Identity @ The Guardian – SSO at Web Scale
The Guardian’s web and mobile application usage rates are experiencing explosive growth. This growth is driven by an increased consumption of news online. Today’s users have high expectations in terms of usability, security and performance. This session aims to highlight the challenges that Identity faces and will discuss the technology that can be used to keep pace in this fast moving development environment.
Topics covered will be:
- Cloud technology and the importance of scalability.
- Security versus usability trades offs and compromises.
- Multi device Identity support.
- Continuous delivery.
- Data driven development and lean principles.
Rethinking Digital Identity: The Australian Government Story
The Australian Government’s coordinated approach to digital identity started in the business-to-government domain, with the creation of a whole-of-government credential (AUSkey) and trust broker (VANguard) in 2007. A separate process occurred in the citizen-to-government domain (myGov) in 2013.
This case study examines the policy decisions leading to the creation of these systems, and the technical challenges and compromises that followed. This includes the decision to use digital certificates for business transactions, but username/password-based credentials for citizens. It also explains the delay between centralizing business-to-government and citizen-to-government authentication, partly due to the Australian public’s rejection of nationalized identity in the Australia Card.
At a more technical level, it also discusses multiple exposed and exploited security flaws, which threatened the security benefits of this centralized authentication.
Finally, the case study details the changing environment of digital identity, and the technical and policy questions currently being uncovered by the Australian Government in its quest to have all 50,000+ transaction-per-annum systems available end-to-end digitally.
- Understanding Australia’s approach to digital identity and where it is heading under the Australian Government’s digital policy agenda, with comparisons to other countries
- Appreciation of the hidden security costs of centralized authentication, and the effect of failures
- Demonstration of how the differences between various authentication and identity domains can necessarily lead to significantly different outcomes and technologies, in the whole-of-government space