Public sector sharing privacy sensitive information
A second wave of eGovernment is rapidly approaching. Rich applications are being made available for online interaction to enable more efficient collaboration between public agencies, while services for legal entities and individuals are being integrated into the workflow of the agency itself. The potential gains are tremendous, but so too are the risks. Privacy is at stake on a scale never encountered before.
Privacy â€“ a matter of trust
The new services being made available online for the public offer obvious benefits. And the richer they become, the more benefits they bring. A side effect of this is that the systems for and about the public are accumulating massive amounts of data. And by piecing it together it's possible to gain more information about a subject than the identified companies, organizations or individuals know themselves. What's more, the state may even make it mandatory for citizens and entities to share sensitive information about themselves.
Never before has privacy been so exposed to such considerable risks. And if the public sector fails to manage these risks effectively, the damage caused will go way beyond privacy intrusion; trust in public agencies as such is at stake.
With this in mind it is not surprisingly that the public sector is one of the fastest market segments to adopt the Attribute Based Access Control (ABAC) concept based on the XACML standard.
From simple posts to real applications
A web page on which you simply fill in a form and then press the Submit button may not require elaborate authorization. However, with the second wave of eGovernment services emerging, user sessions must be established in a much more secure manner. Users are now offered a rich set of functions to access and manipulate data relating to themselves, their families, their companies, properties, taxes, employment, health, and so on. Public servants engage in complex workflows with the public they serve. And the pieces of information they exchange is far from trivial. Quite the opposite, in the wrong hands, information posted to a public agency is always sensitive.
Improving efficiency in the public sector typically involves an increase in the level of information sharing. For instance, if different departments can share existing data, redundant data processing and time consuming interactions with the public or other state agencies can be avoided. However, data sharing is not possible without fine-grained protection against unauthorized access, which is where eXtensible authorization comes into play.
National security and law enforcement
Many public-sector user cases are complex as they involve multiple agencies, each with unique internal policy requirements that need to be considered. Identity federation is complemented with federation of access control policies. Governments are increasingly demanding collaboration between state agencies, for instance, when it comes to law enforcement when fighting organized crime. However in order to achieve this complex legislative and regulative restrictions must be adhered to when making these services available.
Axiomatics helps establish trust
Axiomatics is proud to serve public sector customers resolving use cases that often involve multi-dimensional authorization concerns. In these use cases, existing access control technologies are simply not an option since context-awareness in authorization is an absolute requirement. With eXtensible and externalized authorization, auditors achieve the level of transparency and the public the level of trust they demand.