Trusted Authenticated Domains and Gateways


One of the central questions of our time is how to make the internet safe whilst providing citizens with the capability to view and control their data. tadag represents a paradigm shift in information management and security and provides an architectural framework that can secure the internet and radically improve service provision, whilst protecting vulnerable members of society.


tadag was designed by David Gale in 2004. A summary of tadag‘s history is available here. A small component of the original design was shared with Microsoft Corp between 2004-05 and later became OpenID, currently used on over a billion devices worldwide.  A documented report of that interaction was delivered in 2008 at Microsoft’s request, a copy of which is available here.

Publication – 1st December 2014

The high-level business architecture for tadag is published today to provide impetus for discussion with governments, regulators and suppliers, and to work towards the implementation of a proof of concept and pilot project. tadag is particularly suited to cloud infrastructure hosted by government and the financial services sector.

TADAG Architectural Schematic

Click to enlarge

The citizen’s relationship with their own data has until now been brokered by organisations each of which has required an independent data storage capacity. A citizen’s capability to access, share, and control that data has been dependent upon the policies and functionality of individual organisation’s information systems and processes. tadag turns the traditional information management model on its head, putting the citizen at the centre, with an inbuilt capability to access personal data held by service providers and other agencies, as well as facilitating secure, cross-border information sharing amongst authorised agencies.

tadag comprises of a range of preconfigured services delivered on a server dedicated to each individual citizen. The extensible, preconfigured services  can include identity management, authentication management, secure messaging, secure email, personal portal, device management and records management services delivered on a dedicated server with a unique identifying IP address or other identifier dedicated to each individual citizen. This is delivered within an architecture that puts the citizen in control of their own data and provides secure communications and access for authorised public and private sector agencies to relevant citizen records, as well as facilitating information sharing where permitted by the citizen or mandated by government.

Figure 1 shows a range of example components within tadag that are created during registration following an authenticated request from a local identity management service (Figure 1 label: LOCAL ID MGMT) that provides physical documentary proof of identity, as well as a photograph and other forms of biometric identifiers captured during registration. These records can be cross-referenced with the records held by the national identity management service providers (Figure 1: NAT ID MGMT).The original registration documents, photograph and biometric identifiers are stored within the records management service (Figure 1: RECORDS Mgmt). The tadag portal log on details are then sent to the address authenticated during the citizen’s registration process.

The citizen and designated agencies gain access to the citizen’s records service via an external authentication server (Figure 1: AUTHENTICATION SERVICE) that provides scalable levels of security. An unrestricted record requires confirmation of domain certification or authentication from one service provider, whereas a high level of security requires the authentication with multiple identity management service providers (Figure 1: ID MGMT). The citizen’s authentication service (Figure 1: AUTHENTICATION & ID MGMT) provides service providers with the facility of mirroring or storing the customers’ individual records within the secure citizen domain.

Secure email and messaging services within the personal domain provide the citizen, service providers, agencies and other organisations with a facility for secure electronic communications.

The device management service (Figure 1: DEVICE MGMT) enables secure authentication for citizen access to the internet via an ISP using a managed device. Having devices and email accounts certified against a personal domain gives ISPs the option of eliminating SPAM or junk mail.

The geographic address of buildings is referenced via a unique identifier (UPRN) within a National Land and Property Gazetteer or by the allocation of a unique IP address for each property. Each property is allocated its own records management repository, accessible by authorised service providers, delivering a single point of access to all public records relating to that property.

A personal portal (Figure 1: PERSONAL PORTAL) provides the citizen with an amalgamation or mashup of communications, appointments and service announcements from authorised service providers, as well as the facility to add personal documents to the records management repository and control access to records access requested by authorised agencies.

Example Benefits

  • Citizen has control over their own data
  • Information sharing is facilitated without the complexity of inter-agency integration
  • Secure messaging between citizens and public sector agencies facilitated by default
  • SPAM can be eradicated
  • Public safety is enhanced by mandatory categories of shared information
  • tadag domain can be replicated following permanent change of country of residence
  • Social media secured and cyber bullying prevented with tadag authentication
  • Secure communications from personal computing devices

David Gale – Consultant CTO, CIO & Enterprise Architect
Derby, UK

1st December 2014


Copyright 2004-2021 Ram Technics Limited

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s