Victoria's single sign-on a study in integration

A AU$6 million integration project will soon give Victorian businesses easier access to the government departments they need. David Braue weighs in on one of Australia's largest single sign-on deployments.

It may not do away with bureaucratic red tape completely, but the Victorian Business Master Key (VBMK) project has passed the first few milestones in its quest to streamline a range of government interactions for the 300,000 small businesses in that state.

Initially mooted as a government initiative in the government's 2004 "Victoria: Leading the Way" policy statement, VBMK gained significant momentum after the announcement early this year that the system was starting to go live.

Led by systems integrator NCS, the project -- recently expanded with the announcement of an additional AU$18 million in funding through 2010 -- is being built around the complex integration of Novell e-Directory and Entrust GetAccess user authentication.

Working together, these systems will provide single sign-on (SSO) access to an array of online government services built around Acumentum's Scenario Builder collaboration tool, the Netcat content management server, and Recommind's MindServer content aggregation system.

The right foundation
Eighteen months into the project and eight months since the services first went live, the Web site has enjoyed modest success, with around 65,000 unique visitors and 12,000 specific enquiries per month, and visitor numbers growing by 10 percent to 15 percent monthly despite almost no publicity for the site.

The range of enquiries that can be answered is still quite limited, but the site is ready for much larger volumes, believes Dominic Feik, director of business services within the Office of Small Business in the Victorian Department of Innovation, Industry and Regional Development (DIIRD).

-Government regulation is one of the major issues that small businesses raise when they talk about their concerns," says Feik. -Going through the process of working towards a single log-in across government is obviously going to take years, but we have the foundation in place."

Just where that foundation takes the project remains to be seen -- and explains the AU$18 million extension granted to the project. There will, of course, be a massive educational effort required to make sure Victorian businesses learn about the site and its potential relevance to their activities. NCS and its clients within DIIRD also face the very real issues of scaling up an application authorisation framework that is more complicated than nearly anything that has come before it.

Within the VBMK framework, details of users at the businesses -- each company can have more than one person authorised -- will be stored within the Novell e-Directory environment, managed as individual users and authenticated to access particular government services using the Entrust GetAccess framework.

Making this happen is complicated enough within a unique company, but the process becomes many times more complicated given that the types of transactions to be handled through the site. They include business registration, lodgement of key information, regulatory enquiries and much more, and can potentially involve more than 200 government organisations at all three levels of government.

Facing the real challenge
So far, the project already involves the Australian Taxation Office, WorkCover, Consumer Affairs Victoria, the Victorian State Revenue Office, and Victorian Small Business Commissioner. Streamlining the interactions between these organisations -- and the dozens more expected to come online in the next few years - has required the VBMK framework to be both flexible and expandable.

Java- and .NET-based development underscores the project, which uses a service oriented architecture (SOA) philosophy to expose the VBMK's various functions for use by other applications over the Internet.

-Our approach is to use as little technology as possible, but when it's used, to make sure it's good and then work it really hard," says Feik. -We have an integration model based on a SOA so that other agencies only need to build a relatively thin layer to their existing systems to be able to deal with this, and we can get the integration we need."

In an ideal world, those applications -- hosted at other government organisations -- would look to the VBMK as the single central repository of user information. In the real world, however, each organisation maintains its own user access databases and regulations about who can access what information. With those exchange pipes in place, the system needs to be able to feed authentication and application information wherever it's needed to prove the identity of an online user.

One major issue is finding the right balance between information availability and user privacy. Availability of information about a company's tax or other government records might be useful in improving service levels, for example, but the VBMK team needs to make sure the data sharing channels it opens don't provide too many details.

Such issues are among the many being addressed as the NCS and DIIRD teams, happy so far with the system's design and performance, work to expand the system's adoption across new government organisations. That has required considerable effort in bridge-building and, Feik concedes, a lot of patience as the rest of the government comes around to the VBMK way of thinking.

-We're working very closely with other agencies, and going through a process of engaging them and selling the concept," he says. -We're implementing it in such a way that it's an incremental effort initially, and then they can gradually build up their effort as they see benefits coming either from reduced overheads or benefits to customers. Our business case is built on reducing the cost of dealing with government for small business."