Library

Browse and search developer information

Pattern 5: National Identity, Local AuthZ

Pattern Description

This pattern makes use of the national identity and authorisation components, and uses that identity information within local systems (or in a regional capability) to authorise access to resources.

Benefits

  • Provides a simple mechanism for managing users and authentication, taking the requirement away from local systems.
  • Provides a national “single-sign-on” capability allowing the same authentication session (ID token) to be used in all systems that support it, without requiring the user to log in multiple times.

Concerns

  • Allows local control over authorisation policies for controlling access to resources.
  • Would not itself allow access to national systems, but could allow for automatically re-authorising the ID token with a national authorisation server (pattern 7) to give this capability.