From two-factor authentication for some, to smart cards for all co-workers. Huddinge municipality has gone all out for digital identities. The aim is to increase security for co-workers and municipality residents and to make the municipality’s way of working entirely digital.
From the beginning, Huddinge just wanted to follow the law. Management of personal information within the care sector and the establishment of school grading systems or evaluations require some type of two-factor authentication. The municipality started off with a preliminary study of the methods and technology and decided quite soon upon smart cards as a solution to the legal demands. But after the study was completed, the project group investigated how large the need was for two-factor authentication. It turned out that about 85% of the co-workers needed this.
“At that point we realized that we would create more problems by excluding some co-workers from being able to use smart cards. We decided that everyone should have access to them”, says Christer Borgh, IT security architect at Huddinge municipality.
Once that decision was made, it quickly opened up for further steps.
“If everyone then had a smart card, we thought that it could be used for more than strong logins and authentication, but also as single sign-in, entrance access, secure printing, or ordinary ID card. We decided that the smart cards should even be used as ID card and multi-function card”, says Christer Borgh.
As a result of this, the modest IT project had now become a considerably larger project, and the project owners were the municipality’s assistant director and administrative head. It was no longer an IT project but an undertaking that would change the work conditions for the municipality’s 5300 employees. According to Christer Borgh, it would not have been possible to pursue the project that far without the support and approval of the municipality leadership.
Huddinge municipality set as its goal the establishment of a LOA3 (Level of Assurance 3) level concerning the issuing of digital identities and thereby the ability to link up with federations that have this quality requirement. Recently, Huddinge municipality was the first municipality to obtain permission from the Swedish E-identification Board to issue eIDs with the Swedish eID logotype.
“We could have kept it simple and kept our eyes shut as far as the outside world was concerned. The consequence would have been having to re-do this a few years later. We decided to do it correctly from the beginning. Now we have the possibility of working together digitally with authorities and companies in a completely different way than previously”, says Christer Borgh.
In the present situation, the cards function forlogins, visual ID card and access card for physical access in the municipality management. The next step is that the federative parts are included, for example, healthcare’s Sambi. By means of the E-identification Board, the municipality’s employees will be able to identify themselves at various authorities and departments. For example, then the municipality’s land survey unit can work together with the National Land Survey in a simple manner. Drawings do not have to be sent physically, and paper forms will be just a memory.
“In this way, our counterparts can have trust in our identities; they can depend upon that the documents that are signed from here really have been signed from someone at Huddinge municipality”, says Christer Borgh.
Concrete benefits of Huddinge municipality’s smart card
- Improved security. Employees get an ID card that verifies that this is a person who works at Huddinge municipality.
- Simplified entry access. The cards will replace the badges that previously were used for entry.
- Economized printing. The municipality is currently buying in printers as services where the cards are going to be used, and it is expected that this will save paper because one will have to activate the print-out in order to be able to retrieve it.
- Time saving. This saves the time that it would have taken to send a document physically.
- Recycling of information. In that documents are sent digitally, information can be re-used in dialogues between the municipality and authorities.
- Quality assurance. With the help of digital signatures, one can be confident that one sends the correct documents, and the recipient can also verify this. If the municipality wants to share so-called open data, the person who is using the open data can be assured that it is correct.