Embed Size (px)
Citation preview
DELIVERY
Citizen Identity Accelerator
ANALYSE | ANTICIPATE | ACTINSIGHTS. SIMPLIFIED. 2
Who am I?
Nathan Kitchen – Cloud Solution Architect at Trustmarque
ANALYSE | ANTICIPATE | ACTINSIGHTS. SIMPLIFIED. 3
The case for web self-service
Better staff utilisation
High citizen reach
Lower technology costs
Central security
Every citizen self-serving online
enables staff to be redeployed
Staff can direct to online
channels
Established patterns
Central app deploy & rollout
Easily subcontracted
Single identity for citizens to
access many services
Manage and share access
levels across apps
Progressive web apps can
work on most devices, even
offline!
Consistent user experience
ANALYSE | ANTICIPATE | ACTINSIGHTS. SIMPLIFIED. 4
Why we love the web
► Complex app packaging and
deployment
► Multiple identities
► Inability to BYOD/work anywhere
► Restricted app form factor
► Inconsistent performance & scaling
► Inconsistent brand experience
► High maintenance costs
► High cost of proprietary licences
► Browser access, web-based rollout
► Single sign-on
► Any browser, anywhere (even offline!)
► Responsive
► Easy to scale
► Easy to control data flows
► Consistent user experience
► Easy to deploy to cloud
► .NET Core (Open Source)
ANALYSE | ANTICIPATE | ACTINSIGHTS. SIMPLIFIED. 5
Build out your portfolio
Web Content
Management
Central Citizen
Profile
Service Request
Forms
AI-based Content
Moderation
Book AppointmentsEmbedded self-help
“bots”
Forecast Service
Utilisation
?
Offline Web
Apps/Mobile
Communication
Preferences
Data Sharing and
Consent
Service Payments
Trustmarque can help build applications integrated into SiteKit identity management as part of your
online portfolio. Here are some ideas:
ANALYSE | ANTICIPATE | ACTINSIGHTS. SIMPLIFIED. 6
Regional self-service hubhttps://portal.northengland.gov.uk
Council servicesRefuse collections in NW12
Planning permission in your area
PoliceReport a crime
Statistics in your area
Find your nearest station
Nathan KitchenIdentity verified (Level 1) – What does this mean?
Manage personal data
Payments
3
ANALYSE | ANTICIPATE | ACTINSIGHTS. SIMPLIFIED. 7
Regional self-service hubIn order to provide you with the service special refuse collection, Englandshire
Council would like your permission to:
• Access the following personal information:
• Your primary residence address
• Your phone number
Your information will be shared for 6 weeks and will be deleted after this period. More »
In addition, Englandshire Council would like the following portal permissions:
• Send you notifications (What does this mean?)
• Send payment requests (What does this mean?)
Do you agree to share this information in order to access the service?
Agree Cancel
#interact
What would you like to see?
ANALYSE | ANTICIPATE | ACTINSIGHTS. SIMPLIFIED. 9
3 building blocks to success
Technical Enablement
Enable citizens to securely access council services through any device in a cost-effective manner
Citizen Identity Solution
Delivery Partner
Management of citizen identities, including authorisation
levels and processes for service access.
Platform for deploying technical pre-requisites and managing
costs of an online estate.
Flexible technical expertise to advise, support, or deliver your
vision for integrated online citizen self-service.
Sitekit: Citizen Identity
Wilf Prasher & Chris Eckl
Sitekit Ltd
Mandate –PCTs must
deliver patient
engagement
Growing focus on
dHealth at Gov level
Identity as a fundamental
building block in digital
Lighthouse client –
Nuffield; Lloyd’s and Bupa follow
Central and local
government come on-
board
Market focus:
healthcare; 30-80 NHS
clients
Driving all four dallas
seeds
Refocus on core
competency – identity
Building the team and growing capacity
Aggressive growth,
assess focus, consolidate and grow
2006 2010 2015 2016 2017 2020
Market landscape and business drivers
Identity is solving a business problem
Local
directories and
employee
identities
Federation –
partners
and clients
Context –
trust and
relationships
Customers –
cloud and SaaS
Old world Where we are now Future
Drivers and sectors
Partner engagement Security, compliance, GDPR
Citizen engagement
Mobile, BYOD Wider migration strategy…
To cloud…fromon-premise
• National
government
• Local
authority
• Private sector
National & International Examples
GOV.UK Verify
Verify Hub
Verify IdPs
HMRC Ids
Matching
Service
NHS England Identity Alpha
Sitekit Hub
Verify
IdPs
NHSD NHS#s
Matching
Service
Social
IdPs
Vouching
DB NHS#s
Message
Bus
Vouching App
NHS Health Record
NHS & Care
Online Account
MyGovID
Federation
Broker
(B2C / IEF)
MyGov Id
AtPMessage
Bus
Kent County Council
Design principles
• People should be able to use an existing identity if they want to
• But should be able to create a new account if they don’t
• For self-asserted identities, we need elevation stories
• There is a need for a Verify alternative:
• Running costs aren’t clear
• There are barriers to user adoption
• There are also technical challenges
Elevation of an identity to LoA1 can be achieved programmatically through attribute
verification via a local council database
Identity
Platform
Council
DB
Vouch
DB
I want to register my child for school
place and Kent offers this service
digitally – I need to prove my identity
first, though.
I want to apply for a dropped kerb so my mother can park her car closer to
her front door
Face to face identity verification is
required to elevate an identity to LoA2
– required for school admissions
Why do I need an LoA2 identity for an LoA1 transaction?
Eligibility is a barrier – how do we support citizens who need it most?
Commercial frameworks need to be in place to support local up-takeThe costs of
using Verify aren’t clear, so
I can’t recommend it
I don’t mind whether I use Verify
or anything else, but I don’t have the right paperwork to
register for an account
Registration seems onerous for what should be a simple transaction
LRG Identity PlatformCitizen Authentication
Why citizen identity platform?
Authorities must deliver digital to achieve target savings in front-line services, and
should deliver digital to meet citizen expectation. Identity underpins G2C transactions
so authorities understand the need for an identity platform. GOV.UK Verify is one
option, but at this time not appropriate for LRGs:
• Commercial models unclear
• Eligibility / exclusion
• LoA2 only
Additional components within citizen identity platform
Core build components within citizen identity platform
Identity
tenant set-
up
Sign-in,
registration,
elevation
and profile
edit
2x social
identity
provider
on-
boarding
1x local
identity
provider
on-
boarding
Email and
SMS
verification
service
Custom
AuthN
journeys
Additional
DB
integrations
Local
verification
DB
integration
Local
service
(app)
integration
Citizen
identity
platform
Core build
Service
wrapper
Face to face
identity
verification
service
How long does it take?
Core build components within staff and partner identity platform
Identity
tenant set-
up
20
days
Custom
AuthN
journeys
+ 20
days
Additional
DB
integrations
+ 20
days
Local
service
(app) on-
boarding
+ 10
days
Sign-in,
registration,
elevation
and profile
edit
2x social
identity
provider
on-
boarding
1x local
identity
provider
on-
boarding
Email and
SMS
verification
service
Local
verification
DB
integration
Face to face
identity
verification
service
+ 20
days
What do we need from you?
• Appropriately skilled and authorised resources to run the programme
• Skill to spin-up and maintain Azure infrastructure + licensing
• OR support from Trustmarque / Sitekit to specify and configure Azure resources
• Buy-in from service delivery (app) teams
• Buy-in from citizen engagement (comms) teams
• Team to facilitate citizen identity verification (e.g., registrars)
• Team to facilitate operation and management (devops, contractual, governance)
Engagement
1 – first date
Sense-checking understanding and alignment of
strategy (why does your authority need a citizen
identity platform?), appropriateness of approach (how
we work together) and tech.
3 – solution design workshop
½ day workshop (white-boarding) to place the
platform in context and sketch-out the high-level
design; Cloud Application Readiness Assessment;
understand configuration and development required.
2 – education workshop
½ day on-site workshop to illustrate the platform’s
underlying technologies; how we can deliver identity
– discursive with lots of Q&A!
4 – high-level design asset
Off-site work to produce a high-level design (HLD),
enabling you to go to market to procure your
platform.
ANALYSE | ANTICIPATE | ACTINSIGHTS. SIMPLIFIED. 30
Online self-service in a box
Citizen IdentitySiteKit’s Citizen Identity pack provides a robust,
scalable solution to citizen identity, with
integration to all the major identity platforms
and additional citizen management features.
Trustmarque AcceleratorLeverage Trustmarque expertise to help
integrate citizen identity across your existing
online estate, and bring innovative new services
to market.
FO
UN
DA
TIO
NS
OL
UT
ION
DE
LIV
ER
Microsoft Azure & CSPAs part of Microsoft’s CSP programme,
Trustmarque can provide all the necessary
technology to deploy and manage your identity-
enabled online estate!
ANALYSE | ANTICIPATE | ACTINSIGHTS. SIMPLIFIED. 31
Innovation LabsPre-packaged remote teams
embedded in a technology
organisation, as a service
The Trustmarque Accelerator
Inspire1-day team workshop to
challenge thinking and
develop new ways of working
Microsoft CSPPurchase via the Trustmarque and the
Microsoft CSP programme to manage
licensing, VSTS, and Azure spend in a
single pane of glass
Managed Code ServicesHosted repositories under the Microsoft CSP
programme enable short “hygiene”
engagements for stable or inactive projects and
IP
Delivery BoosterA Trustmarque Specialist joins your team for a
sprint, with the express purpose of helping you use
technology to reduce “cycle time”, through
embedded change and recommendations
Trustmarque provide a range of services to help develop your organisation’s online platform.
ANALYSE | ANTICIPATE | ACTINSIGHTS. SIMPLIFIED. 32
Accelerated People: Inspired
Lean Development
Continuous Delivery
Product Development Flow
Architectural Runway
How can we instil principles
of build, measure, and learn?
How do we “fail fast”?
How do unmanaged queues
cause delivery problems?
How do we prioritise work?
How do we show results
quickly?
How do we avoid rework and
technical debt?
How can we reduce cycle
times?
How can we be release-
ready? 1 day team
workshop
ANALYSE | ANTICIPATE | ACTINSIGHTS. SIMPLIFIED. 33
Accelerated Teams: Delivery booster
Report
✓ Maturity roadmap
✓ Tooling optimisation
✓ DevOps principles
RECOMMENDATIONSEMBEDDED INSIGHTS HANDS ON
A professional services engagement, for
sprint duration plus 2. Typically carried
out by a single resource.
Embed delivery expertise to improve
your team’s use of tools, process,
technology, and minimise waste.
ANALYSE | ANTICIPATE | ACTINSIGHTS. SIMPLIFIED. 34
Azure enabled by CSP
Enable Azure cloud by partnering with
Trustmarque via Microsoft’s CSP
programme.
Host SiteKit identity platform
• Built on Microsoft Azure B2C
• All components deployed and
managed
Flexible charging
• Consumption-based cost
model scales with you
• Monitor spend online
Extend easily
• Add new services to your
online portfolio
• Monitor license usage
Cloud-ESP is Trustmarque’s online web
portal for providing management access
and controls to Microsoft Cloud services.
ANALYSE | ANTICIPATE | ACTINSIGHTS. SIMPLIFIED. 35
Accelerated code quality: Managed Code Services
Code RepositoryVSTS online source
control (CSP)
Reverse EngineerUncontrolled/compiled
code moved to SC
App Health CheckAudit activity to expose
hidden risks
DocumentDocument code, write
high-level documentation
Unit testSet a functional baseline
for future change control
StandardsImplement and run code
analysis, w/ custom rules
PackagingBuild & package code to
enable repeatable deploy
Environment mgmtSet up an automated
release process
Performance testSet up repeatable
performance tests
MonitoringAdd App Insights to track
performance and failures
WCAGAccessibility assessment
of your application
ComplianceSet compliance rules and
arrange periodic audit
A safe home where your technical intellectual property can be looked after by experts.
ANALYSE | ANTICIPATE | ACTINSIGHTS. SIMPLIFIED. 36
Accelerated Innovation: Innovation Labs
Deploy a delivery team embedded with a partner that lives and breathes technology,
ensuring you have access to the right skills when you need them, for as long as you need
them.
Why? How?
Explore new technology-
enabled revenue streams
Enhance value of current
technology portfolio
Pre-packaged engagement
model, processes, tools
Efficient, consumption-
based charges
?Culture?
Skillset?
Tools?
Pace changes?
Resource churn?
Technology?
Specialists?
Processes?
DELIVERY
Web Content
Management(Umbraco)
Web Services and
Integrations
Progressive Web
Applications(Mobile enabled)
App Health Check (.NET, JS, VB)
Identity
Management
Cloud Migrations
What delivery technology?
#interact
What are your experiences and aspirations on the journey to
unified citizen identity and self-service?
