Managing User Identity in e-Governance
Praful Gharpure
PMP®, Six Sigma Black Belt ASQ®, ITIL ® Consultant
Government - ISU
Tata Consultancy Services, Mumbai
ABSTRACT
Government of India launched National e-Governance Plan
(NeGP) with a vision to” Make all Government services
accessible to the common man in his locality, through common
service delivery outlets and ensure efficiency, transparency &
reliability of such services at affordable costs to realize the basic
needs of the common man “.
For the implementation of NeGP, Department of Information
technologies (DIT) has visualized creation of the Common and
Support Infrastructure (National/State Wide Area Networks,
National/State Data Centres, and Common Services Centres &
Electronic Service Delivery Gateways) and make suitable
arrangements for monitoring and coordinating the implementation
of NeGP under the directions of the competent authorities in this
regard.
To complement the vision of DIT all the states & respective
departments within each started have either kick started IT
initiatives or accelerated existing IT initiatives. In our country the
service delivery is fragmented with multiple entities in each
service. Further with implementation of the e-Governance
initiatives in the different departments independent of each other;
results in dilution of impact of the initiatives for the want of a
user base itself i.e. the Citizens who are the customers to the
service.
The key to the success of e-Governance program lies in successful
delivery of services to the end user i.e. the Citizens. In order to
ensure this the delivery of services by individual
agencies/departments to the same end user need to happen in total
harmony. The key factor for this to happen is to have a Single /
Common /Unique Identity of the end user with all the
departments.
This paper intends to bring out importance of Identity
Management in e-governance by highlighting the potential value
traps in existing initiatives and probable technology intervention
to make processes lean.
1. INTRODUCTION
Government of India launched National e-Governance Plan with a
vision to Make all Government services accessible to the common
man within his locality, through common service delivery outlets
.Further the vision is to ensure efficiency, transparency &
reliability of such services at affordable costs to realize the basic
needs of the common man.
The implement of NEGP has been initiated by all the states with
setting up of
A. State Data Centers (SDC) for centralized hosting of citizen
centric applications.
b. Setting up of State Wide Area Networks to provide coverage of
the services across the state with link to SDCs.
c. Setting up the Common Service
delivery centers at local level for
effective reach or the common man.
While all the above is happening the individual service providing
departments have already initiated various e governance projects.
Most common of which is the hosting of city website / Portal
which intends to serve as source of information to the users.
NEGP has adequately considered these initiatives and ensured that
all these get integrated to State Service Delivery Gateway (SSDG)
to provide single channel of information to end user. The fact
remains that the individual departments have different
mechanisms of identifying the concerned end users from the same
set of citizens. As a result the individual service provider is
interacting with same set of users independently multiple times,
further the processes followed result in series of rework loops,
duplication of efforts and non value added works. At the same
time the optimal use of IT infrastructure is not achieved.
In event all the service providers identify the user with a common
parameter or existing identities are linked and considered as new
identity for future transactions the effectiveness of service
delivery shall increase many folds. This paper intends to bring out
the potential value traps in existing initiatives and probable
technology intervention to make processes lean.
2. IDENTITY MANAGEMENT – EXISTING
SITUATION ANALYSIS.
Identity and Access management (IAM) is a critical function in
any organization which ensures that the right people access the
right information. In case of service delivery initiatives at
government the IAM has a wider implication since the
government initiatives identify the recipient of the service through
a set of defined identity parameters and all subsequent
transactions for the said recipient are done with the same. The
access to this information for government representative becomes
the other identification parameter set .
Thus in Government IAM is a two fold requirement, firstly the for
Service delivery via a government representative and secondly for
the receipt of the service itself.
While many states have implemented some form of access and
identity management solutions in their departments, the state as a
whole do not have an implementation like an global private
enterprise has.
In addition e-Governance initiatives in the different departments
are carried out independent of each other; as such the benefit of
the initiatives is not fully utilized by end user. This also results in
non availability of information amongst departments leading to of
rework.
Page 1 of 7.
Most of the time the service recipient citizen ends up submitting
identity credentials multiple times during his interaction with
multiple departments. Illustration I highlights the same.
Illustration I: Identity Parameters & Mapping to Service provider Departments
IT implementation in India is happening in bits and pieces.
Though IT has found place on the agenda of all the departments it
lacks is an integrated approach to its rollout and effective sharing
of IT infrastructure / Information to minimise the rework and
economise on costs. At National Level this has been achieved
with agencies like NIC where a centralised data base has been
created and information is available through one source.
Illustration I above gives a snapshot of various Identity
parameters which a service recipient provides to the provider
department. It also depicts the duplication instances where user
submits these at multiple department and even the departments
too have the same information or can be taken from other provider
department for validation purposes. With IT implementation
progressing in different departments each new identity created
rarely integrates with existing identities – leading to additional
costs and complexity. Further each new identity adds risk to
compliance with business, regulatory, legal and security
requirements.
Thus there is a potential for reuse of existing information from
within departments. With majority of departments carrying out IT
implementation this information exchange is a need of hour.
3. FEDERATED IDENTITY MANAGEMENT.
Identity management refers to the policies, processes, and
technologies that establish user identities and enforce rules about
access to digital resources. Federated Identity Management is
holistic identity solution for the swift, secure share of information
with partners and providers. It facilitates replication of the same
identity information across partners; it enables the formation and
administration of a single identity per user – across enterprise
boundaries there by forming a circle of trust.
The Benefits of Federated Identity Management Include:
• Simplified integration between one department and other
department’s web sites
• Improved business compliance by helping reduce security
exposures
• Improved end-user experiences through extended single-sign
on
• Expanded business reach for service providers by creating
new revenue generating opportunities
• Simplified security administration in cross-enterprise
business processes by delivering security as services
• Delivery of policy based integrated security management for
web services.
Page 2 of 7.

4. IT SOLUTIONS TO LEVERAGE EXISTING
IDENTITIES.
The intent of e-governance is to accelerate the current processes
by automating the same and making them accessible to the end-
user. The part of making the processes accessible to end-user is at
infancy stage in majority of cases. However this very aspect if
coupled with interdepartmental information sharing has a
potential to transform the process performance. It shall also lead
to value enhancement for both process owner department and the
customer of the process. User
IDP Domain
Web Agent with
Option Pack
Fed. Web
Services
SSO Policy Server with
Option Pack
Assertion
Batch Process
Generator
Single Log SMF API
Out Service
Policy User
Store Store
Federation Logical Architecture
Illustration II: Federated Identity Management
The ground work for the type of solution described here is
reasonably in place with IT implementation across majority of
departments providing citizen service. The need of the hour is to
bring these services under one single window for user to avail
those. It is equally important to provide seam less navigation and
maintain the linkage of identities created for a user with each
provider.
Federated identity management using Security Assertion markup
Language (SAML) is a potential quick win solution where in the
user’s identity if already created on a central website / service
provider, it can be linked with the identity of the same user with
other provider based on unique linkage parameter. Illustration II
provides a graphical depiction of the solution.
To give an example , if a user logs to a site say Regional
Transport Office (RTO) to request for a change in address and
needs a record to validate and update. The site shall have a link to
State electricity board website on which the user may or may not
have an account. User can reach out to the website using link on
RTO / city portal page; with first login the user credentials shall
be validated or he will be required to create login if not done
already and opt for federation. On completing this, his identity on
two accounts shall be linked facilitating the required validation
from address field to update the RTO account.
The same concept can be extended for various information types
which can be attributed to a single end user. In such a concept the
user identity created at service provider ends needs to be updated
on central data base through batch run. This shall help to extend a
seam less navigation to desired service which user intends to
Note :
SMF - Siteminder Federation
SAML - Security Assertion Markup Language
Internet / Intranet
Multiple SP Third Party Domain
District Administration
Police
RTO
SAML
Input File
avail. The subsequent enhancements to the provision of services
have been explained with examples in later sections of the article.
In addition to this the verification of certain interdepartmental
information shall also become possible. Illustration III gives
details of logical architecture for the same.
IT implementation in various departments are at different level of
maturity. Further such a situation warrants that the existing
infrastructure needs to be put to optimal use. Illustration III
depicts two instances for an application of service provider. The
internet instance gets integrated with city portal making it
accessible with single login for end-user. Within offices other
instance is used and department level updates as a result of
transitions are captured and need to be transferred on city database
through batch run at fixed frequency. This also gives facility for
department employees to access application by logging from
remotely. The effective identity management can lead to multiple
ways through which a service can be availed. These are like
1. A user can log on to a provider application and get the required
validations done from other department in order to avail a desired
service.
2. Converse of 1 above is also true, where, in order to fulfill a
service request received, the provider department can get the
Page 3 of 7.
required validations done from other provider department in order himself or through an agency without being forced to visit to
to fulfill the requested service. departments its service fulfillment

Enduser Provider Employee

Internet Internet

Service Provider Service

City Portal Department Application Provider
Intranet

Provider
website

Web Server
Web Web Server
Agent Web Server
Web
Web Agent Agent

Identity Identity
Manager Policy manager
Application Policy
Server Application
Server

Application
Server
Policy User
Store Store Policy User Multiple Providers
Store Store Multiple Updates

Extended SSO Logical Architecture

Illustration III: Extended Single Sign On Using Federation

5. IMPLMENTATION AREAS As evident from illustration IV, there is a significant amount of

This section gives an elaborate example for the concept put forth
in illustration III. The example given here is for a property
registration workflow.
The end customers here are the buyer and seller of a property. As
things stand today the customer is required to work with multiple
processes at different departments to get the records updated. This
leads to a series of rework loops to gather information first and
updating other records post transaction. It’s ironical that all these
departments have got their own process IT enabled partially,
however the cycle time of transactions carried out has not
improved significantly. The illustration IV below outlines the
existing process with information of cycle time for broad
components there in. It also highlights the rework areas
experienced by the end user.
The case here is of IT implementations are carried out at process
level of a department. The dependent information from other
departments for the same user has to be provided by user himself
leading to multiple handoffs of the data and manual effort on part
of user & the departmental staff. As a result the users go through
series of rework loops for the want of information and information
updating subsequent to any transaction carried out.
Considering the fact that the IT solutions exist at various service
providers the need is to leverage the existing infrastructure already
in place and build over the same. It is equally important for
extending the service where in a user gets to use the service
rework, idle time, delays, handoffs in the existing process thereby
it takes 533 hours i.e. 23 business days. Further the trips to
various offices have effects like working hour’s loss of customers
from their work, trips generating traffic on road plus the agony
one goes through.
The above example stresses a need for information exchange
amongst department with adequate tagging to end user identity.
Since the individual departments have carried out IT
implementation the deployment of framework can be channelized
through the common portal. The development of citizen interface
at common portal and deployment of interoperability solution
across applications in various departments can lead to acceleration
of the process steps. Illustration V gives the view of the
transformed processes.
Once the service catalogue is defined and adopted by the provider
departments the interdepartmental data exchange shall lead to
reduction in overall transaction time. Even the mechanism of
Incident reporting and resolution can be effectively achieved with
Following are the challenges that stand out for implementation of
such a framework
1. Infrastructure capacity.
2. Compatibility with other IT systems/databases /platforms.
3. Scalability of existing applications.
4. Information exchange mechanisms.

Page 4 of 7.
5. Geo referencing of assets. 6. OPPORTUNITY FOR TCS
6. Ability to carry out financial transactions. TCS has been a front runner in providing thought leadership in the
area of e-governance. The whitepaper published by TCS in this
regard brings out the key issues of present e-governance

Documents Verification & Registration & Issue Subsequent

Collection Submission of Document Updations

•Filling forms for

As Is Process

• Old Document • Verification of • Document Scan,

Collection – 1 Hr submissions Finger Print record each department
• Getting Copies from Documents – 1 hr Physical signature - 0.5 hrs / dept
offices - 24 hrs • Revisit for - 0.5 hrs • Verification by individual
• Getting Forms – 0.5 hrs scanning - 1 hr • Time till original Department & Updation
• Form Filling & • Fees Payment – 0.5 hrs document Issued Of Records
Submission – 0.5 hrs - 24 hrs – 20 Business days
Total : 26.0 hrs Total 2.5 hrs Total 24.5 hrs i.e. 480 hrs
Total 480.5 hrs

Total Process Time : 533 hrs

Note : Color codes for process steps are referenced to process maps
Illustration IV: Existing Process carried
The solution can even be scaled where the user can submit a
request which needs co-ordination of multiple service providers to
be able to fulfill the same. This shall also call for certain decision
making to bring out certain changes to infrastructure / put new
infrastructure element etc.
For such a solution to be in place there are certain prerequisites
listed as under.
• GIS mapping of assets in city limits.
• IT implementation in utilities departments covering
municipal limits.
• Citizen and Assets data at Municipal Corporation.
The above listed parameters form the ground work for Phase II of
the solution. The definition of process for handling of service
requests and delivery of new service come in as the activities
where in process framework shall be required. Frameworks in IT
Service management like Information Technology Infrastructure
Library (ITIL) can be effectively utilized. The solution requires a
robust workflow management tool to be able to interface with
organizational hierarchy and spatial information database. The
solution has potential to bring in wide ranging benefits some of
which are mentioned in section 7 below.
initiatives & Cycle time
out in the country. Interdepartmental
information exchange is the thrust area identified in the same. E-
governance initiatives need to be citizen centric in order to
achieve the last mile reach. The projects like AP Online, MP
Online and the current one under development in Maharashtra i.e.
MahaOnline are the live examples. As outlined in the discussion
above the service delivery in our country has been fragmented and
interdependent of information exchange across various
departments. The customer of these services has to rely upon
different sources / agencies in order to avail the services needed.
The projects cited above have potential to deploy the federated
identity management concept to facilitate data exchange where in
a citizen interface is created through the centralized portal and the
information / requests are channelized to respective departments.
The challenges faced in all these initiatives are the expansion of
the Service Catalogue to cover varied range of services. The
underlying cause for this is the silos style IT implementations by
the service provider departments where in individual processes are
automated.
The key links of interdepartmental information exchange is
missing and is left to end-user leading to rework at customer end.
There is an urgent need to work at individual solution level at
each department to build an interface layer and security solution
in order to facilitate the information flow depicted in illustrative
examples above. Using ITIL concepts shall give a catalytic

Page 5 of 7.
 Documents Verification & Registration & Issue Subsequent
Collection Submission of Document Updations

• Old Document
• Verification of • Visit Office for,
Collection – 1 Hr • Verification by individual
submissions Finger Print record
To be Process

• Getting Old Documents Department & Updation

Documents – 1 hr Physical signature
Scanned - 4 hrs of Records
• Fees Payment Online - 0.5 hrs
• Online Form Filling & – 2 Business days
– 0.5 hrs • Digitally signed
Submission Signed i.e. 48 hrs
document mailed
contract Document
– 0.5 hrs Total 48. hrs
Total 1.5 hrs Total 0.5 hrs
Total : 5.5 hrs

Total Process Time : 52.5 hrs

Note : Color codes for process steps are referenced to process

aps
m
Illustration V: Transformed Process with Information Exchange

touch to the departmental processes minimizing the effort at end present solutions where in existing initiatives at departmental
user’s side. Currently most of the departments‟ infrastructures do levels can be integrated into overall solution.
not have a Disaster Recovery (DR) Site. The solution proposed by
7. BENEFITS
TCS where in creation of a repository of department database on
Once the processes for service delivery and service support
portal servers shall fulfill this key requirement apart from giving
covering the service providers become operational with identity
citizen another channel to raise service request, incidents and seek
mapping of end users the end results shall show the realistic effects
guidance on developmental issues.
of e-Governance initiatives. These shall bring in benefits which
The present e-governance initiatives need to be looked into from
shall have far reaching effects for end user such as
an end user identity management perspective where in the existing
• Reduction in paper document submissions.
identity parameters of end user are leveraged and enhanced to
• Expeditious response to customer requests
better authentication & authorization procedures. The solutions
• Virtual “Single Window Service” eliminating the need
proposed in TCS projects have potential to be coupled with
for user to visit multiple offices.

Page 6 of 7.
 • Single channel of information.
• Transparent transactions.
• Ease of tracking requests, complaints and SLAs.
In addition, the tertiary benefits include
• Online exchange of interdepartmental user specific data
to effectively reduce cycle time for service fulfilment.
• Ease of reference to similar cases.
• Initiation of transactions by citizens shall lead to
revenue enhancement for service provider department.
• Optimised IT infrastructure.
• Employment opportunities through mechanism like
agent login.
• Improved interdepartmental teamwork.
• Saving in travel time of citizens to offices reducing
traffic on roads as an added benefit.
8. CONCLUSION
Successful implementation is a key to realization of benefits of
concept like the one proposed which brings in multiple
stakeholders on a single forum. Careful planning, selected piloting
and ease of replication of solution is the key success factors. In
order to translate the concept to reality one needs to adopt a two
phase approach as outlined below.
Phase I: Planning & Initial Assessment.
1. Development of Service Catalog for the services rendered.
2. Assessment of IT System at supplier end.
3. Mapping of services which can be brought under single service
desk at councils.
4. Defining process flows for effective identity management.
5.Mapping of existing identity parameters amongst provider
departments .
Phase II: Implementation
1. Build/leverage the existing records of existing identity of
citizens.
2. Existing services mapping to identity records.
3.Creation of a unique id once select set of identity parameters are
linked.
3. Building IT enabled centralized service delivery system
The dynamic nature of in urban population is a challenge for all
the major service delivery providers worldwide. The portability of
identity instruments is important for efficient e –governance
mechanism with scalability to cover variety of services for
citizens across the country.
With the initiative of Unique Id for citizens currently underway
the mapping of exiting identities is a potential a first step that need
to be considered. This shall lead to reduction of effort for end user
to map his identity with service provider departments post getting
the UID.
9. REFERENCES
[1] Chakrabarty Tanmoy; Towards an ideal e-Governance
Scenario in India; White paper on e-Governance.
[2] Tata Consultancy Services: e Governance Concept paper for
AP v1.0 Jan 2006.
[3] Tata Consultancy Services: System Design Document Day
700 Federation Project – 2006.
[4] Gharpure Praful; “Making Process Lean” Article published
in Express Computers Sept 2008.
Page 7 of 7.