-
Notifications
You must be signed in to change notification settings - Fork 3
United Kingdom Overview
The authentication in UK is defined in the GOV.UK profile[1].
The following participants are involved:
- Identity Provider (IdP): The IdP is an organization in the private sector, which verifies the identity of the users and identifies them on the RP.
- GOV.UK Verify Hub (Hub): The infrastructure managing the interaction between users, RPs, IdPs and the matching service. In other words, the Hub mediates all interactions between the IdP and RP.
- Relying Party/Government Service (RP): The RP offers a service requiring user authentication.
- Matching Service (MS): The MS “… matches a user’s assured identity to a local identifier in the service’s records to allow them to use the service”[2].
Figure 1: Architecture of "GOV.UK Verify" and protocol flow[2]
Figure 2: Abstract Overview of the protocol flow in “FCCX” and "GOV.UK Verify" (Brandao, Christin, Danezis, & others, 2015)
In GOV.UK Verify the authentication flow is depicted in Figure 1 and Figure 2.
In step 1 the user calls the Government Service and starts the eID-based authentication. In the following step the user is redirected to the Hub, which mediates all interaction between the IdP and RP. In Step 3 the user chooses an IdP, which will be used for the authentication. In Step 4 the Hub forwards the user to the IdP, where he/she authenticates in Step 5. In Step 6 the IdP generates the authentication token, which is sent through the user’s browser to the Hub. Step 7 is only in the Federal Cloud Credential Exchange (FCCX) flow available, which is specified in USA. Thus, this step is skipped for GOV.UK Verify. In Step 8 the Hub uses the Matching Service (MS) to match a user’s assured identity to a local identifier in the service’s records, so they can use the service. In Step 9 the Hub generates an authentication token containing the identity of the user and sends it to the RP.
A more technical protocol overview is available in the following figure.
Figure 3: GO.UKVerify protocol flow[1]
1. ^ ^ Pegman, M., Cooper, A., & Dunn, S. (August 2015). Identity Assurance Hub Service SAML 2.0 Profile v1.2a. Identity Assurance Hub Service SAML 2.0 Profile v1.2a.
2. ^ ^ Team, I. A. (November 2015). Identity Assurance Documentation. Identity Assurance Documentation.