Pattern 5: National Identity, Local AuthZ
This pattern makes use of the national identity and authorisation components, and uses that identity information within local systems (or in a regional capability) to authorise access to resources.
- Provides a simple mechanism for managing users and authentication, taking the requirement away from local systems.
- Provides a national “single-sign-on” capability allowing the same authentication session (ID token) to be used in all systems that support it, without requiring the user to log in multiple times.
- Allows local control over authorisation policies for controlling access to resources.
- Would not itself allow access to national systems, but could allow for automatically re-authorising the ID token with a national authorisation server (pattern 7) to give this capability.
Was this article useful?2