Offenders Management Systems. Behind the growth is the government’s well publicised desire to deal with identity fraud, illegal immigration, and the threat from terrorism, along with the drive for all government bodies to share more information-integrating services.

Growth in Adoption of “Federated Identities”
Formidable obstacles have stood in the way of standardisation in use of identity practices and the adoption of “federated identities,” in which users can be authenticated once for use across many systems.

That is, until now. A new trend has already begun with the growing use of the Government Gateway, a centralised registration environment for e-government services as an authentication platform. Projects such as the National Education Network, a U.K. collaborative group for education, are gaining momentum.
This significant step forward in local government is the result of thought leadership by Newham and the Shared Learning Group, working in close partnership with Microsoft, Microsoft Certified Partner Eduserv—a not-for-profit professional IT services group and expert in access and identity management—and systems integrator Ascentium, a Microsoft Gold Certified Partner.
Daniel Reardon, Sales Manager at Ascentium, says: “Newham is seen as a thought leader in local government, which is why it chooses cutting-edge technology solutions to meet its needs. We have a long partnership with the council and help it to successfully innovate by implementing the latest Microsoft technologies—the current project is no exception. Our role as systems integrators is to help ensure that the new technologies are correctly aligned with the needs of the council.”
The integration of the identity management services for the Shared Learning Group was carried out by Eduserv. Based on the Eduserv OpenAthens technology integrated with Windows CardSpace™, the solution empowers users to provide their digital identity to online services in a simple, secure, and trusted way.
The architecture on which Windows CardSpace has been built—comprising subjects, identity providers, and relying parties—is called the identity metasystem. It isn’t just a Microsoft initiative. Rather, it is the shared vision of many across the industry as to how to solve the fundamental identity challenges on the Internet today.

Windows CardSpace—Information Cards for Identity Management
“It’s what’s known as an identity selector,” says Ed Zedlewski, Chief Information Officer at Eduserv. “When a user needs to authenticate to a Web site or a Web service, Windows CardSpace pops up a special security-hardened user interface with one or more applicable information cards from which the user chooses.”

Each card has some identity data associated with it, but it is not stored in the card—it is given to the users by an identity provider, such as their employer or government, or is created by the users themselves. When the user chooses a card, a signed and encrypted security token containing the required information is generated by the identity provider that created the card. The users then decide whether to release this information to the requesting online service.

Connell says: “To our knowledge, this is the first ever information card implementation in the U.K. public sector. It is a pioneering project using Microsoft technology with huge implications for how citizens will interact with government organisations in future.” Reardon believes the identity metasystem in Newham is only the third case of its kind in the world.

Zedlewski adds: “Local authorities hold increasing amounts of data electronically, which needs to be accessed in a secure and timely way. Information cards offer greater security than conventional means of logging on. By using Windows CardSpace, users are less likely to fall victim to phishing—an e-mail fraud scam conducted for the purposes of identity or information theft.

“Eduserv has used its extensive experience of large-scale identity provision to create a convenient way for users to manage their online identities in their own environment, helping individuals to control how they store and release the credentials by which they are recognised.”

Business Partnership Results in Successful Pilot Programme
Newham decided to work with Eduserv on this pioneering project because of the organisation’s expertise in creating and managing access and identity management solutions. Connell says: “We didn’t want a local government or government-specific solution, but were very keen to have a customer-centric tool.”

More than four million students and researchers in U.K. colleges and universities, the National Health Service (NHS), and organisations worldwide use Eduserv access and identity management systems to access online resources. The goal of the Shared Learning Group is to help improve the efficiency and security of their identity management processes at an affordable cost. “We’re confident that with Eduserv as the third-party identity provider we’ll achieve this,” says Connell. “We are also pleased to be working with a not-for-profit organisation on a project where the intention is to share knowledge and learning with other parts of the public sector.”

The close partnership approach adopted by Newham, Eduserv, and Ascentium has achieved some immediate top-line benefits—reduction in the overall cost of rolling out collaborative environments, speed in managing identities, and scalability. Connell says: “We can easily increase the rate of sharing the site with different partners and the number of users can reach into the thousands.”

One driver for the Shared Learning Group project was to cut the number of identities that local government officers use to access applications. Previously, council employees in Derby or Wakefield had to first log on to their own Web sites and then log on once more to access the Learning Group site. “Windows CardSpace doesn’t remove the need for another log on, but users do it more consistently for multiple sites,” says Connell. “So at Newham, as administrators for the Shared Learning Group, we do not have to bear the cost of managing all those identities.”

The cost of changing a password is estimated at around £30. According to Connell, the new environment simplifies this burden and does not require local authorities to invest heavily in identity management software. “It is too early to provide an accurate forecast of the savings in time and improvements in productivity, but they will be significant as time goes on and the solution is extended to other services,” says Connell.

Microsoft technology has also provided a boost for the project because it is based on open standards and can be used by non-Microsoft software users provided they have the right software running on their machines.

“We have a strong business partnership with Microsoft so why not look to Microsoft first,” says Connell. “Moreover, Microsoft has a deep commitment to open standards galvanised by Kim Cameron, Chief Architect of Identity and Access at Microsoft. That alone gives us a great deal of confidence that we’re on the right track. And we now have a model that can be used by any organisation to collaborate securely with its partners or customers.”

This case study is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, IN THIS SUMMARY. Document published August 2008