National Authentication Framework (NAF)
eGovernment Authority/ Ministry of Cabinet Affairs
Bahrain

The Problem

The eGovernment Authority (eGA) of Kingdom of Bahrain is the nodal agency in the country responsible for facilitation of providing government services and citizen assistance through electronic channels. eGA currently own and operate Bahrain National web portal, mobile portal, kiosks and national contact centers through which it delivers services of various government agencies and public services.

These electronic services require reliable identification of the citizens and residents who avail them, and authentication or reliable identity verification system was not available to ensure the services delivered through electronic channels and it was identified as a significant requirement for future eService expansion.
NAF allows the users to transact with multiple service using common identity and credentials, ensures lower service failures due to credential mismatch. The requestor services need not have to invest in authentication providers/solutions which may attract substantial license fees. As NAF is maintaining the confidential identity information in a secured fashion and shares these information the services as part of authentication service response, the services are relieved from the responsibility of securing the confidential identity information.

Solution and Key Benefits

 What is the initiative about? (the solution)
The initiative is an implementation of an identity assertion infrastructure based on the citizen registry information and the personal identification number. This proposed infrastructure uses the personal identification number as the identity and three factor credentials (Password, Smart Card & Finger Print) to verify and assert the identity. This approach ensures a one identity access and a set of credentials to be used to avail all electronic services from the government agencies. The services of the proposed infrastructure should be available to electronic services/channels in an easy method to integrate as well as to use an simple format and should be flexible to share with the private sector as well. The proposed infrastructure is expected to assert and underwrite the identity presented to it and up to the required level of confidence by the requester services and the service provisioning is the domain of the services and the solution is not responsible for the same.

Actors and Stakeholders

 Who proposed the solution, who implemented it and who were the stakeholders?
The single point authentication identity assertion infrastructure for eGovernment services was part of the eGovernment strategy 2005. It was conceptualized and developed by eGA in collaboration with of other government agencies such as the CIO and other consulting firms, PwC and Wipro. The conceptual design is converted into a request for proposal and Identified CrimsonLogic as the implementation partner through tendering process.
The project is delivering easy to use services for multiple factors of authentication and ensures highest standard of security to the user information it maintains. The solution is deployed on a highly scalable private virtual cloud using ‘Data Centre in a Box’ concept. The software solution provides unprecedented usability features such as complete localization of content and password in local language. The following are a few key features of NAF.
The NAF implementation of secured processing, transmission and storage of credential information ensures the credentials are only known to the user and all stored and transmitted credential information is cryptographic derivatives.
NAF allows the user to be authenticated using his password, authorised smartcard and finger print, depending on the level of authentication required by the service.
NAF allows the users to have their password Arabic language
NAF has the capability to provide customized response payload depending on the requirements of the requestor service
Majority of the security and operational variable are parameterised to ensure better flexibility and maintainability of NAF
NAF is deployed in a self contained virtual cloud environment which ensures high level of scalability.
NAF supports the identity federation using open standards

(a) Strategies

 Describe how and when the initiative was implemented by answering these questions
 a.      What were the strategies used to implement the initiative? In no more than 500 words, provide a summary of the main objectives and strategies of the initiative, how they were established and by whom.
The main objectives of this initiative is to establish a system which can uniquely identify each of the citizens and residents of Bahrain with a high degree of confidence. The system should be available to other electronic systems and channels to authenticate their users. Thus the same identity and credential set can be used across all systems which subscribe to the services of NAF. The requirement for such a system was identified during the eGovernment strategy implementation during the period 2007-2009. The system is conceptualized and developed by eGA with the help of other government agencies such as CIO and consulting firms, PwC and Wipro. The conceptual design is converted into a request for proposal and Identified CrimsonLogic as the implementation partner through tendering process.
The project is also aligned to Government Work Plan from the year 2011-2014 which encourages innovative ICT projects and application.
In the long term, the system participates in achieving Bahrain 2030 Economic vision by enabling the public-sector to become more productive and accountable for delivering better quality services via leaner organizations and operations. This will can be achieved by providing a robust and secure framework for services.

(b) Implementation

 b.      What were the key development and implementation steps and the chronology? No more than 500 words
Need Identification & Conceptualization,August 2009
Identification of Key features,December 2009
RFP & Tender process Initiation,January 2010
Project Kick Off,October 2010
Implementation,October 2011
Go Live,January 2012
Service Integration,April 2012

(c) Overcoming Obstacles

 c.      What were the main obstacles encountered? How were they overcome? No more than 500 words
The major obstacles to the projects include environmental and human factors. In case of the environmental obstacles, it was related to interoperability of the proposed solution with various pre existing systems and processes such as CRS systems, smartcard and bio-metric systems on one side where NAF is dependant for information and the systems. The others were systems and services which are expected to use NAF for identity assertion services from a myriad of technology platforms, with some of them requiring stringent integration requirements. In the second category, the application /system is expected to serve users with varying level of IT knowledge and expertise. Also another important issue the project has come across is the availability of skilled man power to maintain and support the system.

(d) Use of Resources

 d.      What resources were used for the initiative and what were its key benefits? In no more than 500 words, specify what were the financial, technical and human resources’ costs associated with this initiative. Describe how resources were mobilized
The NAF is designed to leverage the current citizen registry information and smart card infrastructure to ensure the single set of citizen profile information is captured and maintained by the citizen registry is used to avoid duplication of data and convenience to the citizens.
NAF is developed using open sources software components to minimize the IPR liabilities and future cost escalations. The project team consists of technically qualified eGA and CIO resources as well as professionals and consultants. The solution provider is one of the leading system integrator with proven track record in similar initiatives. The project is governed by a high level steering committee consists of senior management representatives of major stake holding organizations.

Sustainability and Transferability

  Is the initiative sustainable and transferable?
The NAF is designed to be the central point of identity assertion for all electronic service of government agencies. The system has easy to use integration interfaces and mechanisms available. Extensive care and effort is taken to ensure the usability of the application to all sections of the citizens. These efforts are reflected in the unique features of NAF such as bilingual (English and Arabic) website, services and even the availability of Arabic passwords. The NAF systems and services are designed to extend the same in terms of functionality as well as adoption such as corporate identification and extending the use of NAF services to corporate entities.

Lessons Learned

 What are the impact of your initiative and the lessons learned?
NAF will ensure the use of personal identification number and the attached credentials to be acceptable across the participating services from various entities, government as well as corporate entities. The functionality of NAF can be extended to validate the identity of citizens during the service delivery which may not be entirely on electronic channels.

Contact Information

Institution Name:   eGovernment Authority/ Ministry of Cabinet Affairs
Institution Type:   Government Agency  
Contact Person:   Ziad Asfour
Title:   Acting Director, Marketing & Awareness  
Telephone/ Fax:   +973-17-388388
Institution's / Project's Website:  
E-mail:   adarwish@ega.gov.bh  
Address:   P.O. Box 75533
Postal Code:  
City:  
State/Province:  
Country:   Bahrain

          Go Back

Print friendly Page