Skip main navigation

£199.99 £139.99 for one year of Unlimited learning. Offer ends on 28 February 2023 at 23:59 (UTC). T&Cs apply

Find out more

B2C and G2C Examples

In this video, you will learn about two other IdAM examples: Business-to-Customer (B2C) and Government-to-Customer (G2C).
Business to customer, businesses have customers. Of course they do. And we’re thinking in this example more of the end user, kind of like Amazon with its customers. So here we’re looking at customer identity and access management. At the start, we looked at some of the legal requirements around financial services in the United States. We will have different requirements for the level of assurance and evidence that we need for our customers in order to establish and manage an identity with them. For most organizations, when we trade, we want very few barriers between the customer and establishing that identity. So we may want to make it as easy as possible. How easy is it to order something from an online retailer?
Typically it is very straightforward. There are some services that we want that we are perhaps legally required to have a more formal approach to. Things like guns, weapons, things like particular types of drug, particular substances that are managed legally, and also financial services. The user experience is important. We to make it as smooth as possible. What we’ve seen is technologies like OAuth, Open Authorization, start to enable the reuse of existing credentials. So instead of asking customers to enroll, again, for our service, we can allow them to log on with an existing set of credentials. Is this appropriate for your organization? Does this provide sufficient evidence for you? It provides a unique identifier.
It provides a link to an email address usually. That may be enough. It may not. But we need to make a managed decision. The graphic you see there, log on with Google, log on with Twitter, this is very much what we’re talking about. Lots of apps now, lots of websites, you can reuse existing social media credentials. And social media take-up is fairly high. We have about 40% of the population globally with a social media account. So this can be helpful. Not necessarily helpful if we’re looking for that extended verification process, but useful for a lot of online e-tailers. The final example we will look at is government to citizen.
And this is a really big challenge partly because just of the sheer number of people that you can be dealing with within an identity and access management system. We may want to provide single sign-on for government services. Many governments have chosen to create their own identity identification realm. And the citizens have to enroll within it, perhaps using their identity card as part of that process. We see this in Estonia, we see this in Indonesia, and we see this in the United States. In South Africa, they took a slightly different approach. And they’ve been allowing social media applications to form part of the enrollment. This is because access to digital is largely mobile-based.
And social media has a very high level of penetration. So this has been piloted as a way of managing the relationship and as a way of encouraging electronic participation. So citizens were shown in this pilot to have increased their access to government services, just because the threshold for accessing the services was much lower. We also need to be able to trust an identity. Misuse of an identity can cause problems. If we have a national identity framework that is easy to falsify, then potentially it can be misused. And a lot of the government identity documents become foundation identity documents for other systems and services.
So if you think about your identity card, that can be used to register for financial services, for property purchases, company registrations, for a wide variety. We can use this to establish a passport, to take out loans. So this becomes a problem. We need to make sure that our foundation documents, our government identity, is strong enough to provide the level of assurance that we need as a government, but also for other services that become dependent upon it. Otherwise, any other service that uses our identity documents, identity information that we provide as a government, can become compromised. If a foundation identity isn’t trusted, well, then any subsequent identities established around that cannot be either.
And what we see, interestingly, with Estonia as well, we’ll look at a case study relating to this later in the course, is the use of the government identity, to federate information in a managed way, in a restricted way, to private sector organizations like utilities. So if you enter your national identity information into a utility provider, it repopulates a lot of the information about you, including your address. It doesn’t give the utility provide access to your health care information or your pension information or anything else. But it can help reduce some of the friction around having a single identity. We don’t have to repeatedly enter the same information.

In this video, you will learn about two other IdAM examples: Business-to-Customer (B2C) and Government-to-Customer (G2C).

Investigate and share: Again, find an article related to either B2C or G2C in the context of IdAM that you find interesting. What caught your attention about this article and why is it relevant? Share it with your fellow learners.

This article is from the free online

Cyber Security Foundations: Identity and Access Management

Created by
FutureLearn - Learning For Life

Our purpose is to transform access to education.

We offer a diverse selection of courses from leading universities and cultural institutions from around the world. These are delivered one step at a time, and are accessible on mobile, tablet and desktop, so you can fit learning around your life.

We believe learning should be an enjoyable, social experience, so our courses offer the opportunity to discuss what you’re learning with others as you go, helping you make fresh discoveries and form new ideas.
You can unlock new opportunities with unlimited access to hundreds of online short courses for a year by subscribing to our Unlimited package. Build your knowledge with top universities and organisations.

Learn more about how FutureLearn is transforming access to education