vinnstock - stock.adobe.com
Government Gateway at 20 – looking back at the UK’s most successful digital identity system
Not all legacy IT systems in government cause problems – one has been at the heart of many of the most important online public services for 20 years
How time flies. Only a month ago, the Government Digital Service (GDS) celebrated its ninth birthday. Now it’s the turn of the Government Gateway, the UK’s cross-government identity, authentication and transaction platform, to celebrate its 20th anniversary.
Back in 2001, the Government Gateway programme achieved something almost unheard of in major government programmes – it went from a standing start to live service on 25 January 2001 in just three hectic months.
The programme was run initially by what is now HM Revenue & Customs (HMRC) and then later by the Office of the e-Envoy – the Government Digital Service (GDS) of its day – then, as now, part of the Cabinet Office. It involved more than 40 companies, large and small, and three departments actively engaged as both customers and critical friends: Inland Revenue, Customs and Excise (now joined together as HMRC), and the Ministry of Agriculture, Fisheries and Food (now the Department for Environment, Food and Rural Affairs).
Gateway was the first government programme to pioneer radical changes to software development that are now more commonplace. These included a physically colocated, collaborative team of suppliers, departments and users in one place; user research and user-centric design; agile approaches at scale; iterative, incremental builds and daily stand-ups; the use of a portfolio delivery team drawn from a wide range of suppliers, large and small; privacy and security specialists; and the adoption of open standards mandated by the UK government.
It was also the first time that government disaggregated a service, with the customer taking the integration role – using Microsoft as the lead software developer, Dell for hardware, Cable and Wireless for hosting, and Sema (now Atos) for application support.
UK government was a platform pioneer
As public sector information and services moved online during the early 1990s, it soon became obvious that many had similar technical needs. This recognition was to lead to the development of shared platforms – central infrastructure built for re-use across the public sector – removing the need for every organisation and service to develop its own near-identical systems.
The year 1994 saw the first significant implementation of central infrastructure with the launch of the Government Information Service – the Gov.uk of its day. It was the first central government website to start bringing together information and services in one place (see Figure 1). Just two years after its launch, it was already handling information from 180 public sector organisations.
It was the launch of the Government Gateway, however, that was to see the most significant expansion in the use of shared platforms, helping accelerate delivery of the Prime Minister’s ambitious objective of all services being online by 2005, as this Cabinet Office press release recalls.
The initial Government Gateway platforms
Three platforms were originally delivered under the Government Gateway brand. They provided their functionality through application programming interfaces (APIs) that complied with the government’s GovTalk open standards initiative. These open APIs enabled a diverse range of public sector organisations, central and local, to integrate the cross-government platforms into their own services. The Government Gateway also used the same APIs to implement a basic user interface (see Figure 2) in response to departmental requests.
All three platforms supported individuals, organisations and agents (those acting on behalf of others, such as an accountant acting on behalf of an individual or a business). They were:
- Identity: Supporting a range of trusted third-party organisations providing accredited identity proofing and credential management services to users, as well as the government’s own user ID and password identity service developed with CESG (now the National Cyber Security Centre).
- Authentication: Enabling users to authenticate to public sector services using a single user account, and providing single sign-on across multiple services and departments.
- Transactions: Orchestrating and managing transactions between government, citizens and businesses. This included the ability to handle transactions that interacted with multiple departments.
At their peak, the shared platforms were used by more than 120 national and local digital public services, exceeded 400 million authentications a year, and supported over 50 million active citizen, business and intermediary accounts. The platforms were utilised not only by a wide range of websites, but also by package software (see Figure 3), such as finance and accountancy systems.
The UK’s platform approach became widely recognised internationally, with the Government Gateway picking up numerous awards, including for the way its design preserved the privacy of citizens as they interacted with different parts of government using a single account.
On the back of the success of the initial platforms, several others were implemented, including:
- Payments (2003): Standardising the way payments were made to public sector organisations. Local authorities took this up very quickly and made significant use of it.
- Secure Mail (2003): Providing departments with two-way secure browser-based email, similar to the way many banks now provide a secure online messaging facility. The Inland Revenue was the first to use this to send updates to taxpayers.
- Notifications (2004): For outbound communications and updates to users, sent via their chosen channels – text messages, emails, and so on.
Other API-based platforms were also requested and developed to alpha and beta stages, including:
- Rules: A repository for storing and validating business and calculation rules, such as for welfare benefits and taxes.
- Forms: A service that enabled websites to access and dynamically render the latest government forms; and an associated secure storage facility to maintain data from part-completed forms.
- Circumstances and personalisation: A repository of user-controlled data of the type that needs entering repeatedly onto government forms, such as name, address and date of birth.
The ambition was to provide a range of complementary platforms that would eventually enable the radical simplification and re-engineering of digital government processes, functions and services, redesigning them around citizens and businesses rather than their providing organisations.
Government Gateway at 20
HMRC has invested significantly over recent years to modernise and replatform the old Gateway’s core services of identity and authentication. This has included adding features long desired, such as two-factor authentication to enhance security (see Figure 5), and a way for users to reset their own passwords to improve the user experience, alongside enhancing its identity verification services.
The 2020 decision by the Department for Work and Pensions to adopt Gateway as one of the identity and authentication services incorporated into its Dynamic Trust Hub demonstrates Gateway’s continuing viability as a cross-government platform.
While the UK government’s commitment to the platform model has waxed and waned over the years, several platforms have more recently been successfully implemented by GDS, including Gov.uk Notify and Gov.uk Pay, replacing the earlier Government Gateway platforms fulfilling the same purpose, as well as new developments such as GovWifi.
On this anniversary, we’d like to pay tribute both to those early 1990s pioneers in the civil service who established the “platforms for government” shared infrastructure approach, as well as those who have picked up the torch and continued to design and release platforms into the shared, cross-government pool.
Happy 20th birthday Government Gateway – and here’s to what the next 20 years may bring.
Jerry Fishenden was Microsoft’s lead product manager for the Government Gateway. Alan Mather led the Government Gateway project as part of Andrew Pinder’s team at the Office of the e-Envoy.
Read more about government digital identity
- What next for digital identity in the UK? Industry welcomes latest DCMS plan.
- Digital identity must not remain the missing link in the UK’s digital strategy.
- UK government plan for digital identity lacks substance and strategy.