How open-source development is supporting digital service delivery in government.
Article by Mike Stone
Having secure, accessible and fit-for-purpose frameworks and policies for digital identification is a non-negotiable for providing services in a constantly evolving digital world. Identity exchanges are one piece of that puzzle, bridging the gap between identity providers and service providers. Reliable, integrated exchange services are critical to allow government agencies to deliver digital services effectively.
Reliability and integration are proving to be a challenge, though, and a virtual forum delivered and facilitated by Integral Technology Solutions and Red Hat in March brought together four of the minds currently tackling this exact problem in all levels of government around Australia.
The panel was facilitated by Integral CTO, Warwick Sweeney and included:
- Paul Templeman (Director, Digital Sector, Knowledge, Insights & Digital Branch, Strategic Coordination & Engagement Division, Australian Sports Commission)
- James Galdes (Chief Enterprise Architect, ICT and Digital Government, Department of the Premier and Cabinet, Government of South Australia)
- Bill Bell (Director, Digital Services & Innovation, Office of Digital Government, Government of Western Australia)
- Andrew Rogl (Director | Technical Lead, ‘Tell Us Once’ Program, Transformation Projects | Transformation and Enabling Technologies | Queensland Government Customer and Digital Group, Department of Communities, Housing and the Digital Economy).
If you were lucky enough to catch the forum live, you will appreciate the depth of knowledge the panellists brought to the session. If you missed it and you work for a government organisation in Australia, you can request access to the recording by emailing me here, or read on to get our summary and key takeaways.
Benefits of Identity Exchange services
There are a range of reasons to use a supported open source Identity Exchange (or Broker) as opposed to handling provisioning with traditional closed-source software:
Cost avoidance – with the scale of identities being managed, particularly in the context of government, having an Identity Exchange service based on ‘supported open source software’ such as Red Hat Single Sign On (RH SSO) makes more sense from a cost perspective. We’re talking citizen or population scale identity exchanges with potentially millions of users.
Flexibility – in the open source space you get a lot of flexibility. Flexibility to extend, to customise and integrate. And in the context of government where you have a range of different departments, applications and existing digital identity frameworks, plus federation to both national and state level, having that flexibility to extend, customise and integrate is important.
Standards Support – having a global, open source community driving the development of these technologies is a really powerful way to ensure that industry standards and all of the underpinning technologies that make an identity management platform work are available and kept up to date.
Personalised, relevant customer experiences – with a fully informed consent model in place, digital identities that are integrated into digital service delivery allow governments to create highly relevant experiences for customers. This could look like proactive communication when you’re eligible for a new service or benefit, notifications on helpful resources specific to your circumstances, or reminders on upcoming actions you need to take.
Transparency – when digital identities are centralised, managed and shared according to specific policies and legislation, reporting on breaches, costs and benefits is made possible.
These benefits need to be looked at with the understanding that customer consent, whether business or individual, is central to using digital identification. Customers must have full control over what is shared, who uses it, how it is used and transparency over data security.
What challenges are we facing with digital identity?
While the panellists agreed this is actually an area in which government is doing fairly well, there were many thoughts on what challenges are impacting on progress right at present. These include:
User experience vs legislation and frameworks – creating an experience that works for users while satisfying legislative requirements and being accommodated by the available frameworks has proven to be a challenge. Agencies have invested heavily in human-centred design to ensure frameworks tick all the boxes for usability for end users. Privacy and consent legislation often complicates the design process as there is no way for policy development to keep up with technological advancements, creating an environment where outdated legislation inhibits progress.
Migration of existing Identity Provider (IdPs) – determining the best approach for integrating or migrating existing identity providers is tricky, with physical records posing a real problem.
Inertia – moving away from the existing systems is challenging for most organisations, especially in view of the level of investment each system receives over the years.
Security – of course, security is always a consideration. Adequate proofing and level of assurance, and multi-factor authentication were noted as challenges when implementing digital identification through levels of government.
How are agencies addressing these challenges?
Open-source development has proven to be a good approach for delivering appropriate solutions in this space. For government agencies, it was necessary to find a platform that wouldn’t lock them in with proprietary code or hold them to ransom on usage.
Additionally, the open-source development community is ‘always on’ when it comes to extending the solution to address user needs. The ability to enable add-ons for specific features or develop key features when needed is a real draw-card, especially considering how fast consumer tech moves – there are always new considerations such as the growing popularity of wearable devices which need to be factored into any potential solutions to stay relevant and useful.
Importantly, being able to draw inspiration and be influenced by the open-source development culture in a government setting is valuable.
Developing a culture of sharing
An emerging culture of collaboration across multiple levels of government throughout Australia has highlighted the shared challenges faced in every jurisdiction. With shared challenges, it only makes sense to share solutions as well. So, by tapping into the Red Hat ecosystem and adopting consistent technology stacks across each agency, governments have been able to realise the benefits that come along with that, like reduced costs, increased system support and continuous improvement insights.
The pillars of success
A key part of this journey is understanding the recipe for success. Integrating platforms, practices and culture is critical, particularly in light of the ever-increasing intersection of private organisations, not-for-profits and government bodies.
Equally important is the upholding of standards to ensure adoption and confidence. By upholding high standards as we digitally transform sectors and industries, and through mechanisms like the DTA’s Trusted Digital Identity Framework (TDIF), we can create a culture of trust among consumers and service providers.
And thirdly, the importance of ongoing education, awareness and change management.
Well-orchestrated stakeholder engagement to communicate the practices, policies and legislation is necessary to increase uptake and ensure the security of the platforms and data they use and provide.
As government deploys more complex tech stacks to deliver digital services more effectively, increased customer/constituent education will ensure the foundational knowledge exists for end users to understand the standards being adhered to for the security of their personal information.
Any one of these pillars not pulling their weight will result in success being limited significantly, so attention is needed in each space to ensure it meets the necessary standards.