managing user identity e-governance praful gharpure

8/8/2019 Managing User Identity E-Governance Praful Gharpure

http://slidepdf.com/reader/full/managing-user-identity-e-governance-praful-gharpure 1/7

of 7.

Managing User Identity in e-Governance

ABSTRACT Government of India launched National e-Governance Plan(NeGP) with a vision to” Make all Government servicesaccessible to the common man in his locality, through common

service delivery outlets and ensure efficiency, transparency &reliability of such services at affordable costs to realize the basicneeds of the common man “.

For the implementation of NeGP, Department of Informationtechnologies (DIT) has visualized creation of the Common and

Support Infrastructure (National/State Wide Area Networks,National/State Data Centres, and Common Services Centres &Electronic Service Delivery Gateways) and make suitablearrangements for monitoring and coordinating the implementation

of NeGP under the directions of the competent authorities in thisregard.

To complement the vision of DIT all the states & respectivedepartments within each started have either kick started ITinitiatives or accelerated existing IT initiatives. In our country the

service delivery is fragmented with multiple entities in eachservice. Further with implementation of the e-Governanceinitiatives in the different departments independent of each other;results in dilution of impact of the initiatives for the want of a

user base itself i.e. the Citizens who are the customers to theservice.

The key to the success of e-Governance program lies in successful

delivery of services to the end user i.e. the Citizens. In order toensure this the delivery of services by individual

agencies/departments to the same end user need to happen in totalharmony. The key factor for this to happen is to have a Single /

Common /Unique Identity of the end user with all thedepartments.

This paper intends to bring out importance of IdentityManagement in e-governance by highlighting the potential valuetraps in existing initiatives and probable technology intervention

to make processes lean.

1. INTRODUCTION

Government of India launched National e-Governance Plan with avision to Make all Government services accessible to the commonman within his locality, through common service delivery outlets

.Further the vision is to ensure efficiency, transparency &reliability of such services at affordable costs to realize the basicneeds of the common man.

The implement of NEGP has been initiated by all the states withsetting up of

A. State Data Centers (SDC) for centralized hosting of citizencentric applications.

b. Setting up of State Wide Area Networks to provide coverage of the services across the state with link to SDCs.

c. Setting up the Common Service

delivery centers at local level for

effective reach or the common man.

While all the above is happening the individual service providingdepartments have already initiated various e governance projects.

Most common of which is the hosting of city website / Portalwhich intends to serve as source of information to the users.NEGP has adequately considered these initiatives and ensured thatall these get integrated to State Service Delivery Gateway (SSDG)

to provide single channel of information to end user. The factremains that the individual departments have differentmechanisms of identifying the concerned end users from the sameset of citizens. As a result the individual service provider is

interacting with same set of users independently multiple times,further the processes followed result in series of rework loops,duplication of efforts and non value added works. At the same

time the optimal use of IT infrastructure is not achieved.

In event all the service providers identify the user with a common

parameter or existing identities are linked and considered as newidentity for future transactions the effectiveness of servicedelivery shall increase many folds. This paper intends to bring outthe potential value traps in existing initiatives and probable

technology intervention to make processes lean.

2. IDENTITY MANAGEMENT – EXISTING

SITUATION ANALYSIS.

Identity and Access management (IAM) is a critical function inany organization which ensures that the right people access theright information. In case of service delivery initiatives atgovernment the IAM has a wider implication since the

government initiatives identify the recipient of the service througha set of defined identity parameters and all subsequenttransactions for the said recipient are done with the same. Theaccess to this information for government representative becomes

the other identification parameter set .

Thus in Government IAM is a two fold requirement, firstly the for

Service delivery via a government representative and secondly forthe receipt of the service itself.While many states have implemented some form of access and

identity management solutions in their departments, the state as a

whole do not have an implementation like an global privateenterprise has.

In addition e-Governance initiatives in the different departmentsare carried out independent of each other; as such the benefit of the initiatives is not fully utilized by end user. This also results innon availability of information amongst departments leading to of

rework.

Praful GharpurePMP®, Six Sigma Black Belt ASQ®, ITIL ® Consultant

Government - ISU

Tata Consultancy Services, Mumbai



of 7.

Most of the time the service recipient citizen ends up submittingidentity credentials multiple times during his interaction withmultiple departments. Illustration I highlights the same.

IT implementation in India is happening in bits and pieces.

Though IT has found place on the agenda of all the departments itlacks is an integrated approach to its rollout and effective sharingof IT infrastructure / Information to minimise the rework andeconomise on costs. At National Level this has been achievedwith agencies like NIC where a centralised data base has been

created and information is available through one source.

Illustration I above gives a snapshot of various Identityparameters which a service recipient provides to the providerdepartment. It also depicts the duplication instances where usersubmits these at multiple department and even the departments

too have the same information or can be taken from other providerdepartment for validation purposes. With IT implementationprogressing in different departments each new identity createdrarely integrates with existing identities – leading to additional

costs and complexity. Further each new identity adds risk tocompliance with business, regulatory, legal and securityrequirements.

Thus there is a potential for reuse of existing information fromwithin departments. With majority of departments carrying out ITimplementation this information exchange is a need of hour.

3. FEDERATED IDENTITY MANAGEMENT.Identity management refers to the policies, processes, andtechnologies that establish user identities and enforce rules aboutaccess to digital resources. Federated Identity Management is

holistic identity solution for the swift, secure share of informationwith partners and providers. It facilitates replication of the sameidentity information across partners; it enables the formation and

administration of a single identity per user – across enterpriseboundaries there by forming a circle of trust.The Benefits of Federated Identity Management Include:

• Simplified integration between one department and otherdepartment’s web sites

• Improved business compliance by helping reduce securityexposures

• Improved end-user experiences through extended single-signon

• Expanded business reach for service providers by creating

new revenue generating opportunities• Simplified security administration in cross-enterprise

business processes by delivering security as services

• Delivery of policy based integrated security management forweb services.

Illustration I: Identity Parameters & Mapping to Service provider Departments



of 7.

4. IT SOLUTIONS TO LEVERAGE EXISTING

IDENTITIES.The intent of e-governance is to accelerate the current processesby automating the same and making them accessible to the end-

user. The part of making the processes accessible to end-user is atinfancy stage in majority of cases. However this very aspect if coupled with interdepartmental information sharing has apotential to transform the process performance. It shall also lead

to value enhancement for both process owner department and thecustomer of the process.

The ground work for the type of solution described here isreasonably in place with IT implementation across majority of departments providing citizen service. The need of the hour is tobring these services under one single window for user to avail

those. It is equally important to provide seam less navigation andmaintain the linkage of identities created for a user with eachprovider.

Federated identity management using Security Assertion markupLanguage (SAML) is a potential quick win solution where in theuser’s identity if already created on a central website / service

provider, it can be linked with the identity of the same user with

other provider based on unique linkage parameter. Illustration IIprovides a graphical depiction of the solution.

To give an example , if a user logs to a site say RegionalTransport Office (RTO) to request for a change in address andneeds a record to validate and update. The site shall have a link toState electricity board website on which the user may or may not

have an account. User can reach out to the website using link onRTO / city portal page; with first login the user credentials shallbe validated or he will be required to create login if not done

already and opt for federation. On completing this, his identity ontwo accounts shall be linked facilitating the required validationfrom address field to update the RTO account.

The same concept can be extended for various information typeswhich can be attributed to a single end user. In such a concept theuser identity created at service provider ends needs to be updatedon central data base through batch run. This shall help to extend a

seam less navigation to desired service which user intends to

avail. The subsequent enhancements to the provision of serviceshave been explained with examples in later sections of the article.

In addition to this the verification of certain interdepartmentalinformation shall also become possible. Illustration III gives

details of logical architecture for the same.

IT implementation in various departments are at different level of maturity. Further such a situation warrants that the existinginfrastructure needs to be put to optimal use. Illustration III

depicts two instances for an application of service provider. Theinternet instance gets integrated with city portal making itaccessible with single login for end-user. Within offices otherinstance is used and department level updates as a result of

transitions are captured and need to be transferred on city databasethrough batch run at fixed frequency. This also gives facility fordepartment employees to access application by logging fromremotely. The effective identity management can lead to multiple

ways through which a service can be availed. These are like

1. A user can log on to a provider application and get the required

validations done from other department in order to avail a desiredservice.

2. Converse of 1 above is also true, where, in order to fulfill aservice request received, the provider department can get the

Illustration II: Federated Identity Management

IDP Domain

User

Multiple SP Third Party Domain

B a t c h

P r o c e s s

Input File

Fed. WebServices

Web Agent withOption Pack

SMF API

SSO Policy Server withOption Pack

UserStore

PolicyStore

AssertionGenerator

Single Log

Out Service

Internet / Intranet

Note :SMF - Siteminder FederationSAML - Security Assertion Markup Language

SAML

Federation Logical Architecture

District Administration

Police

RTO

IDP Domain

User

Multiple SP Third Party Domain

B a t c h

P r o c e s s

Input File

Fed. WebServices

Web Agent withOption Pack

SMF API

SSO Policy Server withOption Pack

UserStore

PolicyStore

AssertionGenerator

Single Log

Out Service

Internet / Intranet

Note :SMF - Siteminder FederationSAML - Security Assertion Markup Language

SAML

Federation Logical Architecture

District Administration

Police

RTO



of 7.

required validations done from other provider department in orderto fulfill the requested service.

5. IMPLMENTATION AREASThis section gives an elaborate example for the concept put forthin illustration III. The example given here is for a property

registration workflow.

The end customers here are the buyer and seller of a property. Asthings stand today the customer is required to work with multipleprocesses at different departments to get the records updated. This

leads to a series of rework loops to gather information first andupdating other records post transaction. It’s ironical that all thesedepartments have got their own process IT enabled partially,

however the cycle time of transactions carried out has notimproved significantly. The illustration IV below outlines theexisting process with information of cycle time for broad

components there in. It also highlights the rework areasexperienced by the end user.

The case here is of IT implementations are carried out at process

level of a department. The dependent information from other

departments for the same user has to be provided by user himself leading to multiple handoffs of the data and manual effort on partof user & the departmental staff. As a result the users go through

series of rework loops for the want of information and informationupdating subsequent to any transaction carried out.

Considering the fact that the IT solutions exist at various serviceproviders the need is to leverage the existing infrastructure alreadyin place and build over the same. It is equally important for

extending the service where in a user gets to use the service

himself or through an agency without being forced to visit todepartments its service fulfillment

As evident from illustration IV, there is a significant amount of rework, idle time, delays, handoffs in the existing process thereby

it takes 533 hours i.e. 23 business days. Further the trips tovarious offices have effects like working hour’s loss of customers

from their work, trips generating traffic on road plus the agonyone goes through.

The above example stresses a need for information exchangeamongst department with adequate tagging to end user identity.Since the individual departments have carried out ITimplementation the deployment of framework can be channelized

through the common portal. The development of citizen interfaceat common portal and deployment of interoperability solutionacross applications in various departments can lead to acceleration

of the process steps. Illustration V gives the view of thetransformed processes.

Once the service catalogue is defined and adopted by the provider

departments the interdepartmental data exchange shall lead toreduction in overall transaction time. Even the mechanism of Incident reporting and resolution can be effectively achieved with

Following are the challenges that stand out for implementation of such a framework

1. Infrastructure capacity.2. Compatibility with other IT systems/databases /platforms.

3. Scalability of existing applications.4. Information exchange mechanisms.

Illustration III: Extended Single Sign On Using Federation

Provider Employee

Service

ProviderIntranet

Web Server

WebAgent

PolicyServer

City Portal

Web Server

PolicyServer

WebAgent

Service ProviderDepartment Application

Providerwebsite

ApplicationServer

Enduser

Internet Internet

IdentityManager

ApplicationIdentitymanager

Application

PolicyStore

UserStore Policy

StoreUserStore

Web Server

Web Agent

Extended SSO Logical Architecture

Multiple ProvidersMultiple Updates

Provider Employee

Service

ProviderIntranet

Web Server

WebAgent

PolicyServer

City Portal

Web Server

PolicyServer

WebAgent

Service ProviderDepartment Application

Providerwebsite

ApplicationServer

Enduser

Internet Internet

IdentityManager

ApplicationIdentitymanager

Application

PolicyStore

UserStore Policy

StoreUserStore

Web Server

Web Agent

Extended SSO Logical Architecture

Multiple ProvidersMultiple Updates



of 7.

5. Geo referencing of assets.6. Ability to carry out financial transactions.

The solution can even be scaled where the user can submit a

request which needs co-ordination of multiple service providers tobe able to fulfill the same. This shall also call for certain decisionmaking to bring out certain changes to infrastructure / put newinfrastructure element etc.

For such a solution to be in place there are certain prerequisiteslisted as under.

• GIS mapping of assets in city limits.

• IT implementation in utilities departments coveringmunicipal limits.

• Citizen and Assets data at Municipal Corporation.

The above listed parameters form the ground work for Phase II of the solution. The definition of process for handling of servicerequests and delivery of new service come in as the activitieswhere in process framework shall be required. Frameworks in IT

Service management like Information Technology InfrastructureLibrary (ITIL) can be effectively utilized. The solution requires arobust workflow management tool to be able to interface with

organizational hierarchy and spatial information database. Thesolution has potential to bring in wide ranging benefits some of which are mentioned in section 7 below.

6. OPPORTUNITY FOR TCSTCS has been a front runner in providing thought leadership in thearea of e-governance. The whitepaper published by TCS in thisregard brings out the key issues of present e-governance

initiatives carried out in the country. Interdepartmentalinformation exchange is the thrust area identified in the same. E-

governance initiatives need to be citizen centric in order toachieve the last mile reach. The projects like AP Online, MP

Online and the current one under development in Maharashtra i.e.MahaOnline are the live examples. As outlined in the discussionabove the service delivery in our country has been fragmented and

interdependent of information exchange across variousdepartments. The customer of these services has to rely upondifferent sources / agencies in order to avail the services needed.

The projects cited above have potential to deploy the federatedidentity management concept to facilitate data exchange where in

a citizen interface is created through the centralized portal and theinformation / requests are channelized to respective departments.

The challenges faced in all these initiatives are the expansion of the Service Catalogue to cover varied range of services. Theunderlying cause for this is the silos style IT implementations bythe service provider departments where in individual processes are

automated.

The key links of interdepartmental information exchange ismissing and is left to end-user leading to rework at customer end.

There is an urgent need to work at individual solution level ateach department to build an interface layer and security solution

in order to facilitate the information flow depicted in illustrativeexamples above. Using ITIL concepts shall give a catalytic

Illustration IV: Existin Process & C cle time

A s I s P r o c e s s

Documents

Collection

Verification &

Submission

Subsequent

Updations

• Old DocumentCollection – 1 Hr

• Getting Copies fromoffices - 24 hrs

• Getting Forms – 0.5 hrs• Form Filling &Submission – 0.5 hrs

Total : 26.0 hrs

• Verification ofsubmissionsDocuments – 1 hr

• Revisit forscanning - 1 hr

• Fees Payment – 0.5 hrs

Total 2.5 hrs

• Document Scan,Finger Print recordPhysical signature- 0.5 hrs

• Time till originaldocument Issued- 24 hrsTotal 24.5 hrs

•Filling forms foreach department- 0.5 hrs / dept

• Verification by individualDepartment & Updation

Of Records – 20 Business daysi.e. 480 hrsTotal 480.5 hrs

Total Process Time : 533 hrs

Note : Color codes for process steps are referenced to process maps

A s I s P r o c e s s

Documents

Collection

Verification &

Submission

Subsequent

Updations

• Old DocumentCollection – 1 Hr

• Getting Copies fromoffices - 24 hrs

• Getting Forms – 0.5 hrs• Form Filling &Submission – 0.5 hrs

Total : 26.0 hrs

• Verification ofsubmissionsDocuments – 1 hr

• Revisit forscanning - 1 hr

• Fees Payment – 0.5 hrs

Total 2.5 hrs

• Document Scan,Finger Print recordPhysical signature- 0.5 hrs

• Time till originaldocument Issued- 24 hrsTotal 24.5 hrs

•Filling forms foreach department- 0.5 hrs / dept

• Verification by individualDepartment & Updation

Of Records – 20 Business daysi.e. 480 hrsTotal 480.5 hrs

Total Process Time : 533 hrs


Registration & Issue

of Document



of 7.

touch to the departmental processes minimizing the effort at end

user’s side. Currently most of the departments‟ infrastructures donot have a Disaster Recovery (DR) Site. The solution proposed byTCS where in creation of a repository of department database on

portal servers shall fulfill this key requirement apart from givingcitizen another channel to raise service request, incidents and seek guidance on developmental issues.

The present e-governance initiatives need to be looked into froman end user identity management perspective where in the existingidentity parameters of end user are leveraged and enhanced tobetter authentication & authorization procedures. The solutions

proposed in TCS projects have potential to be coupled with

present solutions where in existing initiatives at departmentallevels can be integrated into overall solution.

7. BENEFITSOnce the processes for service delivery and service supportcovering the service providers become operational with identitymapping of end users the end results shall show the realistic effects

of e-Governance initiatives. These shall bring in benefits whichshall have far reaching effects for end user such as

• Reduction in paper document submissions.

• Expeditious response to customer requests• Virtual “Single Window Service” eliminating the need

for user to visit multiple offices.

Illustration V: Transformed Process with Information Exchange

T o

b e

P r o c e

s s

DocumentsCollection

Verification &Submission

Registration & Issueof Document

SubsequentUpdations

• Old Document

Collection – 1 Hr

• Getting Old Documents

Scanned- 4 hrs• Online Form Filling &

Submission Signed

contract Document

– 0.5 hrs

Total : 5.5 hrs

• Verification of

submissions

Documents – 1 hr• Fees Payment Online

– 0.5 hrs

Total 1.5 hrs

• Visit Office for,

Finger Print record

Physical signature- 0.5 hrs

• Digitally signed

document mailed

Total 0.5 hrs

• Verification by individual

Department & Updation

of Records – 2 Business days

i.e. 48 hrs

Total 48. hrs

Total Process Time : 52.5 hrs


T o

b e

P r o c e

s s

DocumentsCollection



SubsequentUpdations

• Old Document

Collection – 1 Hr



Submission Signed

contract Document

– 0.5 hrs

Total : 5.5 hrs

• Verification of

submissions


– 0.5 hrs

Total 1.5 hrs


Finger Print record



document mailed

Total 0.5 hrs




i.e. 48 hrs

Total 48. hrs



T o

b e

P r o c e

s s

DocumentsCollection



SubsequentUpdations

• Old Document

Collection – 1 Hr



Submission Signed

contract Document

– 0.5 hrs

Total : 5.5 hrs

• Verification of

submissions


– 0.5 hrs

Total 1.5 hrs


Finger Print record



document mailed

Total 0.5 hrs




i.e. 48 hrs

Total 48. hrs



T o

b e

P r o c e

s s

DocumentsCollection



SubsequentUpdations

• Old Document

Collection – 1 Hr



Submission Signed

contract Document

– 0.5 hrs

Total : 5.5 hrs

• Verification of

submissions


– 0.5 hrs

Total 1.5 hrs


Finger Print record



document mailed

Total 0.5 hrs




i.e. 48 hrs

Total 48. hrs





of 7.

• Single channel of information.• Transparent transactions.• Ease of tracking requests, complaints and SLAs.

In addition, the tertiary benefits include

• Online exchange of interdepartmental user specific datato effectively reduce cycle time for service fulfilment.

• Ease of reference to similar cases.• Initiation of transactions by citizens shall lead to

revenue enhancement for service provider department.• Optimised IT infrastructure.

• Employment opportunities through mechanism likeagent login.

• Improved interdepartmental teamwork.• Saving in travel time of citizens to offices reducing

traffic on roads as an added benefit.

8. CONCLUSIONSuccessful implementation is a key to realization of benefits of concept like the one proposed which brings in multiplestakeholders on a single forum. Careful planning, selected piloting

and ease of replication of solution is the key success factors. Inorder to translate the concept to reality one needs to adopt a twophase approach as outlined below.

Phase I: Planning & Initial Assessment.

1. Development of Service Catalog for the services rendered.2. Assessment of IT System at supplier end.3. Mapping of services which can be brought under single service

desk at councils.4. Defining process flows for effective identity management.5.Mapping of existing identity parameters amongst provider

departments .

Phase II: Implementation

1. Build/leverage the existing records of existing identity of citizens.2. Existing services mapping to identity records.

3.Creation of a unique id once select set of identity parameters arelinked.3. Building IT enabled centralized service delivery system

The dynamic nature of in urban population is a challenge for allthe major service delivery providers worldwide. The portability of

identity instruments is important for efficient e –governancemechanism with scalability to cover variety of services for

citizens across the country.With the initiative of Unique Id for citizens currently underwaythe mapping of exiting identities is a potential a first step that needto be considered. This shall lead to reduction of effort for end user

to map his identity with service provider departments post gettingthe UID.

9. REFERENCES[1] Chakrabarty Tanmoy; Towards an ideal e-Governance

Scenario in India; White paper on e-Governance.

[2] Tata Consultancy Services: e Governance Concept paper for

AP v1.0 Jan 2006 .

[3] Tata Consultancy Services: System Design Document Day700 Federation Project – 2006.

[4] Gharpure Praful; “Making Process Lean” Article published

in Express Computers Sept 2008.