Supporting e-Government Progress in the United Arab Emirates
Dunkin Westland1 and Ali M. Al-Khouri2
1PA consulting, London, UK
2Emirates Identity Authority, Abu Dhabi, United Arab Emirates
Volume 2010 (2010), Article ID 897910, Journal of e-Government Studies and Best Practices, 11 pages, DOI: 10.5171/2010.897910
Received date : ; Accepted date : ; Published date : 24 November 2010
Copyright © 2010 Dunkin Westland and Ali M. Al-Khouri. This is an open access article distributed under the Creative Commons Attribution License unported 3.0, which permits unrestricted use, distribution, and reproduction in any medium, provided that original work is properly cited.
This article provides an overview of current international e-Government practices and the role of the national identity management infrastructure program in the United Arab Emirates (UAE) in supporting e-Government development. It describes the benefits of e-Government that various governments worldwide have identified, sheds light on some recent surveys on the delivery of e-Government by some countries, highlights some examples and puts the position of the United Arab Emirates into context. It then discusses the program's use of Identity Management in the strategic initiatives, explains their purpose in the facilitation of e-Government within the United Arab Emirates and describes a general roadmap for implementation.
Keywords: ID card, Identity Management, e-Gov, PKL
Amidst the many promises of the Information Communication Technologies (ICT) revolution is its potential to modernise government organisations, strengthen their operations and make them more responsive to the needs of their citizens.
However, the experiences of many countries around the world is that in order to truly reap the benefits of e-government and cope with its growth, governments are required to develop and setup a robust ICT infrastructure.
In a recent United Nations (2010) survey of global readiness for e-Government services, the United Arab Emirates was regarded as one of the leading Arab countries and ranked at 49 in the world in terms of the overall eGov maturity and development.
It was ranked at 25 in terms of telecommunication infrastructure. However, it was ranked 86 at e-Participation, and 99 at Online services.
The future e-Government strategy of the UAE’s government includes the objective of raising the standing of the United Arab Emirates as a provider of fully connected citizen to government services by providing the enabling infrastructure to facilitate full interaction between government entities, the private sector and citizens.
This paper provides a contextual briefing of current progress in the realisation of e-government in the United Arab Emirates and the use of identity management to support e-government.
The following section provides a short review of existing literature related to e-Government development, strategic drivers and projected benefits.
The Case for e-Government
E-Government can be defined as the use of Information and communication technology (ICT) to provide and improve government services by enabling electronic transactions and interactions between citizens, businesses, and other arms of government (Burn and Robins, 2003).
Most governments have introduced some form of e-Government program ranging from a simple web presence providing information to more advanced implementations providing a range of transactional services of ever increasing sophistication and scope.
E-Government strategies worldwide are driven by a desire to improve the efficiency, accessibility and effectiveness of public service delivery (Chesher et al., 2003). Focal benefits to both citizens and the government are summarised in Figure 1 below.
Fig. 1 — Internal and External eGov Contributions Source: (United Nations, 2008)
In considering the next phase of e-Government development for the United Arab Emirates, it is important that the strategic drivers and projected benefits need to be clearly focused up on. Helpful benchmarks are available from across the world. For example the United Kingdom’s e-Government strategy highlighted potential benefits to citizens, business, suppliers and the wider public sector as depicted in Table-1 below (UK Cabinet Office, 2000).
Table — 1: Potential e-Gov benefits
Many of these objectives and benefits are clearly resonant with the e-Government objectives of the United Arab Emirates. The additional challenge of managing the provision of public services to a large, mobile and rapidly changing population of foreign residents and temporary workers further increases complexity. Together these should drive the implementation of e-Government within the United Arab Emirates.
UAE progress towards e-Government in the global context
The UN e-government survey uses a ranked measure of e-Government readiness. The survey recognises five stages of e-government maturity relating to web presence:
Stage I – Emerging: A government’s online presence is mainly comprised of a web page and/or an official website; links to ministries or departments of education, health, social welfare, labour and finance may/may not exist. Much of the information is static and there is little interaction with citizens.
Stage II – Enhanced: Governments provide more information on public policy and governance. They have created links to archived information that is easily accessible to citizens, as for instance, documents, forms, reports, laws and regulations, and newsletters.
Stage III – Interactive: Governments deliver online services such as downloadable forms for tax payments and applications for license renewals. In addition, the beginnings of an interactive portal or website with services to enhance the convenience of citizens are evident.
Stage IV – Transactional: Governments begin to transform themselves by introducing two-way interactions between ‘citizen and government’. It includes options for paying taxes, applying for birth certificates, passports and license renewals, as well as other similar Government to Customer interactions, and allows the citizen to access these services online 24/7. All transactions are conducted online.
Stage V – Connected: Governments transform themselves into a connected entity that responds to the needs of its citizens by developing an integrated back office infrastructure. This is the most sophisticated level of online e-government initiatives and is characterised by:
- Horizontal connections (among government agencies)
- Vertical connections (central and local government agencies)
- Infrastructure connections (interoperability issues)
- Connections between governments and citizens
- Connections among stakeholders (government, private sector, academic institutions, NGOs and civil society).
Many studies revealed that the United Arab Emirates has distinguished itself in the customer centric eGovernment development approach it adopted (Al-Khouri and Bal, 2007).
Nonetheless, extensive work is needed to address the requirement of “connected” services (United Nations, 2008). The enhancement of e-Government in the UAE and the region therefore will require a focus on establishing the necessary infrastructure to deliver connected services and the development of targeted service offerings to deliver related benefits to the citizen and government.
The role of Identity Management Infrastructure in the delivery of e-Government
The Identity Management Infrastructure (IMI) as developed part of the UAE national ID card program has an imperative role as the single source for personal identity provision in the Country. The IMI development is planned to be implemented through three strategic initiatives which directly support e-Government within the United Arab Emirates. These are:
- Issuing Identity Cards to all individuals;
- Public Key Infrastructure; and
- Federated Identity Management
These initiatives, and their fit within the strategic intents of the program, are discussed in the following sections.
4.1 Issuing Identity Cards: Enabling secure remote authentication
Transactional e-Government services rely on some form of user authentication (and indeed authentication of the e-Government Service provider).
There are a number of possible solutions for user authentication. Most organisations providing transactional services use passcode authentication, examples are the UK (Government Gateway) and Singapore (Singpass).
However these provide limited assurance and very limited non-repudiation of the transaction (see for example: Lambrinoudakis and Gritzalis, 2003).
Some countries therefore have moved towards token-based authentication (smartcards) — Belgium and Oman being notable examples.
The national ID program provides the United Arab Emirates with this capability too, through the secure and sophisticated design of the ID Card.
Strong authentication and non-repudiation of transactions are both enabled by the new smart ID card because each card contains individual secret keys for authentication of the card and for document signing.
The UAE government through this program is introducing a flexible authentication architecture. The Federated Identity Management system described below, combined with the ID Card, will support single factor authentication (passcode), two factor authentication with the ID Card (PIN and token) and even three-factor authentication (PIN, token, biometric).
This has two advantages for the United Arab Emirates:
- It does not mandate a particular authentication approach that an e-Government service provider must take. The service provider is free to choose a method which is appropriate to the value of the transaction (although there would seem to be little advantage in using a passcode, given the availability of the ID Card).
- It supports all authentication methods that will be required for the foreseeable future. Whilst two factor, PKI-based authentication is generally accepted as sufficient for the majority of e-Government interactions – approved digital signatures have legal weight equivalent to a hand-written signature in many jurisdictions – there are occasions where the assurance level provided by biometric authentication is required (either on its own or as part of a three factor authentication). An example is use for border crossing.
4.2 Provision of a federal public key infrastructure
The use of the ID Card for authentication and non-repudiation is supported by a Public Key Infrastructure (PKI). The program runs a PKI for the ID Card. It provides digital certificates to enable use of the ID Card for authentication and non-repudiation.
This is an interim solution and it is intended that the UAE government to roll-out a Strategic PKI during 2010.
This strategic initiative will address key areas such as trust, identity management and privacy, within the context of a modern, secure, Public Key Infrastructure- (PKI-) based e-government model. The PKI project will primarily include:
- A Root Certificate Authority, which is the ultimate trust point for all ID Cards; and
- A Population Certificate Authority, subordinate to the Root Certificate Authority, which creates the digital certificates that each card needs
The Root CA will, by its nature, also provide a solution for other Government PKI uses, such as issuance of SSL and VPN certificates to support secure communication.
The infrastructure will have the flexibility to support the establishment of other subordinate Certificate Authorities for these purposes, in addition to the Population Certificate Authority.
4.3 Provision of federated identity management
It is possible for each e-Government service provider to authenticate a user via their ID Card, however it is not necessary for them to implement the functionality to do this.
The Federated Identity Management (FIM) initiative is provisioned to provide a single sign-on service for authenticating users, which service providers can make use of.
This means that both federal and local government departments which provide services to citizens via their web-sites do not have to authenticate users themselves. This releases them from the requirement to maintain a database of authorised users or provide functionality, such as certificate validation and authentication applets, to enable them to authenticate a user via their ID Card.
Instead, an e-Government service provider may redirect a user’s web browser to the FIM web service for authentication. Then, once the user has authenticated, the service provider can trust the assertion of identity (via a SAML assertion).
This simplifies the implementation of the service provision and places the burden of user authentication on a single organisation; i.e., ID Card Authority. This is appropriate because the authority is the organisation that is best placed to manage authentication.
It also ensures that any identity information that the service provider requires will be authoritative and up-to-date because ID Card Authority is the primary source of such information.
Fig. 2: e-Government enabling components
Fig. 2 shows components needed to enable e-Government, although it does not include components within the service providers’ systems, which are dependent on the nature of the service.
The components provided by the ID Card Authority are the Token, PKI, and the interfacing layer.
These components should enable the implementation of the UAE’s overall strategic intents to support advanced e-Government development.
Fig. 3 shows how PKI, Federated Identity Management and ID Card initiatives map to its strategic intents and to the e-Government maturity model:
Fig 3: Mapping of EIDA’s initatives to its strategic intents and to the e-Government maturity model
ID Cards Authority’s roadmap for the future of e-Government in the United Arab Emirates
Fig. 4 below depicts a high level implementation plan of the intended UAE Identity Management Development program related to the roll-out of the e-Government functionality that it supports. ID card roll-out is currently taking place and is projected to reach 8 million by the end of 2013. In parallel to the ID Card roll-out, several initiatives are put in place to develop an infrastructure to support the card’s use as a two-factor authentication token for e-Government applications.
Fig. 4: Emirates ID Roadmap
Practices related to e-governance are rapidly becoming a key national priority for all countries and a global phenomenon. However, our observation of eGovernment projects in public sector organisations all over the world is that they still lack fundamental infrastructure to make considerable progress.
Existing assessment studies of e-Government readiness shows that governments need to adopt more effective approaches to promote in principle, the authentication of online identities. Key to achieving this requirement is to develop a national infrastructure to enable online authentication of users.
This need to be developed to address the overall requirements of trust, identity management and privacy and in the context of electronic governance.
The UAE government has always been noted as the region’s leader in innovations especially in public sector management. Its adopted mixed-approach of both citizen and governance-centric vision for its e-governance initiatives, resulted in many reformations of traditional public sector governance models; and not merely the computerisation of government operations.
The presented approach of the UAE government to build an identity management infrastructure part of the ID card program has a derivative role as the single point of authority for the provision of identity information in the country. In support of this role, it maintains the National Register which, coupled with a Public Key Infrastructure, enables it to issue ID Cards to all citizens and residents.
The ID Card’s strong authentication capability and the presented Federated Identity Management system are both designed to facilitate the implementation of e-Government services within the United Arab Emirates.
This is envisaged to support advanced development of e-government specifically in areas related to e-inclusion and e-participation, as well as the end-to-end integrated government work processes.
Acknowledgment Partial content of this article was presented in the Cards Middle East 2010 Conference, held in Dubai, United Arab Emirates.
Al-Khouri, A.M. & Bal, J. (2007) ‘Electronic Government in the GCC Countries,’ International Journal Of Social Sciences, Vol. 1, No. 2, pp.83-98.
Burn, J. and Robins, G. (2003) ‘Moving towards e-government: a case study of organizational change processes,’ Logistics Information Management, Vol. 16 No. 1, pp. 25-35.
Chesher, M., Kaura, R. and Linton, P. (2003) Electronic Business & Commerce, Springer, London.
Heeks, R. (2003) Most egovernment-for-development projects fail: how can risks be reduced? paper no. 14, i-Government Working Paper Series, Institute for Development Policy and Management, University of Manchester, Manchester.
Lambrinoudakis, C. and Gritzalis, S. et al. (2003) ‘Security requirements for e-government services: a methodological approach for developing a common PKI-based security policy,’ Computer Communications, Vol. 26 No. 16, pp. 1873-83.
Lootah, R. & Geray, O. (2006) “Dubai eGovernment Case Study,” Dubai eGovernment [Online]. [Retrieved February 22, 2010], http://www.oecd.org/dataoecd/4/40/36986277.pdf.
UK Cabinet Office (2000) “e-government: a strategic framework for public services in the Information Age.” [Online]. [Retrieved February 22, 2010], http://archive.cabinetoffice.gov.uk/e-envoy/resources-pdfs/$file/Strategy.pdf
United Nations (2008) “UN e-Government Survey 2008: From E-Government to Connected Governance.” New York. [Online]. [Retrieved February 22, 2010], http://unpan1.un.org/intradoc/groups/public/documents/un/unpan028607.pdf
United Nations (2010) Global E-Government Survey 2010: Leveraging E-government at a Time of Financial and Economic Crisis. New York. [Online]. [Retrieved February 22, 2010], http://www2.unpan.org/egovkb/global_reports/10report.htm.