UK.gov digital boss defends ID assurance scheme
'Days of different logins for every site are numbered'
What you need to know about cloud backup
The Cabinet Office's newly installed digital captain has robustly defended the department's plans to beef up an identity assurance scheme with the help of banks and internet companies.
Mike Bracken, skirting over the fact that a new law will almost certainly be needed to be pushed through Parliament to make such a proposal a reality, is championing the cause.
In a puff piece on the Government Digital Service blog, the ex-Guardianista defended the "federated identity assurance model" by proclaiming that it was "essential for the 'digital by default' initiative".
The main crux of his argument is that anonymous online transactions need to be flushed out to help build trust between taxpayers, the government and corporations.
Indeed, as highlighted yesterday with the launch of Google-backed Midata, the Cabinet Office is very keen to create a new digital biz sector with a scheme that, at its heart, is about offloading identity-handling to the private sector while being gift-wrapped in tantalising 'open data' goo.
"Many people have described this subject as ‘identity management’," said Bracken. "That is an organisation-centric phrase: a notion that organisations hold data about people and have the responsibility for maintaining it.
"We have to reset the subject around the user and recognise that in the digital age people assert identity in many different ways and contexts."
But, don't be entirely fooled, here's the money shot:
The days of creating different user names and passwords for every new website are numbered, thank goodness. There is a strong desire to work collaboratively across the public and private sectors to develop solutions that meet users differing needs.
Bracken then cites various examples of why this ID-dealing game isn't isolated to British shores. It's an international effort, and the Cabinet Office wants to play.
Many readers of these pages have questioned why Maude's department is spending £10m and counting on ID assurance, given that there is already a federated model. Government Gateway was created in the New Labour Directgov era as one-login-to-rule-them-all for taxpayers to access gov-related services.
"[A] lot has moved on in the dozen years since Government Gateway was developed and we have a lot of work to do to develop solutions that work for users in the many contexts that they’ll need them," said Bracken.
Comment
This appears to ultimately mean bridging the gap between taxpayers' usernames and, for example, banks and internet companies - and yes, we're talking Google, Facebook and other big players in the ID arena.
But can such a vision truly be a reality? Let's repeat Bracken's words again: "The days of creating different user names and passwords for every new website are numbered, thank goodness."
Labour, now in opposition and still battle-scarred from its fight for the hated and now-abolished National ID card scheme, is silent about identity assurance for now. Perhaps that's because it's an idea dreamed up in the Cabinet Office that is yet to be tested thoroughly even by other government departments within Whitehall.
It's going to cost Maude's dept £10m to school the likes of the Departments for Work and Pensions and Business, Innovation and Skills in ID assurance. But what price to the British public if a cluster of "trusted private sector identity service providers" becomes the source of authenticating individuals who want to access gov services online? ®
COMMENTS
They must be joking!
I'll stick with separate user names and different passwords thanks. How long until someone leaves a usb stick with half the country's user info on a train?
Oh god, no!
As the article says, the intention is to put identity assurance in the hands of a number of "trusted private sector identity service providers". Trusted? The CO might trust them, but I doubt if the rest of us do.
As a private citizen I distrust the likes of Google and Facebook - I know that both view me as simply a potential source of revenue. How, then, can I trust them to manage my identity information reliably (let alone securely).
As the blog says, "Identity assurance is a complex subject", so why do they persist in going down a route based on a simplistic approach that ignores the fundamental difference between what identity means to the likes of facebook and what it means to government departments.
Bollocks.
Separate user names and passwords
If I *don't* have separate usernames and passwords for my online banking then I'm in breach of the terms of service.
I wonder who understands more about online security, a bank whose financial solvency probably depends on it, or a politician too stupid to wonder why commercial providers are actually interested in bidding for this sort of contract?
IT infrastructure monitoring strategies
Agentless Backup is Not a Myth
Steps to Take Before Choosing a Business Continuity Partner
Enabling efficient data center monitoring
Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider
