Author: Simon Moffatt, Solutions Director, ForgeRockOIXBlog_ForgeRock_Graphic_2015-12-15

In recent months, the OIX blog has run a series of articles and papers regarding projects involving the UK Digital Service, the Cabinet Office and local government entities such as the Warwickshire Council. These projects largely stem from the UK Government Digital Strategy initiative through which the government is seeking to leverage digital technologies in innovative ways to improve services for citizens while driving down costs for government. As an example of this drive, a recent OIX-sponsored white paper pointed out how valuable implementing just a single new technology – attribute exchange – could prove:

Attribute exchange has the potential to deliver significant savings. At a DCLG Local Digital co-design event in July 2014 it was estimated that £100m could be saved each year by local authorities if they had access to Driver and Vehicle Licensing Agency (DVLA) data to deliver a range of services online, such as concessionary bus travel, taxi licences and parking permits.

To demonstrate its value in the real world, a public + private team organised an alpha proof of concept that would implement an identity and access management platform to automate the process for disabled drivers to register for “Blue Badge” parking cards. This attribute exchange system was designed to reduce the time for procuring a Blue Badge from a few weeks to a few minutes. The solution was underpinned by GOV.UK Verify, the government’s identity assurance solution, and would be built on the OpenAM access management platform and OpenIG identity gateway from ForgeRock. The project was headed by a team including Steven Gevers from Verizon Enterprise Solutions, Rob Laurence from Innovate Identity, and Ian Litton, Commissioning Implementation Lead at Warwickshire County Council.

“We bring ForgeRock into projects like this one mainly because of the solution’s flexibility and extensibility,” explained Gevers. “It’s been proven in many implementations – both commercial and large public sector deployments, frequently on a national scale.”

An all-in-one open source access management solution, ForgeRock OpenAM provides innovative and comprehensive services for customer-facing identity relationship management, as well as traditional access management capabilities. What legacy identity vendors have traditionally delivered as several different products — SSO, social sign-on, adaptive authentication, strong authentication, federation, web services security, and fine-grained authorization — is delivered as a single, unified offering.

ForgeRock OpenIG is an identity gateway that checks the identity of web traffic as it passes through, stopping those without permissions and letting the rest pass. It can also enforce rules determining who and what is allowed access to which resources. OpenIG can route all HTTP web traffic to protected applications through a centralized gateway that verifies identities, enabling close inspection, transformation, and filtering of each access request. This centralized gateway eliminates the need to deploy a variety of disparate policy agents to check identities in individual apps. By inspecting the traffic, OpenIG is able to intercept requests that would normally require the user or device to authenticate.

The alpha project successfully proved that the attribute exchange service could automate the Blue Badge application process, and save citizens tremendous amounts of time and money in applying for badges. The findings of the project are now being evaluated by central and local government, and Gevers asserts that the path forward is clear if and when a decision is made for a follow-up Beta project leading to a production version.

“The challenge is not a technical one at this point – we know exactly how to deploy an attribute exchange platform to support a digital Blue Badge service, or any number of other types of government permitting or applications processes. ForgeRock’s technologies performed perfectly in the alpha, and we’d certainly expect to use OpenAM and OpenIG in a production environment.”

For a general overview of the alpha Blue Badge project, read the white paper: Towards An Architecture For A Digital Blue Badge Service.

For a technical overview of the project, read A Technical Design For A Blue Badge Digital Service.