Over the last 5 years I have been involved in a lot of different projects where Identity Management or IDM has become more and more important. Any work with local or natinal government now has this as a key element so I thought it might be time to blog a little on the topic...
What is it? Simply put Identity management (ID management) is a broad administrative area that deals with identifying individuals in a system (such as a country, a network, or an enterprise) and controlling their access to resources within that system by associating user rights and restrictions with the established identity. The driver licensing system is a simple example of identity management: drivers are identified by their license numbers and user groups (such as can drive Motor cycles as well as cars) are linked to the identifying number.
Why is it needed? Taking the theme of local governement - I may have a driving license , I may have a local government housing tax account (Council Tax in the UK) and I may even have a leisure club membership in the area but none of them are related to each other. In fact there is no need to relate them in this case but what about when they should be related - local governemnt have over 800 systems running mybe 80 key systems that I as an identity may appear in a handful. But the relationship between them is key. For instance if I was out of work and living off benifits the relationship between my housing benifit and council tax is key. It is a waste of effort to 'chase me' for council tax when the same councils benefit system is actually going to pay it. So knowledege of matching the identities is makes great sense. Another and fast growing need is the desire to give me 'on-line' access to council services. Here it is paramount to that the Identities I posses in the council are all correctly matched up so that when I select my Housing benefit report I do get mine and not someone elses!
Why is it hard? If we have a green field development it isn't....but how often does that happen!Normally data across a number of systems about the same person has or can have a number of critical inaccurcies. Take a simple example - the name Rachel James. Now in the space of 4 systems we can come up with 4 identities....here goes:
And that was with just a simple name....
We haven't even touched on the address, data of birth, telephone numbers ect. In recent years we have coinede the phrase 'One view of the truth' and we aim to get to that Nivanna all the time.
Funnily enough the approach of councils to this is simplistic to say the least (if we let them have their head!) either its:
Just do a data cleanse and all will be OK
Setup up a CRM and start from stratch by populating as and when people contact us!
So far neither have been a great success.
The solution? Well this is normally in governement terms refered to as the 'Virtual Citizen'. What needs to be created is the'one view of the truth' for in our examples case - Rachel James. And more importantly that view needs to be maintained. So when on of our servivce systems changes their view of the person it is validated against the 'Virtual Citizen' view. In some cases, such as change of address, this can be very helpful in allowing our IDM to replicate that change to all other 'feeder' systems. In the case of a typo or miss heard entry it means that error is picked up quickly and removed.
So what does an IDM look like - well that is a topic for its own blog in the future.
How about an even bigger picture? In the UK we have started or rather the governement has started a project called the government gateway. This is a method of providing each citizen with an authenticated on-line identity to allow them to access multiple services with just on username and password. This coupled with IDM at a local governement level is a very powerful partnership but again on not without its problems.
Part 2 of this blog will continue the story.....