Different Use Cases
This document sets out a range of different use cases for the Mydex Platform, to help Subscribing organisations and their internal stakeholders understand the different ways in which it can be implemented, and the benefits to be gained from each approach for them, their staff, partners and customers they serve.
How a Subscribing organisation gets the best out of the Mydex Trust Framework and the Mydex Platform will depend on its strategic objectives, current business processes and existing levels of integration of current applications and IT infrastructure. They may have a mixture of in-house and third-party software, with different standards and protocols.
Customer Journeys and Experience Management is entirely within a Subscribing organisation’s control. How a Subscribing organisation reviews and enhances customer experience and business processes interacting with the Mydex Platform is entirely within their own control using whatever tools are preferred. This is one of the major benefits of the Mydex CIC approach. We have a separate briefing paper on the sorts of new customer journeys Subscribing organisations can offer using the Mydex Platform.
Integrating to the Mydex Platform is simple. It uses open standards and APIs. However, not all applications and services in use today by Subscribing organisations have such open standards and API connection capabilities. They may need to be extended, or have adaptors built to make integration possible. Typically the integration and building adaptors are undertaken by the existing in house teams or Subscribing organisations suppliers and service providers.
What we describe below are generic use cases, which look as much at the starting point for Subscribing organisations as how Mydex can be used.
In each case we envisage an incremental approach to adoption, usually starting with one area or element which may involve using the full spectrum of Mydex capabilities but within a targeted area of the Subscribing organisation to establish the foundations for the future.
The Mydex service is an enabler, for service improvement, cost and risk reduction, increased satisfaction and streamlining customer journeys and managing consent for data sharing, it is not an end itself.
The context of use for a Subscribing organisation and its customers and partners is pivotal in determining how the value is delivered to the Subscribing organisation, its partners and the customers they serve.
This value can be expressed in a combination of pure financial cost savings, efficiency gains, reduced risk and improved satisfaction, enhanced compliance and consent management. It can also be expressed in terms of social value and delivering outcomes that underpin transformational agendas relating to a wide range of social objectives across communities and society.
Each use case seeks to set out visually the connection points of the Mydex service using layers as the interfaces between the Mydex Platform and the Subscribing organisation’s services.
This leverages maximum value from both the Mydex Identity and the Mydex Personal Data Services.
Mydex CIC acts as the identity provider to the Subscribing organisation. Anyone registering for use of their services, internally or externally, is issued with a MydexID, Personal Data Store and set of tools to help them manage their life online.
The Subscribing organisation operates an organisation-wide access control layer. This grants permission to an authenticated user to use one or more features across systems operated by the Subscribing organisation. This is usually implemented using some of the directory services that support the LDAP protocol e.g. OpenLDAP or Active Directory.
The individual has seamless access or Single Sign On (SSO) across the Subscribing organisation’s existing services as a minimum. The Subscribing organisation gets out of the username and password management layer and equips the individual with a portable identity credential they can use to access services on the internet that support open standards.
The Personal Data Store is used for a range of purposes. These range from helping keep the individual’s personal information up to date with the Subscribing organisation, acting as a digital letterbox for delivery of verified data from the Subscribing organisation, to being a source of verified data or proofs of claim that the individual has collected from other Subscribing organisations they have connected to with their Personal Data Store.
The Subscribing organisation can work directly with the individual’s Personal Data Store. It can create end-to-end customer experiences and streamlined customer journeys. It can reduce the complexity of back-end integration, as all data is routed through the Personal Data Store. Data is shared between back end systems and services under a uniform legal framework of consent which is transparent to the individual. It affords them the ability to control what is shared, and for what purpose.
The Subscribing organisation gains access, with the individual’s permission, to verified data which can substantiate claims made. It’s a privacy-friendly way to share data across systems and Subscribing organisation boundaries. It improves the customer experience, and reduces time and effort needed internally to manage processes and data. This cuts the cost of transactions, at the same time improving customer experience and convenience.
A significant benefit for the Subscribing organisation is that this addresses integration across different systems without the need for a “master data manager” solution or integration hub for personal data. The consent issue is solved by routing via the individual’s Personal Data Store. This saves the Subscribing organisation significant time and cost in terms of integration. It reduces the complexity of internal system interoperation. It can be implemented incrementally over time, driven by priorities for service delivery.
The individual saves significant time and effort. They are not required to fill out the same information over and over again. They get verified attributes and proofs of claim from the Subscribing organisation, which they can in turn share with other Subscribing organisations. This provides evidence of their identity or entitlement. In turn it streamlines processes, serving the necessary information up dynamically when needed.
Overall the Subscribing organisation benefits from better control over business processes, customer experience design and IT architecture. It enables each of these layers to be managed independently of each other, even with different time horizons for redevelopment, replacement and extension. It cuts the cost of service development and delivery, and supports an agile approach to implementing strategy.
The individual becomes a participant with ease. They do not require technical skills. They acquire data and proofs as a by-product of daily activity and digital engagement. They save time, enjoy greater convenience online, are protected and secure. Above all they are able to get things done quickly and efficiently.
In short they are empowered to take part and make things happen, equipped with the data, proof and tools they need to interact efficiently with any Subscribing organisation on any device at any time.
Over time, as more and more people have a MydexID and personal data stores, new customers coming to the Subscribing organisation for the first time will be seamlessly on boarded and come with verified attributes and proofs of claims which will enable processes like Know Your Customer, Identity proofing and verification, sometimes called identity assurance to be handled seamlessly with lower friction, cost and risk. The data flowing from a Mydex Connection can be easily integrated to your existing processes and replace expensive external data aggregator and verification services whilst improving data quality and removing the need for physical document presentation for face to face interactions normally required.
This will go much further as individuals will no longer need to fill in endless forms, rather simply make the data needed by their new supplier or service provider available under a simple uniform data sharing agreement. This will cut down customer journeys and processing times further as they will need to add if at all the small amount of additional or unique information needed to complete a specific transaction. This in turn is stored in their personal data store for next time and made available to whatever channel they chose to interact with in the future
This offers the same benefits as the full package but the organisational access control layer is missing and each service or line of business application manages the permission and consent for each user for that application or service.
In essence Single Sign-On is still achieved but the internal overhead of managing what a user can access in each system has to be done at an individual application level. In some cases the web portal may be the point at which these services are exposed and therefore back end integration may not be required for the purposes of online access via a web browser.
The individual’s Personal Data Store is securely connected to one or more services and exchanging data with the Subscribing organisation in both directions.
New customer journeys are developed which make use of the data within the Personal Data Store directly and reduce the complexity of integration for such apps and customer journeys by achieving it through the Mydex Platform.
The Subscribing organisation is still managing the login to its web and app based services using one or more of their own credentials but secure data exchange is happening at the API level over verified and encrypted connections.
This delivers significant cost savings in terms of distribution costs, data quality and management. It critically simplifies back end integration by reducing the load and complexity of exposing these systems to front end services.
The Subscribing organisation is using secure two way data exchange to deliver verified attributes and to keep their own information on an individual up-to-date, principally creating distribution and data management cost savings.
This supports the need of individuals for access to verified attributes they can use downstream with other Subscribing organisations.
The Subscribing organisation is able to access and rely on verified attributes stored in the Personal Data Store collected from elsewhere.
All data sharing is done under a consistent, consent based data sharing agreement under the individual’s control. A simple sign up wizard driven from the Subscribing organisation makes establishing a secure connection easy using existing credentials known to the Subscribing organisation about the customer.
The individual still gets all the benefits of a MydexID, Personal Data Store and tools to help them manage their life online in a privacy friendly manner.
The Subscribing organisation outsources the username and password management activities of registration and authentication to Mydex CIC. The individual gets a MydexID they can use anywhere, a set of tools for helping them manage their life online including a Personal Data Store.
They can do this with or without their own organisational access control layer.
The Subscribing organisation will still need to capture profile information and interact with the individual via their own apps and services. No data is exchanged but the Subscribing organisation can implement a basic Single Sign-On solution.
One of the major benefits of the MydexID is that it supports multiple protocols such as SAML and OpenID which means that if the Subscribing organisation has disparate systems using different protocols this can be accommodated from a single MydexID. This means the individual has a better experience when trying to access an Subscribing organisation’s different systems which are not actually integrated.
Access Control to each system in terms of permission to use specific features remains with the Subscribing organisation and is usually managed within the relying application itself unless the Subscribing organisation has implemented a directory service to control permissions for features based on role profiles.
A major benefit of a person centric approach to identity and personal data services is that two or more Subscribing organisations can participate in shared services giving the individual single sign on across multiple Subscribing organisations using their MydexID. Apps and Wizards can be developed in a person centric manner delivering a seamless experience and all data sharing and integration to back end systems is handled by the Mydex personal data services API. The individual is in control and provides for consent. Subscribing organisations are not sharing directly but via the individual which simplifies compliance to data protection and implements privacy by design in one easy step.
There is no limit to the number of Subscribing organisations, systems, services or apps that can work this way allowing for clusters of shared interest and multi Subscribing organisation delivery chains to be implemented from a common interface and experience.