This project involved the Social Protect Organisations opening their information systems to each other. Born of the political will to simplify access, to give greater effect to the role of service providers or their equivalents, to optimise investments and to improve the finances of the State, the project featured an approach that was both coherent with and complementary to the policies concerning managing identity and controlling access to on-line services. Although the approach is sectoral, the solutions are applicable to the standards in operation. They consist in the federated Trust Areas of each of the organisations involved. The defining principles are the following: - Organisations trust themselves ; - The civil servant’s authentication is done by the eService consumer ; - Access right is given to the civil servant by his or her own organisation. Granting access respects the preliminary agreement defined with the eService provider ; - Transmission of the access request to the eService provider is secure ; - Access requests may be checked a posteriori.
Policy Context
The project is functioning in two contexts: in France, it supports the eGov strategic plan and the direction given by the government; and in Europe, it supports the action plan i-2010 as well as advancing eGovernment as agree to at the recent meeting in Berlin. All of these points of view express the same three main goals: - « Make the citizen’s life easier » ; - « Promote the work of civil servants » ; - « Improve the efficiency of public institutions ». This project answers to the two last topics: - « Promote the work of civil servants » by rationalising support tasks and extending the scope of their intervention (e.g., multi-skilled) - « Improve efficiency of public institutions » by sharing investments, and reducing delays in provisioning.
Description of target users and groups
Under the leadership of the Modernisation of the State Branch (Ministry of the Budget, Public Accounts and the Public Service)
Description of the way to implement the initiative
The government initiative « Identity and Access Management » regroups projects and services that enable identifying users and giving them access to on-line services to which they have rightful access. The project ensures, within the appropriate security conditions and adapted legitimacy, as well as enabling citizen users and professional users to get access to on-line services available to the agents on their administrative information systems. The « sharing best practices » phase is being rolled out with the branches of different ministries, as well as the private sector and citizens. The phase permits the development of functional descriptions of the deployment process as well as a technical dimension. It results in a “referential†proposing model of “urbanisationâ€, integrating existing models and reflecting the expectations of the actors consulted. It describes, in supporting the norms and standards, the process of the attribution of right to access resources ; it advocates the rules of construction and propogation of these rights and proposes the reference models adapted to the needs, demands and aptitudes of the targeted population of users (http://synergies.modernisation.gouv.fr/IMG/pdf/IT03_IdNum_referentiel_v…). The piloting on a grand scale of the target « agent » or, more precisely, « Administration to Administration » has been entrusted to the « Social Security » sector.The Social Protection Organisations are under the auspices of the Health Ministry. The requirement to open their respective Information Systems and the necessity to contol the costs of the managing the identity of their agents are naturally leading these organisations to collaborate in order to resolve common challenges. Finally, the institution of a financial plan has been a « turning point » for the studies and developments by each of the organisation toward favouring the adoption of the project. Multi-channel issues: Only online access for granted civil servants or applications
Main results, benefits and impacts
Without an ad hoc functional architecture, about 15% eServices case are identified to be treated is specified to describe how an end-user identity and his access rights are managed. Large scale save up can be picked up. Currently, it concerns 30 000 civil servants of the Social Protection Organisations. Potentially, the 100 000 civil servants of the whole Social Protection Organisations are concerned. To illustrate the benefits of a federated circles of trust architecture, one can imagine the challenges if an agent in an eServices organisation had to manage each client or end-users’s eIDs who wanted to access the organisation’s own hosted eServices … even thinking about it gives one vertigo!!! Innovation: The first novelty, paradoxically, lies in the fact that the project strictly respects the standards … Amazing? Not at all … two access modalities have been identified as answering to the “use cases†: - An end-user’s access request built from an SAML use case ; - An application’s access request built from a web-service use case. The second best practice was the frequent and regular meetings (less than 4 weeks) ; The third best practice was putting in place an alternately funding of studies. Each implied organisations have participed or will participate to the financial cost of the solution deployment.
Return on investment
Return on investment: Not applicable / Not availableTrack record of sharing
Shortly, the INTEROPS standard will be used by the following ministries: - Retirement Pensions ; - Employment. - Currently, it is deployed widely by the French national education ministry.
Lessons learnt
The scope of responsibilities is clearly identified and defined: A civil servant’s eID is managed only once, in a single place, by his or her own organisation. The eService provider does not have to manage the whole eIDs for those with access to eServices. The standards are respected: the solution put in place can be found at: - http://www.oasis-open.org/specs/index.php#wssv1.0 ; - http://www.oasis-open.org/specs/index.php#samlv2.0. An auditable process (i.e verifiable) as a result of putting in place a policy of traceability: the organisations conserve only the traces of events that are produced in their environments. A common identifier for eService consumers and eService providers permits the reconstruction of the complete transaction. This process permits guaranteeing anonymity.. When the access request of the eService consumer is merged with the authorisation service of the eService provider, it is possible to retrieve information on “who has done what†or “who has aimed to do whatâ€.
Scope: Local (city or municipality), National, Regional (sub-national)