To move from paper-based systems to digital solutions, the Courts of Denmark needed single sign on access to Web services and identity federation among disparate IT systems. In just two weeks, the Courts built and launched a claims-based infrastructure by using Windows Identity Foundation, which is built on Active Directory Federation Services 2.0.
The Courts of Denmark are working to digitize the superior and city courts, including the registration, payment, and bankruptcy processes for property such as land, houses, and cars. One of the first externally facing solutions is a property-law solution (e-Tinglysning) that consists of an external portal accessed by banks, citizens, and real estate agents and an internal interface between this portal and the IT systems of the superior and city courts.
For authentication and identity management, the external portal is using X.509 certificates. Both superior and city courts use Active Directory Domain Services to manage access rights and user identities, but network configurations did not allow for direct communication between these separate Active Directory forests. Also, the Courts wanted a solution architecture that would offer single sign on (SSO) capability and identity federation, so people could log in once to access multiple applications and share data among systems. This was important because, for example, the Courts wanted SSO for the new bailiff application (Nyfoged), which includes roughly 100 Web services. The Courts also required a security solution that would work across Web applications and Web services, because many systems and applications contain sensitive citizen data on mortgages, loans, credit cards, bank account numbers, and criminal records. “A lot of money and sensitive data are involved, so the Courts needed good safeguards to ensure the identities of people using the new system,” says Leif Nielsen, IT Architect at the Courts of Denmark.
The Courts joined the Microsoft Technology Adoption Program for Windows Identity Foundation (an extension of the Microsoft .NET Framework), which they used to create a claims-based infrastructure, and for Active Directory Federation Services 2.0, which handles identity federation.
||We can manage security efficiently and cost-effectively, with a seamless experience for users thanks to Active Directory Federation Services 2.0.
IT Architect, Courts of Denmark
The SSO solution is based on Active Directory Federation Services 2.0, an identity access solution that provides browser-based clients with SSO to Web applications and Web services, even when the user accounts and applications are located in different organizations or Active Directory forests. The Courts used Active Directory Federation Services 2.0 to efficiently deploy and manage new applications by reducing custom implementation work with prebuilt security logic and Microsoft .NET–based tools, helping establish a consistent security model and facilitating collaboration between organizations with automated federation tools.
The Courts also built a claims-based infrastructure on Windows Identity Foundation; with claims, authorization and authentication are externalized from applications, so the Courts can manage them centrally and apply policy changes immediately. Also, .NET application developers do not have to spend as much time developing custom user access logic because Windows Identity Foundation offers prebuilt logic and a single identity model; this makes it quicker and easier to add new applications and services.
The Courts worked with Microsoft Gold Certified Partner Globeteam to design and implement an interface between the IT systems at the city and superior courts and e-Tinglysning as the first solution based on Active Directory Federation Services 2.0. The SSO solution went live in early September 2009, after just two weeks of development and testing.
In January 2010, the Nyfoged application was moved to this solution, and several other applications are scheduled to be migrated to it in 2010.
The Courts will use the solution for all future applications, to deliver SSO to external parties and to help ensure the necessary level of security for connecting with internal Web services. In time, court employees, citizens, banks, real estate agents, and lawyers will use applications from a Web-based portal and from internal court systems to upload documents, make and track court cases and dates, and complete other transactions.
The potential time and cost savings from automating paper processes is huge. With a claims-based architecture and identity federation, the Courts of Denmark can offer a more secure identity and access solution that supports communication across IT systems and technologies.
Time Savings for Government and Citizens
The Courts of Denmark will eventually connect every IT system and hundreds of Web services internally and externally, for a user base of 5 million citizens. Employees will be able to complete simple tasks, such as coordinating schedules and court dates, digitally and across systems rather than having to contact all parties by phone. And citizens will be able to better track their case information and progress digitally, without submitting or receiving paper forms, using fax machines, or risking loss of paper documents. “Just think about the tremendous savings,” comments Leif Nielsen. “It’s faster, and it saves people time behind the photocopier, in handling forms and in making sure that everyone has the latest version of a document.”
Easily Extend Identity-Based Access
The claims-based architecture offers the flexibility to connect the disparate IT systems and components across the country’s courts and to external parties. “The claims-based architecture is not a proprietary Microsoft technology,” says Morten Strunge Nielsen, Principal of the Microsoft team at Globeteam. “It is an open, standardized solution that makes it possible for anyone to create a more secure SSO experience.” Another big benefit is the ease of creating and adding new applications to the security infrastructure. Developers spend less time coding custom user access logic, which is already included in Windows Identity Foundation.
With help from Globeteam, the courts built, tested, and deployed the necessary security infrastructure for the internal interface in just two weeks. “We can manage security efficiently and cost-effectively, with a seamless experience for users thanks to Active Directory Federation Services 2.0—this is vital for moving from paper-based to digital processes,” says Leif Nielsen. “We wouldn’t offer access to this sensitive data if we didn’t have a security solution that we trusted.”
For more information about other Microsoft customer successes, please visit: