Secure Service Design on G Cloud
Vine Solutions Service page: https://www.digitalmarketplace.service.gov.uk/g-cloud/services/314126887725154
We help you to deliver secure trusted cloud services: balancing Identity, Trust, Risk, and Trusted Attributes, delivering low friction user journeys, with user-centric data ownership and appropriate privacy for your user. We help with modelling data, meta-data and applying open standards to enable inter-organisational services and self-service outcomes. We plan, train and advise. We produce strategic architecture, profile standards and create Secure Service Designs.
What is Secure Service Design?
Without security and privacy there is no trust.
Without trust there are no safe transactions.
The purpose of a digital identity is to give the permission to act.
In our view, Secure Service Design involves:
Understanding your service needs and the risk profile of your service
Defining Identity Proofing and Identity Authentication capabilities (including HMG standards – GPG45 & 44)
Balancing risk and trust to ensure both minimum friction and business protection
Creating Identity and Trust architecture, ensuring the business service is designed in a secure Risk and Trust Framework
Securing and authenticating transactions (not just the user’s identity), applying dynamic authentication and transactional trust, seeing trust as a prerequisite for meaningful transactions, supporting counter-fraud capability
Architecting Trusted Attribute service design, modelling data and meta-data, ensuring that the service can obtain and effectively employ trusted data across service and organisational boundaries and providing context for counter-fraud capability
Respecting the customer’s Data Protection rights and applying privacy by design, and respectful appropriate consent management
Enabling access by persons on behalf of another – delegation of authorisation to trusted intermediaries and assistants
Applying and profiling open standards for Identity, Authentication and Authorisation and trust eco-system design (e.g. OAuth2, User Managed Access-UMA, Open ID Connect, JWT standards, Token protection, OWL/RDF/JSON-LD)
Ensuring that the whole end to end design has a coherent and configurable authorisation capability, across all components: browser, person, organisation, system, API, service.
For more information please visit the GCloud links above and download the service definition document from Service Definition on GC11.