Library

Browse and search developer information

Pattern 3: Federated Identity, National AuthZ

Pattern Description

This pattern allows local identity providers to be used to manage and authenticate users, but by establishing a trust relationship with a national service, allows these identities to be linked to national identities for use outside the local area. These identities are then used to authorise access using a national authorisation server.

Benefits

  • Can be built to address local needs, but within a national framework that establishes proven types and levels of authentication.
  • By adhering to this overall framework, these local solutions can be federated and trusted by local systems, and potentially authentication services in other regions – allowing use outside the immediate local area.

Concerns

  • Requires up-front work to develop a national framework, and establishment of a national assessment process to assure local solutions in order to grant them “trusted” status and federate with them.
  • Would only do authorisation against nationally agreed policies using information held about the user nationally – e.g. would not do checks that rely on user attributes only held in the local systems, such as legitimate relationship checks