high level cross-government architecture — 2003 style

I tweeted recently a couple of old IT architectural schematics from 2003. They provide an interesting (historical) perspective on how to bring existing government systems into the world of online services.

Following a few requests, I thought I might as well follow-up by blogging in a bit more detail about those schematics here — given the subject remains highly topical.

Back in 2003, the aim was to reach consensus on a cross-government technical architecture that would provide the right balance between centrally provided  and department provided components. In 2003, the open standards of e-GIF (the e-Government Interoperability Framework) prevailed and the default data format for inter-system interoperability was XML (the extensible Markup Language).

The “Vision” from 2003 is shown below.

online service vision 2003

The high level architecture behind this vision is shown below.

conceptual x-government viewIt’s fairly self-explanatory at this level — with several core elements shown down the righthand side (management and operations; data interoperability [XML]; security framework; metadata framework), and four key technical layers to the left: data sources; data access; business, logic and workflow; and UI components and processes.

This is expanded a little more in the view that follows.

x-govt conceptual more detailed

The top tier makes clear the multi-channel strategy and the way government services were envisaged as being delivered through a whole range of different organisations: from government to businesses to the voluntary sector, and through a variety of devices.

Web services were to provide the common, open standards for how the various online government services could be delivered via public interfaces. At the “common services” tier a range of modular components (from authentication to payments to notifications) were to exist, providing a flexible way of pulling common components together in the design of frontline services. Behind this, a similar open layer of web services existed which would use XML to proprietary integration mechanisms to connect into existing systems — be they public or private sector — needed in the design and delivery of online services.

For this approach to work, both departments and the centre needed to agree standards for the web services to be exposed by departments. The integration between XML and existing systems — to enable that integration — also needed to be resolved to ensure consistent delivery. There would need to be a way of reliably orchestrating processes both at the central government level (for cross-government orchestration of multi-departmental services) and at the department level (cross-system).

At the centre, the Government Gateway (which became an umbrella term for a range of component services — primarily identity and authentication, transaction orchestration, payments, and departmental integration services), acted as a broker, ensuring all calls were made through the same common architecture and endpoints. This included defining common standards in areas such as naming conventions, error handling responses and so on, together with the XML schema, meta content etc of the actual SOAP (Simple Object Access Protocol) methods and calls used for the interaction of content and services.

At what has often proved the most intractable and complex layer — that of bridging the gap between existing systems and online services — three elements came into play:

  • custom adaptors (specific integration tools for e.g. a mainframe)
  • web services interfaces surfaced via the adaptors and exposing data and methods through native XML/SOAP
  • associated process logic to ensure data and application integrity

backend integrationThis approach enabled a variety of existing systems to be bridged into the open, web services world. Of course, this was meant to be a transitive stage and not something to fossilise and preserve existing systems, enabling them to live on forever. It was intended to be a pragmatic way of taking early benefits in a massively diverse brownfield environment whilst a parallel programme could begin to re-engineer and re-architect backend processes, data, systems and their owning organisations into something better suited to twenty-first century government services.

backend transition

This secondary stage foresaw the assessment, transformation, re-factoring and web-enablement of these older systems — with an end goal of removing older backend systems and disaggregating and componentising them to enable departments to redesign and improve their services free of the restrictions of their inherited IT estate.

The illustration below shows conceptually how this architectural approach would enable the central orchestration of a service across multiple departments, with each of those departments in turn tackling local integration across their multiple backend systems.

x-govt orchestrationAn alternative view of the central components/local integration model is shown below, illustrating the role of common, re-usable components in the overall architecture and service design model.

common components A more detailed breakdown of the layers of the model is shown below.

detailed layers

Returning to a higher level perspective, the schematic below shows how the various components comprising the Government Gateway provided the realisation of some of this vision.

GG enablers

Note the existence of a “virtual department” to the right of the picture: this was a major concept at the time. Rather than trying to fix all of the historic issues of existing systems, data, processes and organisational hierarchies, the proposition was to create ‘virtual departments’ that would provide a way of exposing new services built around citizens’ and businesses’ needs rather than merely projecting the existing departmental service structures onto the internet. These would enable the development and design of better services — but, over time, they would also build out the future of government, at which point the existing systems could be switched off. More ambitiously, they would also enable the potential reconfiguration of government itself as it would no longer be tied down by information systems that had fossilised the historic business units and hierarchical functional silos of the departments and agencies in which they had been designed and deployed.

Some 11 years on, there remains considerable healthy debate about the best architectural models for government — across business, information and technical levels, and indeed the wider organisational configuration of government itself. At the polar extremes are opposing technical perspectives on the merits of emergent solutions and approaches versus imposed blueprints, and of centralised versus federated models.

As with most of these things, neither extreme in itself will prevail: good systems, successful technology and well-designed user services tend to involve a shifting blend of models and approaches. But hopefully I’m not alone in finding it useful to document the journey we’re on — and the road already travelled.

Posted in future Britain, identity, IT, IT strategy, privacy, public services, security, technology, technology policy | Tagged | 1 Comment

20 years of “online government” 101. Part 4: approaches to social inclusion

This is part 4 in my occasional blog summarising the past 20 years or so of UK efforts to move government online. The previous parts provided summaries on progress towards a single online presencea high-level summary of the overall architectural thinking and a look at approaches to identity.

In this one, I’ll take a similar (and equally arbitrary) whistle-stop tour of some of the main developments around the topic of social inclusion/exclusion related to the use of information technology. It sketches in a few more details behind my CIO article ‘Truly digital social inclusion‘ — and like my other blogs, makes no pretence at being comprehensive.

Much of this debate orbits around self-evident distinctions made between the public and private sectors: in particular, that the private sector can decide on its target audience and be selective (if it wishes) about with whom it chooses to interact. It may for example choose to target only a specific segment of a market (the rich, the young, the gullible, etc.). The public sector however provides universal services, potentially available to us all. With that exclusive, monopoly-provider status comes enormous responsibility — given that it’s not possible for citizens to obtain most public services elsewhere.

e-govt-POSTThis was recognised back in 1998, in a review of government use of IT by the Parliamentary Office of Science and Technology:

“… government and business have different motives and constituents, so it would be naive to expect the applications of ICT in business to be mirrored exactly in government. There are also a number of areas of concern over the potential wider use of ICT in government, including issues such as privacy, vulnerability of a public electronic infrastructure to crime, acts of war and terrorism, potential abuses of civil rights, and social cohesion versus social exclusion. How to gain the benefits of ICT in the public sector while avoiding the pitfalls is an important policy question for Departments, Government as a whole and Parliament.”

Ever since the first efforts to use technology to put government services online in the 1990s, there’s been a political focus on the concept of social exclusion caused by what has been termed a ‘digital divide': public services need to be available to all, and yet with the increasing adoption of technology in all aspects of our daily lives, the concern is that some less tech-savvy citizens are becoming, or will become, disadvantaged.

Government Direct

The 1996 Government Direct green paper made clear that it was aware of and intended to tackle this issue:

“All of the services will be accessible and easy to use. They will be available via terminals, either in the home or in convenient public places such as libraries, post offices and shopping centres. And they will be available alongside a full range of other services, including Citizen’s Charter information, thus providing an electronic “one-stop-shop” for Government. They will provide interactive guidance as users work through questionnaires and forms, making them simpler and quicker to use than paper-based forms. The services could also be available over an extended working day and at weekends, and for 24 hours a day, seven days a week where appropriate. Responses will be as near to immediate as practicable, and where an immediate response is not available, it will be possible to obtain electronic reports of progress. The services will be linked so that it will not normally be necessary to tell government the same information (for example, about a change of address) more than once.”

Touchscreen kiosks in public places were seen as one of the main ways in which access to online services would be made universal, even to those without access to technology in their homes or workplaces. The plan was that they would be found in public places, from libraries to Post Offices to Job Centres to banks and supermarkets. In hindsight, many of these earlier government documents seriously underestimated the speed and spread of the internet, and in particular the growth of mobile devices as a means of access in place of earlier assumptions about PCs and fixed line connectivity.

The review of government use of IT by the Parliamentary Office of Science and Technology in 1998 recognised the

“important role for Government in stewarding the development of an inclusive information society. A central recommendation is that local community ‘resource centres’ should be established, providing a publicly accessible means of conducting business electronically. Clearly, Government would be an important provider of information and services through such an infrastructure — and might be by far the most significant one in the case of disadvantaged communities.

Government’s role [is] as both potential contributor to and mitigator of this problem. Here, the two main factors are access … and behaviour … Thus, while Government has several options for providing a range of methods of access to reach every sector of society, these would be wasted if people don’t actually use them and exclude themselves from society. An interesting dimension to the issue of information ‘haves’ and ‘have nots’ is the potential scenario that some have suggested of government itself being an information ‘have not’ and thus incapable of acting to safeguard the interests of the wider population against the minority of ‘haves’”

Methods of access were foreseen as spanning:

POST table

One of the most comprehensive reviews of online users’ needs and social inclusion was the ‘View from the Queue’ study and report of 1998, which appears to be one of the few government papers to have conducted extensive citizen and business research in order to inform its conclusions.

View from the Queue

Importanty, the ‘View from the Queue’ recognises a simple reality that often seems to have been overlooked:

“Services can, of course, deploy technology in other ways that do not impact on the customer at the point of interface.”

However, at times there seems to have been a less valid view of technology, one of trying to miscast its role solely as one of ‘screen-based’ delivery of services, rather than about its more important role in re-engineering the processes, systems, structures, organisations and role of government. Such sidelining of technology into a superficial presentational role does little to help inform the underlying topic of social inclusion and how better to design public services to meet their universal requirements. The ‘View from the Queue’ however set out a more inclusive and comprehensive range of improvements that could impact on social inclusion, including:

    • simplifying procedures and documentation
    • reducing time taken queuing or waiting
    • minimising referrals between officials
    • eliminating interactions which fail to yield outcomes
    • extending contact opportunities beyond office hours
    • improving relationships with the public

It also foresaw the potential for electronic government services to improve four key areas:

    • speed of carrying out transactions
    • convenience/access
    • flexibility in options and hours of service
    • empowerment (bring services closer to the public and allowing them to choose how/when to carry out transactions).

It also sought to allay concerns about technology and how it will be used by government … by:

    • ensuring ‘confidentiality’ or privacy in interacting with government
    • providing safeguards against fraud or computer hacking
    • providing guarantees about government’s use of information
    • providing assistance and support to users

One of the many surveys it conducted examined how likely people were to use online government services:

View from the Queue survey

16 years later, the recent GDS-published survey provides an interesting comparison:

GDS survey

Different elements of the ‘View from the Queue’ research indicated that widespread public confidence in new services would only be achieved by:

  • improving existing services or offering benefits to users that they do not get at present. Both the qualitative research and interviews with large businesses point out that there is little point in merely replacing existing services/transactions with a new electronic version, described by one qualitative respondent as potentially ‘moving the queue from the counter to a kiosk’
  • allaying concerns about technology and how it will be used by government.

Its qualitative research identified a number of improvements desired in regard to existing services:

  • the simplification of procedures and documentation (e.g. forms), where this is possible
  • reducing the time taken queuing or waiting and the amount of referral between different officials or offices and trying to eliminate interactions which do not lead to an outcome
  • greater flexibility of means of making contact and greater opportunities for contacting government outside of ‘normal’ office hours
  • improving relationships with the public; in particular there is a feeling that services are currently set up to suit the government’s needs, rather than the public’s, and this can lead to a sense of powerlessness. The Desk Research confirms that this is a widespread perception of many public services.

There’s also a whole range of qualitative feedback and comments, which include the following nuggets:

“Filling out forms was felt to be particularly complicated and time consuming”

“Contacting government departments by telephone was described as being lengthy, frustrating and sometimes costly. The respondents described being held in telephone queues, passed to several different departments and not obtaining answers to queries as being particularly frustrating.”

“In dealing with a person face-to-face it was claimed that one would have wait in a queue, often in a post office or government offices, e.g. DSS office. The DSS office in particular was described as being a particularly undesirable place to queue.”

“The lack of accountability, i.e. no one person taking responsibility for queries/applications etc.”

“Whilst the respondents claimed that it was always appealing to save money, it was not of importance towards use. The respondents felt that the most important factors towards use would be to offer something that was easier and quicker than the existing method.”

“The existing transactions with government were seen as being complicated and time consuming. In some cases, respondents described feelings of humiliation and irritation with regard to previous dealings with government.”

“Interestingly, respondents were surprised that with the amount of technology available, the application procedures were still very lengthy. These comments centred around the technology supporting government staff, ie their own computer systems, rather than the electronic government offering.

Possible solutions to such (long familiar) issues included:

“The need to provide a service, with particular reference to accountability of staff, i.e. one person dealing with a query rather than being dealt with by several people and departments.”

And direct feedback from respondents includes the following statements:

“Simplify it. Ninety per cent of forms are not user friendly. Most forms are designed for lawyers and accountants.”

“It is so unprofessional, maybe they should link up to computers, it is behind the times.”

“… electronic government services could ‘free-up’ staff time to deal with queries of a more complicated and sensitive nature.”

“I think with all this technology and they still can’t manage to do this (obtaining a passport quickly).”

For those who had a problem with their last contact with government services, the two top reasons cited were:

    • Staff were not helpful/lacked knowledge
    • Staff were slow in dealing with the transaction

Over half of benefits claimants found it difficult to fill in the forms, with nearly half saying they needed help to fill them in. Half found communicating in writing difficult and half found filling in forms difficult.

“Face-to-face or telephone contact was perceived as being easier than written communication and form filling (there are issues of literacy here that are not explored in the research). Eighty-five per cent found it easy to communicate face-to-face and 70 per cent found it easy by telephone. “

Portal Feasibility

In 1999, the Portal Feasibility Study, made some more specific recommendations:

“The Portals must support Government policies for social inclusion and therefore a wide range of channels will be needed which will collectively appeal to all sectors of the user community.

From the channel media perspective, potential ‘portal’ delivery channels were categorised as:

    • Direct electronic channels, for example internet access through a customer’s PC, interactive television or kiosk
    • Voice telephony channels where the customer contacts a call centre agent by telephone who is able to communicate with the Portal using a direct electronic channel
    • Face-to-face channels where the customer interacts directly with an agent who is able to communicate with the Portal using a direct electronic channel, for example with a Post Office counter clerk or Bank teller.”

The UKOnline initiative from around 2000 made a concerted effort to address issues of social inclusion, investing substantially in areas such as PCs in libraries and potential partnerships with Citizen Advice Bureaux to ensure there were local access points, and in UKOnline centres aimed at helping improve the general skills and capabilities of citizens. The inheritance of these initiatives survives in the network of community internet access points called the ‘UK Online Centres network’, now run by the Tinder Foundation.

e-govt strategy 2000

In 2000, ‘e-Government: a strategic framework for public services in the information age’ commented:

 “The transformation of the way government and citizens interact must be an occasion for increasing social inclusion. It will be an opportunity to address disadvantage which arises from geographical location, to improve communications and employment opportunities. The Government is committed to reducing the digital divide, through the policies developed by the Social Exclusion Unit; through IT learning centres; and in its commitment to improving IT skills and access through the National Grid for Learning, the National Learning Network, learndirect and the Library Network. There are many local programmes in support of these aims too. But spanning the digital divide means more than skills and access, and it has to be accepted that some citizens will not want or will not be able to be direct users of new technologies. That does not mean that this strategy has nothing to offer them. New technology can support better face to face and telephone transactions as well as direct interaction online. A challenge for the public sector will be how to free up staff from internal processes in order to offer more effective interactions, and how to provide front line staff with the skills, information and equipment they need to act as intermediaries in this new environment.

The bold above (my emphasis) holds true now — and provides insight into the true potential offered by digital, not merely the simplistic notion of serving up existing services onto a screen. This is precisely why we need to ensure the move to digital gets it right where previous initiatives failed: it reflects the more fundamental issues that the Parliamentary Office of Science and Technology report highlighted in 1998, namely that where IT has been deployed extensively in government

“… this has tended to involve the automation of existing manual procedures based on the movement of paper, and has not reflected the major shift in management practices seen in the commercial world where IT has been used to move away from functional business units and to re-structure organisations around the processes that support the core business.”

It’s clear that social inclusion has been a concern at least since the 1990s and the first attempts to move government services online. But this narrow association with purely technological aspects has at times diluted the focus on the underlying causes of social inclusion — notably the way public services are designed, operated and delivered across multiple channels. As my recent CIO article argues, social inclusion needs to be addressed in the round — across all delivery channels — not become distorted by an isolated obsession about digital inclusion related to adding on-screen delivery as merely another channel for public services delivery.

There are also wider aspects that can be neglected in the move to truly digitally designed and operated public services. For example, the social issues that arise as government begins to manage information better. Take an example such as the potential that exists to provide real-time data to enable detailed geographic mapping of where taxes are generated and welfare disbursed. Poorly managed, certain communities or areas could be stigmatised by such developments (part of this debate started to happen when crime maps first began to be published online) — another reason issues of social inclusion/exclusion need to be considered holistically, not in fragments.

I’ll conclude this post with a paraphrased quote from my CIO piece:

Tackling social inclusion requires the realignment of the entire life-cycle of our public services around citizens’ needs … this important topic must not become sidetracked into a narrow focus on ‘screen-based’ service delivery: the opportunities offered by digital reform can enable the delivery of meaningful, socially-inclusive improvements to the design and operation of our public services – across all of the delivery channels that citizens and businesses use.

Posted in future Britain, IT, IT strategy, open government, public services, social exclusion, social inclusion, technology, technology policy | 1 Comment

1999 … summary report on the cross-dept “intelligent forms” project

So, back in 1998, the “intelligent forms” (iForms) project was designed to enable anyone becoming self-employed to complete a single online form instead of 4 separate paper forms, and to submit and sign it using a Nat West smart card. In the background, each of the 3 depts then received the information they required.

This is the summary report from the Cabinet Office’s Central IT Unit (CITU) from early 1999. The iForms project, although apparently successful, seemed to fade away after the pilot phase.

iForms

Posted in future Britain, identity, IT, IT strategy, public services, technology, technology policy | 1 Comment

20 years of “online government” 101. Part 3: approaches to identity

This is part 3 in my occasional blog summarising the past 20 years or so of UK efforts to move government online. The previous parts provided summaries on progress towards a single online presence and a similar high-level summary of the overall architectural thinking.

In this one, I’m going to run through some of the key policies and developments around online identity during this same timeframe. So let’s start back in 1996 with the Government Direct green paper, which recognised that:

“…. something like a cash dispenser card is going to be needed for dealing with machines like public access terminals or, in the future, with terminals in the home … for some transactions government may need a higher level of certainty about the identity of an individual than the arrangements used for telephone banking. This could involve the use of “smart cards” … The principle of these cards is the same as the older magnetic stripe cards – a piece of information on the card is combined with another piece of information, like a PIN number, to ensure that the right person is using the service. … The Government intends to carry out evaluations of available systems and conduct trials to find out the type of electronic signature which works best, and which is most convenient for people to use.”

In 1998, the Parliamentary Office of Science and Technology described the two alternative views of identity that have largely defined the debate ever since:

“The first holds that it is the responsibility of government to provide an official ‘citizens card’ once it expects people to use it to access and validate official transactions – just as it provides other documents such as passports and driving licences. The alternative view is that if there is a ‘market’ for ‘identity’, then it can be met by any number of private means and does not need a single official mechanism which could be portrayed by some as the equivalent of a national identification card. If a unitary approach were taken, an obvious candidate to provide the template for a citizen’s card would be the ‘Benefit Card’ already being introduced and which will need to be held by a significant proportion of the population. In favour of this (if this were to be a smart card) would be the likely efficiency gains through allowing broader functions to be built upon it. Against it could be the possible stigma (whether because of its association with benefit claims or the fact that the original motivation for the card was fraud prevention).”

Several demonstrators and pilot programmes making use of smart cards were developed by the Central IT Unit (CITU) during the mid to late 1990s, including one that modelled potential electronic voting in a London-wide election and another that modelled notifying government once of a change of address. These used Royal Mail’s Viacode and Barclays Bank Endorse smart cards. The logical schematic of the change of address demonstrator, which used XML and other open standards such as HTTPS, LDAP and SMTP, is shown below.

change of address demonstrator

The e-Government Authentication Framework from 2000 had as its focus the problems of ensuring that:

    • a given identity actually exists
    • a person or official of an organisation is the true holder of that identity
    • identity holders are able to identify themselves for the purpose of carrying out a transaction via an electronic medium

It identified the need for government to only release personal or commercially sensitive information against reliably verified identity, to provide services and benefits only to those entitled to receive them and to protect people against misuse of their identities. Its key philosophy was that

“Government will encourage the provision of authentication services by a variety of bodies, including local authorities and the private sector, and will seek to make use of these services wherever possible … Where third-party service providers are conducting transactions on government’s behalf, they will be required to authenticate the citizens and businesses they deal with to the same standards as government itself would. Government will in turn accept transaction data from those service providers, who will certify that they have carried out the authentication transaction to the agreed standard.”

So out of the two potential models outlined in the earlier Government Direct paper, a federated identity model was to be the preferred choice, enabling the development of an identity ecosystem that could tap into existing organisations able to confirm online the identity of individuals. Four levels of trust in terms of the quality of identification required were established:

0 — Informal Transactions
1 — Personal Transactions
2 — Transactions with financial or statutory consequentials
3 — Transactions with substantial financial, statutory or safety consequentials

Each of these levels required a progressively more significant level of registration, authentication and verification services — from none required at Level 0, to full face-to-face initial registration at Level 3 together with the use of “a digital certificate. This will preferably be held in a secure token, such as a smart card. Users will demonstrate their right to that credential through the use of a private key and a password or biometric. The system will authenticate users based on the validity of public key / private key pairs, and on the validity of the credential.

In 2001, the UK Government Gateway was launched, providing a range of transaction management and identity-related services to turn policy into reality. As mentioned in Part 2, the Gateway provided the infrastructure required to connect government into the federated identification and authentication services being provided by third parties via smart cards — such as Barclays Endorse, Royal Mail’s ViaCode and certificates being issued by the British Chambers of Commerce. When the smart card market largely collapsed in the fallout from the dotcom boom and bust, the Gateway ended up primarily using UserIDs and passwords — limiting the level of services that could be used (since UserIDs and passwords were not capable of establishing the levels of trust and authentication possible with smart cards).

The Gateway’s core services were designed to meet various needs including:

    • authentication (we know who the person is)
    • authorisation (we know they are entitled to use the service)
    • the capacity they’re operating in (i.e. their role)
    • varied credential types (userID/password, digital certificate, etc.) issued potentially by various (trusted) parties

It also needed to meet the government’s requirement to support delegated rights:

    • to third parties (agents / intermediaries acting on behalf of people)
    • to assistants within an organisation (subsets of user rights, such as those needed for an employee working on VAT returns within a business)

In addition, it provided reliable, secure, two-way transactional synchronous and asynchronous messaging between citizens, businesses, intermediaries and government — including, where appropriate, the authentication of those messages.

The solution adopted the open standards proposed by the UK government as the way to underpin its e-Government programme and formed part of a wider move towards a Service Oriented Architecture (SOA) for government. Key elements of this included:

    • metadata framework: Dublin Core / W3C Resource Description Framework
    • security framework: ISO/IEC 17799:2000 information technology, code of practice for information security management, Common Criteria
    • data interoperability: IETF, W3C, WS-I (including WS-Security), OASIS interoperability standards (eg. XML, SOAP, SAML)
    • management and operations: OGC ITIL

Government Gateway

In 2001, the “E-government strategy framework policy and guidelines: Registration and authentication” addressed security requirements related to the provision of registration and authentication services to support access to e-government services. It defined these two key processes as follows:

    • Registration: This is the process by which a client gains a credential such as a username or digital certificate for subsequent authentication. This may require the client to present proof of real-world identity (such as birth certificate, passport) and/or proof of other attributes depending on the intended use of the credential (eg proof that an individual works for a particular organisation). Registration can be associated with a real-world identity or can be anonymous or pseudonymous.
    • Authentication: The process by which the electronic identity of a client is asserted to, and validated by, an information system for a specific occasion using a credential issued following a registration process. It may also involve establishing that the client is the true holder of that credential, by means of a password or biometric. A client is required to authenticate their electronic identity every time they wish to engage in an UKonline session.

The main purpose of the model was to establish the framework for the federated identity system, setting out the approach to the provision of all or part of e-government services by third parties, including obligations on third parties for registration and authentication. It also set out the various trust models for registration and authentication. It further clarified the requirements both for initial registration and subsequent authentication across a range of government services. An updated version, Version 3, appeared in 2002, and incorporated comments received after a public consultation exercise.

The federated identity model was part of a wider federated approach, one that foresaw a mixed economy in the supply of online government services, with many to be available through third parties (intermediaries) as well as direct from government itself. This was detailed in the 2003 “Policy Framework for a mixed economy in the supply of e-government services” consultation document which aimed to

“… create mixed economy — a marketplace where government, private and voluntary sectors can come together to deliver e-Government services that better meet the demands of our customers. A successful mixed economy will be a force for maintaining the UK’s position as a leading knowledge economy. For this to happen we will need a clear framework for government and intermediaries to participate. This document describes what needs to be done, the opportunities and the principles of intermediary involvement, and the support we are putting in place to drive our agenda … in three years, there will be a mixed economy in the supply of public services, where consumers (citizens & businesses) can engage intermediaries from the public, private or voluntary sectors to use public services in the manner that suits them.”

intermediaries

One such example given is:

“Simple Transaction – Motorist Organisation. A motorist services company might want to add Vehicle Excise Duty (car tax) to their portfolio. Their offer becomes more of a “one-stop-shop” and is likely to increase customer loyalty, or attract new customers to the service.”

(As an aside, this approach is quietly radical in its implications: in this simple example of Vehicle Excise Duty, VED, it has moved the debate from a narrow discussion of better ways of automating current processes within an existing organisational structure, such as DVLA, and is instead evaluating options that would potentially see other players undertake the functions previously done by government. After all, why not let insurance companies collect VED in the same way most other tax collection, such as VAT and PAYE, is already outsourced to retailers, employers etc.? This type of fundamental rethink of how best to achieve outcomes rather than to think within existing constraints has all too often been absent when considering how best to use technology to redesign and re-engineer public services)

Anyhow, back to our story … The Gateway’s identity services were later enhanced to support EMV (the chip and PIN standard developed by Europay, MasterCard and Visa and widely used for for authenticating credit and debit card transactions).

trust framework

trust architecture

In parallel with these developments, and in apparent conflict with the earlier approach to a federated identity model, the government decided to pursue the development of a single national identity card that would be issued by the state. After many years of encouraging the growth of an ecosystem of identity providers and intermediaries, this model would have instead imposed a single identity for use with government services. These proposals for a single identity card formed part of the National Identity Scheme in 2005. It’s outside the scope of these overview 101’s to go into the pros and cons of what was proposed, so for anyone interested in more detail have a look at Wikipedia’s summary. Under the terms of the Identity Documents Act 2010, identity cards ceased to be legal documents on 21 January 2011.

Since the general election in 2010, a familiar model has been proposed, one that returns to the earlier desire for a federated identity system. The Government Digital Service (GDS) is running the identity assurance programme (IDAP) and is both developing the technical standards needed to implement a replacement federated identity model for the Government Gateway (which is due to end providing services in 2016) and putting into place the ecosystem of third party identity providers required to make it happen.

“Identity providers are organisations paid by the government to verify people’s identity so they can sign in securely to government services. Identity providers will have to meet industry security standards and identity assurance standards published by the Cabinet Office and CESG (the UK’s national technical authority). There are currently 5 identity providers — Digidentity, Experian, Mydex, the Post Office and Verizon — eventually there will be more. You can choose to register with more than one of them, and you can stop using an identity provider at any time.”

GDS has also recently announced a further initiative to bring in more identity providers, to further expand the choice open to citizens and businesses in the future.

They have set out 5 reasons for using third party identity service providers rather than doing this from within government:

“1. user choice – you will be able to choose your identity provider(s) and stop using a provider if you want

2. no centralised identity database – instead, to protect users’ privacy, each identity provider will be responsible for securely and separately holding data about the users that have registered with them. Each government department service will only have access to the data it needs.

3. security – using several identity providers is more secure and less vulnerable; there is no single point of failure and no single service that holds all the data in one place

4. developing a market – we’re giving identity providers freedom to design services to meet the standards. This will allow them to develop services that can be used by the wider public and private sector, which will help to reduce costs.

5. making the most of available technology – the technology and methods for identity verification are constantly evolving; specialist private sector organisations are better placed than government to keep up with these developments”

The independent Privacy and Consumer Advisory Group has also been providing guidance and advice to GDS to help ensure they’re designing a service based on user choice, control and privacy — and that there is an easy to use route to fix problems if they arise.

The new identity service is already in live private beta with two exemplar government digital services — HMRC’s PAYE and DVLA’s view driving record service. These are being progressively tested, developed and improved prior to being moved into public beta. The intent is that over the next few years online identity provision will adopt the new federated identity service. Users of the Government Gateway identity services will be progressively migrated to the new service, ahead of the Gateway infrastructure being wound down and eventually decommissioned.

IDAP beta

So, if all goes to plan, over the next few years we should see a modern version of the original federated identity model foreseen back in the 1990s. The technology may have changed from that originally envisaged — of smart cards and PKI — to one of chip and PIN and other potential mechanisms, but the intended outcomes remain largely the same: to enable citizens and businesses to use online government services in a trusted and secure way.

Posted in future Britain, identity, IT, IT strategy, open government, privacy, public services, taxation, technology, technology policy, Uncategorized | 1 Comment

20 years of “online government” 101. Part 2: “e-government” architectures

This is the second part of an ongoing, occasional series looking back over the past 20 years or so of UK efforts to move government online.

In Part 1, I provided a very brief summary of progress towards a single online presence. It looked at the “front-end” of online government — the thinking around a “portal” or single website to act as a “one stop shop” for all digital government services. This helped set a context for Part 2, in which I’ll now provide a similar high-level summary of the overall architectural thinking, of which the portal/website was but one component. As before, this will only skim the surface — but hopefully provides a useful overview of what has gone before.

The open.gov.uk site established in 1994, and outlined in Part 1, was the first step in the evolution of a planned, pan-government architecture. The 1999 Portal Feasibilty Study which built upon this early work identified the need for an architecture to insulate access channels from complexity, proposing a three-tier architecture that would achieve this whilst also providing flexibility. This conceptual model is illustrated below (clicking on any illustration will enlarge it).

3 tier conceptual architecture

Whilst the various front-end channels were to be supported through the portal/website developments outlined in Part 1 (providing publication and syndication services), transaction management services (including related services, such as the identification, authentication and verification of users) were to be provided by a second tier — the services that collectively became known as the Government Gateway. This provided the middle tier, handling the orchestration and management of transactions across single or multiple backend departmental services.

As the report described it, the third tier:

“… provides the connectivity from the Departmental systems, including legacy systems, to the Transaction Management System through appropriate interface systems. This layer will “ring fence” existing systems. Its isolation layer will allow ongoing development of the Departmental systems without a knock-on development requirement on the Portal architecture.”

The report also emphasised the importance of open standards in ensuring that the three tier model was to provide the flexibility in terms of security scalability and resilience required of online service delivery:

“The technical implementation of the three-tier architecture must provide the glue to link existing Departmental services and systems to a wide range of different access channel technologies. This means that open standards need to be proscribed and that the interface standards needed to ensure good interworking must be defined.

An open architecture will maximise the flexibility and opportunities for infrastructure provider competition. Every major interface in the architecture will need to have an interface specification defined for it. This will allow architectural components, services and supplier systems to be replaced easily and a ‘plug and play’approach to be taken to architecture components, services and supplier systems.”

The physical architecture set out by the report to deliver this is shown below.

3 tier physical high level architecture

(For those not familiar with the acronym, ‘GSI’ was the Government Secure Intranet, now superseded by the PSN — Public Sector Network. This is an internal, secure network for private government-internal use only).

The importance of being able to identify a citizen or business when they are online has long been recognised as critical to the success and viability of any online public services. At the time, many smart card developments were in progress, such as Royal Mail’s ViaCode and Barclays Bank Endorse initiatives. The report recommended that “Public Key Infrastructure (PKI) should be provided using certificates and certificate authority solutions from companies such as VeriSign, Thawte or a retail Bank.

Whilst the front-end services were delivered through the various developments outlined in Part 1, the middle tier component was provided by the Government Gateway. This was designed to provide support via open standards interfaces both for the orchestration of transactions, and for federated identification and authentication services provided by third parties via smart cards — as this press release from Barclays from around 1999 makes clear. However, the smart card market largely collapsed in the dotcom boom and bust, and the middle tier defaulted instead primarily to a User ID and password system, with a few businesses continuing to use smart cards for a number of years. These services were later supplemented through support for EMV (the chip and PIN standard developed by Europay, MasterCard and Visa and widely used for for authenticating credit and debit card transactions). However, by far the largest method used was that of User ID and passwords, with the original federated identity model unrealised on any scale.

The middle tier was designed around the use of XML (the eXtensible Markup Language) and SOAP (the Simple Object Access Protocol), and drew upon other internet-based standards such as HTTP/S. Since there were no standard “off the shelf” patterns or templates at the time for the orchestration work required of the middle tier and its interaction both with backend departments and the front-end portal, the necessary XML and SOAP interactions were defined under the “GovTalk” banner, as part of the e-Government Interoperability Framework (e-GIF) initiative which aimed to bring public and private sectors together to agree the open standards necessary to deliver vendor-independent solutions for online government services. Possibly today much of this model would be constructed using JSON (JavaScript Object Notation) and RESTful (representational state transfer) solutions in place of the often rather verbose XML and SOAP requirements. It would also probably avoid the need for the “central hub” model, and provide more of a peer-to-peer services-based approach, such as that adopted by the Estonian government and its X-Road initiative.

By 2004, the overall architecture was looking broadly like the schematic below.

high level architecture 2004In addition to the original core middle tier services of identity and transaction handling, additional service components — such as a payments engine and secure messaging (similar to the kind used for banks to communicate securely online with their customers) — had also been added. The ‘Gateway DIS’ function was the departmental integration service (hence ‘DIS’), providing the bridge between the open standards (XML, SOAP etc) being used in the middle and front-end tiers, and whatever proprietary or bespoke requirements needed to be met within the departments’ existing IT systems estate.

This architectural model remained largely the same over the intervening years. Its open interfaces and specifications enabled, for example, payroll providers to embed support for online government transactions directly inside their applications, automating the interaction of business with government across both authentication and transaction handling systems.

In the meantime, and as I described in my piece for the Register “Can the UK have its identity strategy back, Mr President?” in 2009, the USA adapted the earlier UK federated identification and authorisation model. In turn, the UK has been actively revisiting the desire to move back to a federated identity model as originally foreseen in the late 1990s and away from the dependency on the much-criticised and user unfriendly User ID and password system of the Government Gateway. The Government Digital Service (GDS) has usefully summarised current work on implementing a new federated identity service in their recent blog post “What is identity assurance?”

The middle tier is now in its twilight years, with the Government Gateway due to be terminated around 2016. Given the many changes in technology since the late 1990s, together with the implementation of more up-to-date technology practices within government on the back of the work of GDS, many elements of the overall design of online public services are currently in motion. They will doubtless build upon the recent work to embed open standards in government, the replatforming of gov.uk, the ID Assurance programme, and the work on the 25 exemplars — all within the guiding framework of the Service Design Manual.

The work of Simon Wardley, and his Wardley maps, are of pragmatic significance in the current debate about how “special” or “unique” government is in its user and technical needs, and how they can best be met. As Simon points out, “…  the maps cover activities, practices and data and aren’t limited to a specific field such as technology. They can be used to identify common services, differences, areas of efficiency, potential strategic gameplay, solve communication issues and … a long list.” Even in a complex area such as taxation or welfare, breaking down the needs and the potential means of meeting them quickly reveals that a wide range of both utility and product elements can help meet those needs, with only a small core — such as the nature of the rules of calculations to be conducted — being the unique, one-off elements required in the realisation of UK-specific policy.

There have been multiple detailed analyses and inquiries into the problems of closing the long-standing gap between political aspiration for better public services and meaningful, sustainable delivery on the ground — such as those of the National Audit Office and the House of Commons Public Administration Select Committee. The problems encountered have rarely been exclusively technical — after all, the architectural approaches of the past, described above, would not look particularly out of place in a private sector organisation over the same time period. I’ll aim to review and comment upon some of the wider work analysing the causes of this long-standing gap, and current and earlier work that aimed to fix it, in a future post.

Update: Part 3, approaches to identity, is now available

Posted in future Britain, identity, IT strategy, open government, public services, technology, technology policy, Uncategorized | 1 Comment

‘London Streets’ interactive app

London Streets

Just a reminder, my free app London Streets is now available — for both Apple and Android devices. (Windows Phone 8x is on the way too …)

The app has its roots in my time at City University in the  1980s. Whilst living at Northampton (“Notty”) Hall (RIP) in Bunhill Row, I started to explore the many streets, alleys, courtyards and passageways of the square mile.

I’ve been living in and exploring London ever since, so I guess you could say this app has been a very long time in gestation … work and life have a habit of getting in the way.

All feedback welcome — in fact, essential, as I intend to continue researching and developing both this and some related apps. So please do let me know what you think …

App Store

Google Play

Amazon App Store

It works on most devices (other than those with the very small screens), and is at its best on larger devices, particularly tablets. A little more background and detail in my earlier post here.

 

Posted in computer arts, creative computing, interactive digital technologies, London | 1 Comment

20 years of “online government” 101. Part 1: progress towards a single online presence (including pictures)

I’m going to bring together in a variety of posts (in no particular order and at random times) a very succinct summary of various aspects of the move towards online public services over the last couple of decades. This draws upon research we did at CTPR, along with personal engagement with some of these efforts, and discussions and debates with a whole host of people and organisations who have grappled with the problems and opportunities over the years. This first post isn’t intended to be comprehensive or definitive — it’s more of a quick 101 of work around a single online ‘portal’ or web presence for UK central government services for those not familiar with the story so far.

So it was nearly 20 years ago that open.gov.uk — the first UK online portal for government services — went live.

open.gov.uk

This was the work of the Central Computer and Telecommunications Agency (CCTA), reporting to the Cabinet Office. open.gov.uk acted as a sort of government single point of presence “launchpad” through this new “Government Information Service”, helping users navigate multiple department and agency sites. The CCTA also hosted websites for departments and agencies, aiming to persuade them to work in a collegiate way to provide a more integrated online presence.

In 1996, the ‘Government Direct’ green paper positioned itself as ‘a prospectus for the electronic delivery of government services’.

Government Direct It promised to “… change fundamentally and for the better the way that government provides services to citizens and businesses … Services will be more accessible, more convenient, easier to use, quicker in response and less costly to the taxpayer.”

In 1998, the Parliamentary Office of Science and Technology (POST) conducted an extensive review of progress towards “Electronic Government”. It reported that the Government Information Service site had grown rapidly, but noted some conflicts between the desire for better, open data and the traditional pricing models of many agencies.

GIS

Amongst the many initiatives POST mention are the intelligent form (or iForm) pilot, for enabling notification of self employment through a single intelligent form that updated three separate government departments. It was also around this time the change of address demonstrator was busy being tested.

Change of Address

Then in 1999, the Portal Feasibility Study appeared.

Portal Feasibility

Commissioned by CITU (the Central IT Unit in the Cabinet Office), this explored the feasibility of developing “Government Portals as a potential, single, integrated means of access to Government information and services. This will allow information from different sources within Government to be brought together at one point, allowing the creation of new “joined-up” services with a standardised presentation.”

In 1999, this was followed by the Modernising Government initiative, which included a commitment to develop a single electronic presence aimed at opening up a range of “one-stop-shop” services.

Modernising Government

As a result, in December 2000, the GIS/open.gov.uk presence was replaced with the new UKonline citizen portal.

UK OnlineUKonline didn’t restrict itself solely to an online web presence, but also reached out to other digital channels — including television.

UK Online TV

Rather than limit itself to replicating online versions of transactional paper forms, it also modelled what it called “life episodes” — which aimed to bring together a bundle of services based around events impacting citizens so they could be dealt with in a single place.

UK Online life episodes

In November 2003, a sister government portal for businesses — ‘businesslink.gov.uk’ — was launched to provide access to information and services for businesses.

Business Link

Then in March 2004, we see the first phase of the government’s next portal, ‘Directgov’, launched, revamping and replacing the earlier efforts in its memorable orange livery.

DirectGov

This was followed in 2010 by digital champion Martha Lane Fox’s review of government digital services entitled ‘Directgov 2010 and beyond: revolution not evolution’.  As a result, an initial prototype of a new site, named Alphagov, was launched in May 2011 and invited feedback as part of work building towards a replacement for both the Directgov and Businesslink sites.

Alphagov

In August 2011, Alphagov moved into its beta phase, further refining and testing an all-encompassing single UK government presence. In October 2012, the site went fully live and operational as gov.uk, replacing both Directgov and BusinessLink.

GOV.UK

Work is currently in progress to continue refining and improving the site, with a particular focus on the delivery of an initial 25 exemplar services to demonstrate the art of the possible.

I think the official 20th ‘birthday’ of the original open.gov.uk/GIS site will be in October of this year — but if anyone knows better or has a more specific date, comments are open below………..

UPDATE: Part 2 — “e-government”architectures — is now available here.

Images from my personal collection (how sad), the National Archives, Wikipedia and http://alpha.gov.uk. Sorry, some of them are the best resolution I can find — if you have better ones and are happy to share, let me know.

Posted in future Britain, IT, IT strategy, open government, public services, technology, technology policy | 4 Comments