User-Managed Access in Action

Historically, saving for retirement was fairly straightforward for the average worker: he or she would probably only work for a small number of employers during their careers and could usually keep track of their pensions without too much confusion.

Today, things are much more complex. We now have more employers during our careers on average, are working for longer and, as a result, the typical worker will now have up to 11 separate pension pots by the time they retire. This proliferation, combined with increased life expectancy and an aging population in many developed nations, means that today’s citizens need to engage more with their pensions and take more responsibility for their future income and financial stability.

Creating a Trusted Pensions Dashboard

In the UK, the British government is working to address this through the creation of a pensions dashboard that will give citizens a single tool to monitor and manage their pension savings, even if they are split between many different pension pots and providers.

In the past the challenge for this kind of scheme would be the sheer scale involved: the UK pensions industry has over 40,000 schemes and close to 300 Pension Providers and administrators. However, a combination of changing consumer behaviour and expectations, and technology advances in APIs and security has given the UK greater confidence that this can be delivered effectively.

Once the greenlight to proceed is given, there will still be a big challenge to overcome: trust. For the Pensions Dashboard to function, it will need individual citizens and organisations to have a lot of trust in both the information it provides and the technology that underpins it - especially when it comes to data sharing and privacy.

So how can a pensions dashboard reconcile the data sharing that is needed to create a single view for the individual with the need for very strong data security and controls? In short, by giving every user full control over what data they share, with whom, and for how long. 

This might sound simple but it requires a robust and sophisticated digital identity system that can orchestrate the finding of pensions across potentially 300 end points and provide individuals with visibility into and control over who can access their data. For instance, they might wish to share information with a third party, such as a pensions adviser, but only for a limited period of time or only under certain circumstances.

This is where Origo and ForgeRock come in: we have been working together to collaborate on the development and testing of a combined approach to Pensions Dashboard technology, based around the User Managed Access (UMA) protocol.

ForgeRock’s philosophy when it comes to privacy is that there should be ‘no data about you, without you’. UMA is the authorisation protocol that makes this possible. It allows individuals to be very specific about what information they share and under what circumstances. Crucially, it also makes it easy for users to revoke access whenever they want. 

UMA also allows the dashboard technology created by Origo to implement with Open Standards which means providers of data can choose which technology to use when participating in the architecture. It is a future proofed approach that aligns well with the new GDPR regulations but most importantly, if implemented well, it will demonstrate to citizens that security is enabled for them, which will be critical to building trust and engagement.

The teams working on this project at Origo and ForgeRock are hugely excited about the potential for an UMA-enabled pensions dashboard. If we do our job well the citizen will never hear the or see the acronym ‘UMA’ - but they will see the benefits of it.  They will have control of who has access to their data and it will feel that this is the way all Financial Services digital offerings should work.

The UK government is still to announce the next steps for this initiative but we believe that, if executed well, it could enable the UK to launch a Dashboard far in advance of others in the world and set a new standard for how consumers engage with their pension and retirement income provision.

Read more about the success of the pensions dashboard project here.

Who Is Nick Caley?

Nick Caley is VP, Industries Financial & Regulatory, at ForgeRock. Nick speaks regularly at financial services and information security events in the EMEA region, and contributes regularly to publications including IT Pro Portal, ComputerworldUK and Payment Week.

Recent Posts:

What I learned at Identity Live London

Yesterday we held the London edition of our Identity Live series, an event that is always a highlight in the calendar for all of us at ForgeRock. This year was no exception.

Do It Non-Intrusively With Identity Gateway

Previously, we presented an overview of Identity Gateway and how it fits into your organization’s IAM. In the second part of this demo video series, we do a deeper technical dive on how to completely secure your business applications using reverse proxy. Check it out: