The Government Gateway won an award this week (“another one?” I hear you cry). It’s an IDDY award, or perhaps an IDDYIOT award. Apparently it’s only for those deployments of Liberty technology. Here’s what was done to win it:
– Deployment — The Government Gateway Authentication Service has been
designed as the authentication server for all e-government services in
the UK. Nearly eight million citizens in the UK are registered to use
the gateway service.
– Circle of Trust — The Gateway provides authentication services on
behalf of multiple other public-sector bodies, based on trust
principles established in UK e-government legislation. The Gateway also
supports a “tiered” authentication scheme according to the level of
assurance provided by the user enrolment process and the type of
– User-Centric Capabilities — The project has been developed to provide
citizens and businesses with ease-of-use capabilities for accessing a
variety of UK government services; not only does the Gateway provide a
single authentication and entry-point for online government services,
it now supports the predominant open standards on the market, making it
easier for public sector bodies to integrate its authentication
capability with their own service provision systems.
– Highlights — Deployment supports all federation standards to allow for
complete interoperability between government agencies nationwide, there
is less need for each local authority to develop or implement its own
secure authentication mechanism. The Gateway provides local authorities
with a single, consistent and robust security mechanism at minimal cost
and effort on their part.
– Interoperable Federation Technologies — A principal aim of this
project was to reduce the cost and complexity experienced by government
departments and other public sector bodies (such as Local Authorities)
in making use of the centralized authentication service. To that end,
the Gateway was enhanced to support both WS-Federation and the Liberty
Alliance Identity Federation Framework standards. This delivers a level
of interoperability and protocol-independence which greatly simplifies
the task of integrating service-provision systems with the Gateway’s
authentication functions. It also means the Gateway can deliver
consistent authentication to its users without requiring them all to
adopt a single standard, which could potentially alienate a substantial
segment of the user-base.
All those apart from the last bullet have been true for a while. I didn’t know the Gateway did (used? incorporated?) Liberty so I asked the guys back at the Cabinet Office what was with that. Jim (It’s life but not as we know it), replies:
This year we built a single sign on portal as part of the Gateway UI. The business objective was to deliver a white labeled common authentication page that would manage the authentication calls with the Gateway. In order to do this we had to implement single sign on to mange the user’s authenticated session between the Gateway domain and the participating portal domain. We did this by implementing an interoperable SSO protocol handler that allows the portal to select whether they want to use one of the Liberty, WS-Federation or SAML protocols. The security token that they receive is a SAML 1.1 token but each one can be customised per portal.
So that’s all clear then. Congratulations. Nearly 6 years on, it’s great to see the Gateway still be recognised as leading the way.