Feeds

UK.gov digital boss defends ID assurance scheme

'Days of different logins for every site are numbered'

Top three mobile application threats

The Cabinet Office's newly installed digital captain has robustly defended the department's plans to beef up an identity assurance scheme with the help of banks and internet companies.

Mike Bracken, skirting over the fact that a new law will almost certainly be needed to be pushed through Parliament to make such a proposal a reality, is championing the cause.

In a puff piece on the Government Digital Service blog, the ex-Guardianista defended the "federated identity assurance model" by proclaiming that it was "essential for the 'digital by default' initiative".

The main crux of his argument is that anonymous online transactions need to be flushed out to help build trust between taxpayers, the government and corporations.

Indeed, as highlighted yesterday with the launch of Google-backed Midata, the Cabinet Office is very keen to create a new digital biz sector with a scheme that, at its heart, is about offloading identity-handling to the private sector while being gift-wrapped in tantalising 'open data' goo.

"Many people have described this subject as ‘identity management’," said Bracken. "That is an organisation-centric phrase: a notion that organisations hold data about people and have the responsibility for maintaining it.

"We have to reset the subject around the user and recognise that in the digital age people assert identity in many different ways and contexts."

But, don't be entirely fooled, here's the money shot:

The days of creating different user names and passwords for every new website are numbered, thank goodness. There is a strong desire to work collaboratively across the public and private sectors to develop solutions that meet users differing needs.

Bracken then cites various examples of why this ID-dealing game isn't isolated to British shores. It's an international effort, and the Cabinet Office wants to play.

Many readers of these pages have questioned why Maude's department is spending £10m and counting on ID assurance, given that there is already a federated model. Government Gateway was created in the New Labour Directgov era as one-login-to-rule-them-all for taxpayers to access gov-related services.

"[A] lot has moved on in the dozen years since Government Gateway was developed and we have a lot of work to do to develop solutions that work for users in the many contexts that they’ll need them," said Bracken.

Comment

This appears to ultimately mean bridging the gap between taxpayers' usernames and, for example, banks and internet companies - and yes, we're talking Google, Facebook and other big players in the ID arena.

But can such a vision truly be a reality? Let's repeat Bracken's words again: "The days of creating different user names and passwords for every new website are numbered, thank goodness."

Labour, now in opposition and still battle-scarred from its fight for the hated and now-abolished National ID card scheme, is silent about identity assurance for now. Perhaps that's because it's an idea dreamed up in the Cabinet Office that is yet to be tested thoroughly even by other government departments within Whitehall.

It's going to cost Maude's dept £10m to school the likes of the Departments for Work and Pensions and Business, Innovation and Skills in ID assurance. But what price to the British public if a cluster of "trusted private sector identity service providers" becomes the source of authenticating individuals who want to access gov services online? ®

SANS - Survey on application security programs

More from The Register

next story
Did a date calculation bug just cost hard-up Co-op Bank £110m?
And just when Brit banking org needs £400m to stay afloat
One year on: diplomatic fail as Chinese APT gangs get back to work
Mandiant says past 12 months shows Beijing won't call off its hackers
Whoever you vote for, Google gets in
Report uncovers giant octopus squid of lobbying influence
Lavabit loses contempt of court appeal over protecting Snowden, customers
Judges rule complaints about government power are too little, too late
MtGox chief Karpelès refuses to come to US for g-men's grilling
Bitcoin baron says he needs another lawyer for FinCEN chat
Don't let no-hire pact suit witnesses call Steve Jobs a bullyboy, plead Apple and Google
'Irrelevant' character evidence should be excluded – lawyers
EFF: Feds plan to put 52 MILLION FACES into recognition database
System would identify faces as part of biometrics collection
Putin tells Snowden: Russia conducts no US-style mass surveillance
Gov't is too broke for that, Russian prez says
Ex-Tony Blair adviser is new top boss at UK spy-hive GCHQ
Robert Hannigan to replace Sir Iain Lobban in the autumn
Alphadex fires back at British Gas with overcharging allegation
Brit colo outfit says it paid for 347KVA, has been charged for 1940KVA
prev story

Whitepapers

Top three mobile application threats
Learn about three of the top mobile application security threats facing businesses today and recommendations on how to mitigate the risk.
Combat fraud and increase customer satisfaction
Based on their experience using HP ArcSight Enterprise Security Manager for IT security operations, Finansbank moved to HP ArcSight ESM for fraud management.
The benefits of software based PBX
Why you should break free from your proprietary PBX and how to leverage your existing server hardware.
Five 3D headsets to be won!
We were so impressed by the Durovis Dive headset we’ve asked the company to give some away to Reg readers.
SANS - Survey on application security programs
In this whitepaper learn about the state of application security programs and practices of 488 surveyed respondents, and discover how mature and effective these programs are.