DWP’s lead identity and trust architect has opened up about the department’s efforts to reduce fraud.
Speaking on a ForgeRock blog, James Randall said it is imperative to allow citizens easy access to the information it holds while protecting their privacy.
“We need to determine that people are who they say they are on multiple channels including face-to-face, chat, phone, web, etc. Once identified, we need to authenticate users quickly and easily in order for them to securely interact with the services we provide,” he said.
However, he acknowledged that identity is a “tricky” concept in the UK – particularly compared to countries like Estonia where people can move smoothly through government systems without having to constantly reaffirm their identity.
“In the UK this is not the case. As a society we have a different view on the use of government-issued ID cards and that’s OK, it just means that the identity challenge is more complex in countries like the UK; of course, that’s also what makes it so interesting!”
Randall described GOV.UK Verify as “a bold attempt to establish a government identity approach that would facilitate better citizen interaction with government systems.” However, despite using it heavily at DWP, he said it was “often very hard for some of our more vulnerable citizens to use.”
You might also like
“That’s why we are now building our own service, which is known as the Dynamic Trust Hub. We are taking loads of learning from Verify and we are working across government to ensure our internal approach can complement, reuse and support other departments wherever possible,” he said.
The Dynamic Trust Hub is based on the ForgeRock Identity Platform with Accenture and deployed on AWS.
Randall said the Trust Hub will allow individuals to access the department’s digital services, reusing a single identity that they should only have to prove once.
“The dynamic nature of the Trust Hub relates to the way it will manage the citizen journey based on what they are trying to do, reducing complexity where possible but ensuring, when necessary, effective identity and security controls are put into place to protect citizens’ data. [It] implements a policy-based approach so it can support federated credentials and mandate multi-factor authentication and govern access to citizen data held across different benefit lines. It will do so in a way that will provide for a joined up and, hopefully, a more pleasant experience for all our citizens.”
Read more about The Dynamic Trust Hub here
This article is classified as commercial content.