||By Dunkin Westland and Ali M. Al-Khouri, http://www.emiratesid.ae/userfiles/Supporting_eGov_Paper.pdf
||Monday, April 05, 2010
Institution and HR Management
||Apr 05, 2010
Amidst the many promises of the Information Communication Technologies (ICT)
revolution is its potential to modernise government organisations, strengthen their
operations and make them more responsive to the needs of their citizens. However, the
experiences of many countries around the world is that in order to truly reap the benefits
of e-government and cope with its growth, governments are required to develop and
setup a robust ICT infrastructure.
In a recent United Nations (2010) survey of global readiness for e-Government services, the United
Arab Emirates was regarded as one of the leading Arab countries and ranked at 49 in the world in
terms of the overall eGov maturity and development. It was ranked at 25 in terms of
telecommunication infrastructure. However, it was ranked 86 at e-5ar6cipa6on, and 99 at 7nline
services. The future e-Government strategy of the UAE's government includes the objective of raising
the standing of the United Arab Emirates as a provider of fully connected citizen to government
services by providing the enabling infrastructure to facilitate full interaction between government
entities, the private sector and citizens.
Dunkin and Al-Khouri e-Government.
2 The Case for e-Government
E-Government can be defined as the use of information and communication technology (ICT) to
provide and improve government services by enabling electronic transactions and interactions
between citizens, businesses, and other arms of government (Burn and Robins, 2003). Most
governments have introduced some form of e-Government program ranging from a simple web
presence providing information to more advanced implementations providing a range of
transactional services of ever increasing sophistication and scope. E-Government strategies
worldwide are driven by a desire to improve the efficiency, accessibility and effectiveness of public
service delivery (Chesher et al., 2003). Focal benefits to both citizens and the government are
summarised in Figure 1 below.
Fig. 1 – UN e-Gov 2008 Survey Results
Source: (United Na6ons, 2008)
In considering the next phase of e-Government development for the United Arab Emirates, it is
important that the strategic drivers and projected benefits need to be clearly focused up on. Helpful
benchmarks are available from across the world. For example the United Kingdom’s e-Government
strategy highlighted potential benefits to citizens, business, suppliers and the wider public sector as
depicted in Table-1 below (UK Cabinet 7ffice, 2000).
Table – 1: 5otential e-Gov benefits
transaction with Examples Benefits
Wider choice of channels,
Convenience, lower transaction costs,
more personal service, greater awareness
of services and policies, greater democratic
participation and openness
Business Support programs
Advice and guidance
Quicker, faster interactions, reducing
transaction costs, and the regulatory
Suppliers e-procurement Reduced transaction costs, better
inventory management, shared data
departments and agencies
between central and local
government Policy making
Greater accuracy and efficiency, reduced
Better use of the knowledge base. More
nimble, flexible working arrangements.
Many of these objectives and benefits to are clearly resonant with the e-Government objectives of
the United Arab Emirates. The additional challenge of managing the provision of public services to a
large, mobile and rapidly changing population of foreign residents and temporary workers further
increases complexity. Together these should drive the implementation of e-Government within the
United Arab Emirates.
3. United Arab Emirate progress towards e-Government in the global context
The UN e-government survey uses a ranked measure of e-Government readiness. The survey
recognises five stages of e-government maturity relating to web presence:
Stage I - Emerging: A government’s online presence is mainly comprised of a web page and/or an
official website; links to ministries or departments of education, health, social welfare, labour and
finance may/may not exist. Much of the information is static and there is little interaction with
Stage II - Enhanced: Governments provide more information on public policy and governance. They
have created links to archived information that is easily accessible to citizens, as for instance,
documents, forms, reports, laws and regulations, and newsletters.
Stage III - Interactive: Governments deliver online services such as downloadable forms for tax
payments and applications for license renewals. In addition, the beginnings of an interactive portal or
website with services to enhance the convenience of citizens are evident.
Stage IV - Transactional: Governments begin to transform themselves by introducing two-way
interactions between ‘citizen and government’. It includes options for paying taxes, applying for ID
cards, birth certificates, passports and license renewals, as well as other similar Government to
Customer interac6ons, and allows the ci6zen to access these services online 0/. All transac6ons
are conducted online.
Stage V - Connected: Governments transform themselves into a connected entity that responds to
the needs of its citizens by developing an integrated back office infrastructure. This is the most
sophisticated level of online e-government initiatives and is characterized by:
1. 2orizontal connec6ons 'among government agencies(
2. Fer6cal connec6ons 'central and local government agencies(
<. )nfrastructure connec6ons 'interoperability issues(
0. Connec6ons bet"een governments and ci6zens
1. Connec6ons among stakeholders 'government, private sector, academic institutions,
NGOs and civil society(
Many studies revealed that the United Arab Emirates has distinguished itself in the customer centric
eGovernment development approach it adopted 'Al-Khouri and Bal, 2007(. Nonetheless, extensive
"ork is needed to address the requirement of “connectedI services 'United Na6ons, 2003(. The
enhancement of e-Government in the UAE and the region therefore "ill require a focus on
establishing the necessary infrastructure to deliver connected services and the development of
targeted service offerings to deliver related benefits to the citizen and government.
4. The role of Identity Management Infrastructure in the delivery of e-Government
The )dentity Management )nfrastructure ')M)( as developed part of the UAE national )D card program
has an imperative role as the single source for personal identity provision in the Country. The )M)
development is planned to be implemented through three strategic initiatives "hich directly support
e-Government "ithin the United Arab Emirates. These are:
• )ssuing )dentity Cards to all individuals;
• Public Key )nfrastructure; and
• Federated )dentity Management
These initiatives, and their fit "ithin the strategic intents of the program, are discussed in the
4.1 Issuing Identity Cards: Enabling secure remote authentication
Transactional e-Government services rely on some form of user authentication 'and indeed
authentication of the e-Government Service provider(. There are a number of possible solutions for
user authentication. Most organisations providing transactional services use passcode
authentication, examples are the UK 'Government Gate"ay( and Singapore 'Singpass(. 2o"ever
these provide limited assurance and very limited non-repudiation of the transaction 'Lambrinoudakis
and Gritzalis, 200<(.
Some countries therefore have moved to"ards token-based authentication 'smartcards( – Belgium
and Oman being notable examples. The national )D program provides the United Arab Emirates "ith
this capability too, through the design of the )D Card. Strong authentication and non-repudiation of
transactions are both enabled by the ne" smart )D card because each card contains individual secret
keys for authentication of the card and for document signing.
The UAE government through this program is introducing a flexible authentication architecture. The
Federated )dentity Management system described belo", combined "ith the )D Card, "ill support
single factor authentication 'passcode(, t"o factor authentication "ith the )D Card 'P)N and token(
and even three-factor authentication 'P)N, token, biometric(. This has t"o advantages for the United
• )t does not mandate a particular authentication approach that an e-Government service
provider must take. The service provider is free to choose a method "hich is appropriate to
the value of the transaction 'although there "ould seem to be little advantage in using a
passcode, given the availability of the )D Card(.
• )t supports all authentication methods that "ill be required for the foreseeable future.
Whilst t"o factor, PK)-based authentication is generally accepted as sufficient for the
majority of e-Government interactions1 - approved digital signatures have legal "eight
equivalent to a hand-"ritten signature in many jurisdictions - there are occasions "here the
assurance level provided by biometric authentication is required 'either on its o"n or as part
of a three factor authentication(. An example is use for border crossing.
4.2 Provision of a federal public key infrastructure
The use of the )D Card for authentication and non-repudiation is supported by a Public Key
)nfrastructure 'PK)(. The program runs a PK) for the )D Card. )t provides digital certificates to enable
use of the )D Card for authentication and non-repudiation. This is an interim solution and it is
intended that the UAE government2 to roll-out a Strategic PK) during 2010. This strategic initiative
"ill address key areas such as trust, identity management and privacy, "ithin the context of a
modern, secure, Public Key )nfrastructure- 'PK)-( based e-government model. The PK) project "ill
• A Root Certificate Authority, "hich is the ultimate trust point for all )D Cards; and
• A Population Certificate Authority, subordinate to the Root Certificate Authority, "hich
creates the digital certificates that each card needs
1 T"o factor authentication may either use a card reader connect to a PC, "ith or "ithout a P)N pad or a
separate 'air-gapped( card reader. Authentication using connected readers is susceptible to mal"are but has
advantages "here signing of documents is required.
2 Emirates )dentity Authority, a Federal Government organization responsible for the implementation of the )D
card for all the population of the UAE, is "orking on the PK) project, "ith the objective of support
The Root CA "ill, by its nature, also provide a solution for other Government PK) uses, such as
issuance of SSL and FPN certificates to support secure communication. The infrastructure "ill have
the flexibility to support the establishment of other subordinate Certificate Authorities for these
purposes, in addition to the Population Certificate Authority.
4.3 Provision of federated identity management
)t is possible for each e-Government service provider to authenticate a user via their )D Card,
ho"ever it is not necessary for them to implement the functionality to do this. The Federated
)dentity Management 'F)M( initiative is provisioned to provide a single sign-on service for
authenticating users, "hich service providers can make use of. This means that both federal and local
government departments "hich provide services to citizens via their "eb-sites do not have to
authenticate users themselves. This releases them from the requirement to maintain a database of
authorised users or provide functionality, such as certificate validation and authentication applets, to
enable them to authenticate a user via their )D Card.
)nstead, an e-Government service provider may redirect a user’s "eb bro"ser to the F)M "eb service
for authentication<. Then, once the user has authenticated, the service provider can trust the
assertion of identity 'via a SAML assertion(. This simplifies the implementation of the service
provision and places the burden of user authentication on a single organisation; i.e., )D Card
Authority. This is appropriate because the authority is the organisation that is best placed to manage
authentication. )t also ensures that any identity information that the service provider requires "ill be
authoritative and up-to-date because )D Card Authority is the primary source of such information.
Figure 2: UAE e-Government components.
Fig. 2 sho"s components needed to enable e-Government, although it does not include components
"ithin the service providers’ systems, "hich are dependent on the nature of the service. The
components provided by the )D Card Authority are the Token, PK), and the interfacing layer.
< The user "ould not necessarily be a"are of this redirection.
These components should enable the implementation of the UAE's overall strategic intents to
support advanced e-Government development. Fig. < sho"s ho" PK), Federated )dentity
Management and )D Card initiatives map to its strategic intents and to the e-Government maturity
Figure <: Mapping of E)DA's inita6ves to its strategic intents
and to the e-Government maturity model
5. ID Cards Authority's roadmap for the future of e-Government in the United Arab
Fig. 0 belo" depicts a high level implementa6on plan of the intended UAE )den6ty Management
Development program related to the roll-out of the e-Government functionality that it supports. )D
card roll-out is currently taking place and is projected to reach 3 million by the end of 201<. )n
parallel to the )D Card roll-out, several initiatives are put in place to develop an infrastructure to
support the card’s use as a t"o-factor authentication token for e-Government applications.
Figure 4: EIDA roadmap
Practices related to e-governance are rapidly becoming a key national priority for all countries and a
global phenomenon. 2o"ever, our observation of eGovernment projects in public sector
organisations all over the "orld is that they still lack fundamental infrastructure to make
considerable progress. Existing assessment studies of e-Government readiness sho"s that
governments need to adopt more effective approaches to promote in principle, the authentication of
online identities. Key to achieving this requirement is to develop a national infrastructure to enable
online authentication of users. This need to be developed to address the overall requirements of
trust, identity management and privacy and in the context of electronic governance.
The UAE government has al"ays been noted as the region's leader in innovations especially in public
sector management. )ts adopted mixed-approach of both citizen and governance-centric vision for
its e-governance initiatives, resulted in many reformations of traditional public sector governance
models; and not merely the computerisation of government operations.
The presented approach of the UAE government to build an identity management infrastructure part
of the )D card program has a derivative role as the single point of authority for the provision of
identity information in the country. )n support of this role, it maintains the National Register "hich,
coupled "ith a Public Key )nfrastructure, enables it to issue )D Cards to all citizens and residents. The
)D Card’s strong authentication capability and the presented Federated )dentity Management system
are both designed to facilitate implementation of e-Government services "ithin the United Arab
Emirates. This is envisaged to support advanced development of e-government specifically in areas
related to e-inclusion and e-participation, as "ell as the end-to-end integrated government "ork
About the Authors
Dr. Duncan Westland is "orking "ith PA consulting and is based in London. 2e
received his doctorate from Oxford University. 2e has expertise in biometrics and
related identity management technologies, including public key infrastructure and
security features to support issuance of )D Cards and e-passports. 2e has "orked for
the UK’s )dentity and Passport Service for five years and held the post of Biometrics
Architect for the UK’s National )dentity Service. 2e "as previously responsible for
assuring the passport production system for the UK’s first e-passport.
Dr. Ali M. Al-Khouri is the Managing Director of Emirates )dentity Authority,
UAE. 2e received his doctorate from War"ick University, UK in Managing
Strategic and Large Scale Government Projects. 2e has been involved in many
strategic government projects for the past 10 years. 2e is a member of the UAE
e-Passport steering committee, as "ell as an executive board member of the
National Centre of Statistics. 2is recent research areas focus on developing best
practices in public sector management and the development of information
Please click here to view the complete report: http://www.emiratesid.ae/userfiles/Supporting_eGov_Paper.pdf