Skip to the content

The identity broker in digital cities



Industry voice: A new solution for digital identities brings the promise of assurance and flexibility in citizen transactions, writes Tim Gregson.

Secure, robust connections between public authorities, citizens and businesses are at the heart of digital transformation, and they will become even more important with the development of digital cities.

This is one of the fundamentals of the Microsoft CityNext initiative, a movement to support cities’ efforts to become more sustainable, prosperous, and economically competitive, unlocking the potential through innovative digital services.

These are going to work not through monolithic systems but loosely coupled service components that can deliver better solutions for individuals. The big strength will be in their flexibility and the ability to pull together these components for people, and the core factor in making that possible will be the citizen identity.

Its prime purpose is in providing the trust to support people’s interactions with public authorities. But it will also have to give them the flexibility to identify themselves in a way that is convenient for them and appropriate to the service – without having to set up an array of accounts and sign-ins for different activities.

Microsoft has developed a capability to make this possible within its Azure cloud platform, named Azure Active Directory B2C (business to consumer), which provides for citizen identity and access management. It provides a platform for creating a unique account, but also acts as a broker of identities from other providers.

Wider choice

It is based on a similar model to GOV.UK Verify, with an identity broker to manage multiple identities from different providers, but casts its net wider to take in social media or commercial accounts. The idea is that, as a starting point, a Facebook or Amazon identity can be valid as a digital identity for public services.

Social media identities are already accepted as identifiers in much of the commercial world, and they provide a mechanism which many people feel comfortable using in digital transactions. Using these in their dealing with organisations is a significant step in building trust between the two sides.

They can also convey a lot about their identities to provide a significant level of assurance to the public authority. It will not be appropriate for every service, but the key factor in using an identity broker is that policies can be set to decide which identities can be used for which services, or when there should be a requirement for extra attributes.

For example, a Facebook identity could be appropriate for logging onto a council website for a simple transaction or enquiry; but accessing GP records would clearly require an extra factor, such as a password sent to a pre-registered mobile phone, or the provision of a digital token or details from a smart card. It is also possible to set up mandatory fields for further information – such as a national insurance or council tax number – to strengthen the level of assurance.

It is possible to increase or reduce the level of assurance required within a single session, depending on which services are being accessed, and it can all be structured to provide different layers of trust in line with what the authority believes is appropriate for each one.

Alexa option

Another possibility is to use an Amazon identity to interact with the authority through the company’s Alexa artificial intelligence system. This is becoming a viable option as more people become familiar with it through Echo devices, and a small but growing number of public authorities deliver ‘skills’ for it to manage some of their simpler transactions.

Of course, it could suit the individual to use a stronger identifier from the beginning. The solution is designed to accept identities from GOV.UK Verify and commercial operators such as Experian, which come with a higher level of assurance than those from social media.

Overall it provides an easy route for the initial sign-on – a big advantage to many people – along with the ability to control the level of assurance needed for different transactions.

The model has already proved its viability in an NHS pilot in Liverpool, and the first full deployment is due to take place soon in Kent. The basic brokerage function is in place and Kent Connects, the county-wide partnership of public service providers, has built a solution under its own brand that can work for all of them.

Scaling up

The plan is that it will become a ubiquitous identity service for all of Kent, taking in the county council, all the unitaries and ultimately for social care and healthcare. It will begin with a small scale pilot for a few hundred users, expected to be for library services, but will scale up for use in all services and reach 1.4 million people in the county.

Plans are also being made for a similar implementation in Essex, and the ambition is to make this a repeatable offering for any authority – local government, the NHS or other service areas – hopefully working on a regional basis to better serve the public.

It can provide the trust and flexibility to bring those loosely coupled service components together, not just for digital cities but for digitally connected services in small town or rural environments. It promises a route to a smarter future for public services.

To understand more about Microsoft's Citizen Identity platform, click here

If you would like to discuss how Microsoft can help you with citizen identity today, contact chief technology officer, local and regional government at Microsoft, Tim Gregson.

Register For Alerts

Keep informed - Get the latest news about the use of technology, digital & data for the public good in your inbox from UKAuthority.