Quarkside

18/01/2012

Electronic Identities: We need to trust them

Filed under: Governance,Standards — lenand @ 5:34 pm
Tags: , , , ,

The demise of the Id Card Project in 2010 has not removed the growing need for trusted e-Identities (e-Ids) to give access to public sector services. The State benefits from lower administration costs and reduced fraud; Citizens benefit from much simpler and faster application for services. Far fewer errors will be propagated. The Cabinet Office solution is to encourage a market for Identity Provider (IdP) services from any number of accredited suppliers, many of whom should be from the private sector. Public Service Providers (PSPs) will trust the e-Ids from any such IdP. Their architecture diagram below has been largely unchanged for more than a year.

Hub Architecture

Between the IdP and the PSP is the managed “Hub”.  This posting raises a fundamental question about why it is necessary.  There are already well established standards that control the governance requirements for federations of IdPs and PSPs.  One is the OIX model.  

 

OIX Architecture 

This standard does not have a central hub.  It has rules for level of assurance and protection.  It is supported by many international IdPs such as Google, Facebook and Microsoft.  Public service organisations could act as both IdPs and relying parties.

The UK education sector uses a similar model for simplified sign on to multiple services.  Commonly known as Shibboleth, it is governed by the rules of the UK Federation.  It has an architecture that is scalable to millions of users without the need for a hub, see http://www.ukfederation.org.uk/.  It is a governance issue, you either trust other members of a Federation, or you don’t.  What are the problems of using such a federation architecture?  

  

  

Advertisements

Leave a Comment »

No comments yet.

RSS feed for comments on this post. TrackBack URI

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Create a free website or blog at WordPress.com.

%d bloggers like this: