Presentation is loading. Please wait.

Presentation is loading. Please wait.

NextGen Access Control Platform

Published byCurt Raske Modified over 6 years ago

Similar presentations

Presentation on theme: "NextGen Access Control Platform"— Presentation transcript:

1 NextGen Access Control Platform
Programme 14 Interoperability presented by Anthony Wilson, Product Manager – Identity & Access Services

2 Connected Services Applications Connected Devices
Digital Identity Interoperability Platform Next Generation Health Identity Platform PKI Authentication Authorisation Federation Registration Management User Self Service Role Management Digital Signing Digital Identity is not just about security it is a mechanism by which to link Devices, Services and their capabilities to individuals (e.g. Location of an individual via a mobile device) and utilise this relationship and the capabilities of the device seamlessly in applications and cloud services. Also preferences, sites visited, contact mechanisms, and when combined with IOT – biological information (heart rate, blood sugar levels etc.) It allows continuous profiling but also provides control to the user by requesting consent (This is built into the security). Analytics Attribute Exchange IOT Consent Dashboard

3 Based on Standards As part of the ethos of interop we look to provide capabilities for the 2020 Domains with associated industry standards OpenID Connect used and progressed by Microsoft & Google

4 NHS Identity Logical Services
3 New national services will be built: National Care Worker IDP – Will provide logon services at various levels depending on the organisation scenarios requirements. Initially Smartcard, OTP and Push Notification on service go live followed by FIDO based biometric support. Platform agnostic (e.g. ChromeOS) National Access Gateway – Will protect national API’s and services referencing a granular rules and policies set National Federation Service – Will allow the national signon to be used to access 3rd party national services such as NHSMail, O365 and ESR.

5 Authentication Alternatives Framework?
Phone Phones RFID Card Band 2 Wearable USB Phone Built in Capability Phone Biometric Peripheral Access to PC’s can be accomplished either through a 2nd device or by inbuilt hardware capabilities as long as standards are followed the decision can be local.

6 What’s Secure Enough? Aligned to Cabinet Office - GPG44 + GPG45
Also taken NIST into account NEEDS Ratifying!

7 Quick Demo

8 Developer Adoption Benefits
‘Boilerplate’ client code Abstract ‘loose’ coupling of sign on methods Language Agnostic e.g. Java, C#, Python …… Platform Agnostic e.g. OS and Browser choice Logon ‘As a Service’ from anywhere No need for N3 Access to test No lock-in to the NHS Digital Service (It’s just a URL)

9 What Does The Service Give Me?
Identity Verification – acr + amr Identity Information (Scopes + Claims) Standard OIDC ‘openid’,‘profile’, ‘mail’, ‘roles’ etc supported Spine Scopes also supported: accessreason, spineroles, associatedorgs etc. Session Information & Events - OpenID Connect lets the relying party track whether the end user is logged in at the provider, and also initiate end user logout at the provider.

10 How To Try It and Adopt it?
Go look at the Developer Health Network Request a sandpit environment. We are aiming to get this in place post May initial go live.

11 Q&A

12 Current to Medium Term Roadmap

13 Long Term Roadmap Themes
Simplifies Process Increases Security Benefits Saves Time Simplifies Process Increases Security Benefits Long Term Roadmap Themes Increases Security Single trusted digital identity signature Saves time Increases Security Saves Money Benefits Benefits Saves time Simplifies Process Increases Security Benefits IOT Management Single trusted digital identity Saves time Simplify Logon Increases Security Enables Mobility Benefits AI Continual Risk Analytics User & Role Management Remote Signature Simple Registration Next Gen Access Control 2017/2018 The overall programme will seek to evolve the national identity service over the next few years. *Subject to cost benefit analysis and business case acceptance Simplifying and remoting the registration and assurance process Possibly linking a digital signature to the identity – providing a eIDAS level electronic signature to transactions and forms Updating and ReImagine the RBAC & ABAC management AI Analytics to proactively seek out suspicious activity Look at the need for IOT support 2019/2020

Download ppt "NextGen Access Control Platform"

Similar presentations

Mobile phone based real time solution to track completed / in progress work The programme officer initiates the work by capturing the site image, GPS.

Mobile phone based real time solution to track completed / in progress work The programme officer initiates the work by capturing the site image, GPS.
Not Built On Sand. IT Has Scaled $$$ Technological capabilities: (1971  2013) Clock speed x4700 #transistors x608k Structure size /450 Price: (1980 

Not Built On Sand. IT Has Scaled $$$ Technological capabilities: (1971  2013) Clock speed x4700 #transistors x608k Structure size /450 Price: (1980 
WSO2 Identity Server Road Map

WSO2 Identity Server Road Map
Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (http://www.ag-nbi.de)http://www.ag-nbi.de.

Beispielbild Shibboleth, a potential security framework for EDIT Lutz Suhrbier AG Netzbasierte Informationssysteme (
Finalize RESTful Application Programming Interface (API) Security Recommendations Transport & Security Standards Workgroup January 28, 2014.

Finalize RESTful Application Programming Interface (API) Security Recommendations Transport & Security Standards Workgroup January 28, 2014.
A Survey of Risk: Federated ID Management in Cloud and Grid Computing Presentation by Andy Wood (P11250192)

A Survey of Risk: Federated ID Management in Cloud and Grid Computing Presentation by Andy Wood (P )
SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)

SIM205. (On-Premises) Storage Servers Networking O/S Middleware Virtualization Data Applications Runtime You manage Infrastructure (as a Service)
Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.

Health IT RESTful Application Programming Interface (API) Security Considerations Transport & Security Standards Workgroup March 18, 2015.
Matt Steele Senior Program Manager Microsoft Corporation SESSION CODE: SIA326.

Matt Steele Senior Program Manager Microsoft Corporation SESSION CODE: SIA326.
Chapter 20 20-1 © 2012 Pearson Education, Inc. Publishing as Prentice Hall.

Chapter © 2012 Pearson Education, Inc. Publishing as Prentice Hall.
Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.

Copyright © The OWASP Foundation Permission is granted to copy, distribute and/or modify this document under the terms of the OWASP License. The OWASP.
Protecting “Personal Clouds” with UMA and OpenID #UMApcloud for questions 19 June 2014 tinyurl.com/umawg for slides, recording, and more.

Protecting “Personal Clouds” with UMA and OpenID #UMApcloud for questions 19 June 2014 tinyurl.com/umawg for slides, recording, and more.
Identity Management in Education. Welcome Scott Johnson, NetProf, Inc. Creator of OmnID Identity Management for Education www.netprof.us.

Identity Management in Education. Welcome Scott Johnson, NetProf, Inc. Creator of OmnID Identity Management for Education
Workgroup Discussion on RESTful Application Programming Interface (API) Security Transport & Security Standards Workgroup January 12, 2014.

Workgroup Discussion on RESTful Application Programming Interface (API) Security Transport & Security Standards Workgroup January 12, 2014.
GC Credential Management Evolution for the OASIS/World Bank eGov Workshop 17 th April, 2009For information, please contact:

GC Credential Management Evolution for the OASIS/World Bank eGov Workshop 17 th April, 2009For information, please contact:
Helsinki Institute of Physics (HIP) - 2003 Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th.

Helsinki Institute of Physics (HIP) Liberty Alliance Overview of the Liberty Alliance Architecture Helsinki Institute of Physics (HIP), May 9 th.
Openid Connect https://store.theartofservice.com/the-openid-connect-toolkit.html.

Openid Connect
Identity Management: A Technical Perspective Richard Cissée DAI-Labor; Technische Universität Berlin

Identity Management: A Technical Perspective Richard Cissée DAI-Labor; Technische Universität Berlin
An XML based Security Assertion Markup Language

An XML based Security Assertion Markup Language
Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

Empowering people-centric IT Unified device management Access and information protection Desktop Virtualization Hybrid Identity.

Similar presentations

Ads by Google