The Cabinet Office has done a good job in explaining many of the Citizen Identity issues for local government. Here are their unexpurgated recommendations:
——————————————————
There is a strong sense of enthusiasm for securing wider understanding of HMG’s plans around citizen IdA. LAs are keen to identify whether, how and when their plans may be aligned to a national approach and to minimise any risk of future isolation. Additionally, an excellent potential opportunity for effective re-use of centrally developed standards and technology is recognised. To help LAs in moving forward, the following recommendations are made:
1. Provide assistance to LAs
so that they may align with the IdAP vision:
- Publish IdAP vision and strategy at earliest opportunity
- Publish IdAP deliverables roadmap and timeline
- Enable LAs to utilise HMG procurement framework.
Publishing and effectively disseminating the vision and strategy along with the deliverables roadmap will provide LAs with clarity on GDS technology and approach and aid them in formulating their own plans. Whilst LA procurement frameworks exist for a number of software application solutions, there does not appear to be any such framework that would apply to procurement of IdA services.
2. Work nationally with all suppliers
including LA suppliers to:
- Review the landscape of IdA provision
- Promote the national perspective.
A review of LA service providers for example to clarify which suppliers will only offer their own proprietary service for IdA, which are open standards based and may therefore present no interoperability issues, whether individual suppliers are offering a consistent product/service across their customer base, would provide information to enable useful engagement with those suppliers.
Engaging service providers will also help influence negotiations and reduce the risk of LAs being ‘boxed in’ by embedded suppliers (i.e. those suppliers from whom software systems such as online council tax are purchased).
3. Publish a common set of features & standards for IdA
such as a minimum feature list. Build on good practice guides such as the Requirements for Secure Delivery of Online Public Services(RSDOPS).
A common set of features would also help to clarify relationships between Levels of Assurance (0-3, Bronze – Gold etc.), factor authentication, and generally develop a common language that will minimize misunderstandings.
4. Engage with LAs to pilot federated IdA solutions
and further explore current non-federated approaches.
Many LAs are keen to collaborate to help develop and test federated solutions in their local environment. It would also be instructive to explore alternative non-federated approaches that have already been taken by some LAs such as Harrow to online citizen IdA
5. Widen lines of communications to LAs
Through:
- Knowledge sharing platform
- Newsletters
- Social media (e.g. blogs, tweets).
There is a sharp appetite to share, learn, collaborate, inform and be informed. Additionally awareness-raising across the public sector would help address some of the barriers and issues facing authorities in relation to increasing understanding of the concerns within LAs and partner organizations, help to clarify thinking around potential solutions and increase efficiencies through avoidance of ‘re-inventing the wheel’.
6. Develop good practice guidelines
for implementing assisted digital for IdA
7. Customer insight research
is required to:
- Investigate user attitudes to and perceptions of trust, data sharing and the role of 3rd party identity providers
- Usability/accessibility studies should be undertaken and good practice for IdA defined and published
- Develop a communications plan and national campaign to raise citizen awareness and trust.
8. Develop a national brand for federated IdA
to encourage citizens to trust the new approach.
—————————————–
This seems to have been a such low key report that nobody has talked about it. There’s only common sense without any scare stories. Who will take up these recommendations?