Electronic Identities: We need to trust them

The demise of the Id Card Project in 2010 has not removed the growing need for trusted e-Identities (e-Ids) to give access to public sector services. The State benefits from lower administration costs and reduced fraud; Citizens benefit from much simpler and faster application for services. Far fewer errors will be propagated. The Cabinet Office solution is to encourage a market for Identity Provider (IdP) services from any number of accredited suppliers, many of whom should be from the private sector. Public Service Providers (PSPs) will trust the e-Ids from any such IdP. Their architecture diagram below has been largely unchanged for more than a year.

Between the IdP and the PSP is the managed “Hub”.  This posting raises a fundamental question about why it is necessary.  There are already well established standards that control the governance requirements for federations of IdPs and PSPs.  One is the OIX model.  

 

 

This standard does not have a central hub.  It has rules for level of assurance and protection.  It is supported by many international IdPs such as Google, Facebook and Microsoft.  Public service organisations could act as both IdPs and relying parties.

The UK education sector uses a similar model for simplified sign on to multiple services.  Commonly known as Shibboleth, it is governed by the rules of the UK Federation.  It has an architecture that is scalable to millions of users without the need for a hub, see http://www.ukfederation.org.uk/.  It is a governance issue, you either trust other members of a Federation, or you don’t.  What are the problems of using such a federation architecture?  

  

  

QA may madden Maude

The 2011 Government ICT strategy preaches standards.   Tick box = Good.  People who bore for standards preach, ‘to do it properly you must define the standard and check later that the standard has been followed’.  This blog compares the strategy against a standard (standard with a small ‘s’) – in this case against the same set that was used to review the SOCITM ICT Strategy, released in draft last month.

The target for all public sector ICT is established in the introduction:

“6. Information and communications technology (ICT) is critical for the effective operation of government and the delivery of the services it provides to citizens and businesses. It offers key benefits by enabling:

• access to online transactional services, which makes life simpler and more convenient for citizens and businesses; and
• channels to collaborate and share information with citizens and business, which in turn enable the innovation of new online tools and services.”

Everybody must agree with this, and observe that sharing information across multiple agency boundaries is critical for citizens, businesses and agencies.  It has led to much discussion about shared infrastructure, shared services and the benefits this will bring.  Fortunately, we can use a standard for quality assuring the Strategy and highlighting any gaps that need to be addressed.  It has nine dimensions for assessing multi-agency information sharing partnerships.

• Business Scope and Plans
• Governance
• Legal Issues, Policies, Rights and Responsibilities
• Information Sharing
• Identity Management
• Federation
• Transactions, Events and Messages
• Infrastructure
• Sustainability

Overall these can be summarised into Process, Governance and Technology – the Quarkside mantra.  A quick traffic light assessment against the standard dimensions is as follows:

• Business Scope and Plans: Amber

The reasons are good and there is an aggressive, but risky timeplan.  Dependence on on word ‘Agile’, is a recipe for systemic obscuring of progress.  It provides opportunities for hiding problems that only emerge when the end-users in multiple location are expected to change time-honoured processes, and new systems are not interoperable with old systems.  The needs of 450 local authorities must not be ignored.

• Governance:  Amber

A structure has been developed, but it omits the input of local delivery agencies, such as local authorities.

• Legal Issues, Policies, Rights and Responsibilities: Amber

Apart from the Policy, other issues are not raised

• Information Sharing: Amber

Use of open standards and APIs will help at a programmatic level, but additional useful services, such as Master Data Management and systems interoperability standards are not mentioned.

• Identity Management:  Red

Avoidance of a cross public sector strategy for citizen, employee and agent identity management risks complete failure of the strategy and policy objectives will not be met.

• Federation: Red

Federated trust by all involved agencies is vital for both accuracy and efficiency.  Nowhere is this mentioned or implied.

• Transactions, Events and Messages:  Green

Operational systems usually find technical solution for inter-system data transfers.  The use of Web services on the Cloud should help.  Channel issues are addressed

• Infrastructure:  Greenish

The overwhelming weight of the document is technology and infrastructure, there are eleven actions planned.  However, one suspects that the thought process has ignored local government and external agencies in the calculations.  Are local authorities expected to reduce ICT costs by 35%?

• Sustainability:  Red

The standard means to ability to sustain a shared service for operation over many years, not reducing carbon usage.  Most shared services fail because of the inability to agree funding for operations, and all the development investment is wasted.  Central Government must agree a sustainable funding model at the very beginning of every information sharing project.  The Cabinet Office should feel responsible for the whole of the public sector, not just central government departments and agencies.

So how do you react to 3 Reds, 4 Ambers and 2 Greens?  It is low on Process and Governance and higher on Technology.  Quarkside thinks it is good enough for a first draft to get the ball rolling.  But if Francis Maude thinks this document is going to deliver all his policy objectives, then I fear that he, or his successor, is set for a big disappointment and some explaining to do.

Shared Services says SOCITM Strategy

Top marks to SOCITM for developing an open consultation on an ICT strategy for local government.  “Routemap for Local Public Services reform – enabled by ICT“.  As the President of SOCITM confirmed “We have never actually had a strategy and action plan for IT-enabled local public services, let alone one conceived for a citizen-driven public sector.”  So it is long overdue and should help beleagured ICT Managers (aka CIOs) to squeeze out more from less.

The five year Vision is straightforward:

• “pan-local/pan-public-sector” ICT provision , encompassing strategy, architecture and commissioning, to drive efficiency and reform of public services, according to the needs and preferences of people in the diverse places that make up the UK.
• ICT footprint in terms of people, technology, process and costs to be reduced substantially from today’s level.“

The way to achieve it is through sharing, re-design and innovation.  Note that Sharing must come first to achieve the economies of scale and buying power.  Sharing is dependent on partnerships and there’s already been a lot of investment in how to form, implement and sustain multi-agency, information sharing partnerships.  The research and test projects revealed nine dimensions that have to considered for successful partnerships.

• Business Scope
• Governance
• Legal Issues
• Information sharing
• Identity Management
• Federation
• Transactions, Events, Messages
• Infrastructure
• Sustainability

The SOCITM Strategy covers most of the dimensions, but there’s one glaring omission; Identity Management.  All shared service systems WILL FAIL if identity management methods are not applied to both staff and citizens.  Both need federating across the public sector infrastructure. Identity Management cannot be tagged on at the end of a project – look how ContactPoint suffered.

Within the Governance dimension lies funding.  Believe it or not, the inability of partners to agree a funding structure is the primary reason for the failure of partnerships.  The funding formula for shared services should be agreed on Day 1.  This a CEO and CFO role, not the responsibility of the CIO.

The benefit of drafts for consultation is that improvements can be made, and there are over 400 local authorities that can contribute their knowledge and experience.

 

 

eID: Apps need Assertions

eID in a federated environment has many complex governance aspects.  It does have a major impact in the applications which may use it.  Stian Sigvartsen has been running a blog for a couple of months on “Achieving a federated single view of the customer“.  The benefit of the postings is an exposure of some technical detail.  Take a look if you are that way inclined.

The broader message is that the human brain is the most cost effective processor of short lists of potential identity matches.  Matches are often obvious when combined with local knowledge and it is possible make assertions of identity with an indication of probability.  Records would show the eID of the asserter and a time stamp.  All assertions can be then incorporated into incrementally improving federated searches.  Audit trails would then be so much easier to follow.

These concepts need to be built into all identity registration schemes, such as Individual Voter Registration.

 

Identity Icebergs to sink Universal Credits

Does the Cabinet Office talk to the Cabinet Office – or any other Department for that matter?  Last week’s Local Government Delivery Council also had two related presentations; “Identity Assurance for Public Services” by the Cabinet Office and  “Employee Authentication Services (EAS)” by DfE and DWP.

Put these into the context of “HMG CTO Council – Government Employees Strategy for management of Identities – Version 1.1 – 1 February 2011. ” This noble document has some excellent content as far as it goes – but look at the juicy bits it deems out of scope.

• “Access control of data within a single system or organisation
• Entitlements of a validated identity within a single system
• Authorisation services and other capabilities enabled by identity management
• Citizen and Individual authentication even for access to government services or visitors to government sites
• Identity Management of systems, devices and other entities
• Audit and accounting requirements other than by reference to their need.”

Most, if not all of these are required by real live systems, especially in Local Government.  They are probably the hard bit where most guidance is needed.  Federated identity management protocols do understand how to include these options.  For example the use of Shibboleth 2 in the education sector can easily differentiate between children and teachers in Web based application systems.

EAS has been around for years in DWP.  It has been recently used for the “Tell Us Once” (TUO) project, authenticating for multiple agencies handling common citizen data.  They have discovered the need for, and have implemented, some employee attributes that allow differential access to application systems. This is out of the scope of the strategy above, but they found they had to do it.  Every Local Authority (LA), and there are hundreds of them, needs guidance on this because most do not have the internal skills and knowledge to interoperate with external identity providers (like EAS, but there are lots more). A common standard for federating identity, supported with standard software, is the only sensible way to proceed.

Finally, there was a bomb shell from the Cabinet Office.  As part of the stakeholder engagement process, they presented  “a federated approach through which a person is able to assert a trustworthy identity“.  Here are some of the enlightening aspects of a working federated system:

• delivered for DWP Universal Credits in April 2012
• provided ‘by the market’, presumably meaning non-funded
• dependent on external verification of identity by third parties (such as banks) selected by the citizen
• LAs will provide an Identity Hub which collects personal data and matches with the external credentials (this is a minefield, not just icebergs)
• links with biographic, health, wealth and education data by attributes
• links with DVLA
• links with an ‘official’ address file
• not dependent on a centralised identity register
• Oh, and by the way, it will run on the GCloud. Trebles all round.

The aspirations are wonderful, straight out of the junior management consultant’s handbook, but three simple questions illustrate the risks involved:

1. Does the Identity Management industry, working with hundreds of LAs, have the capacity to deliver in such a time scale?
2. Does the Cabinet Office (or anybody else?) have a Technical Architecture that is fit for purpose and compliant with the CTO Council strategy?
3. Identity management ignorance crippled the development of ContactPoint – why is it so much easier and simpler for Universal Credits?

Who do we trust?

“Governments and regulators need to pave the way for the new ecosystem by addressing online identity policy and being ready to work with structured authenticated data from verified individuals. This needs standards.”

This is a quote from the Mydex white paper on “The Case for Personal Information Empowerment”.

I  can only agree.  The UK is in urgent need of a cross public sector identity mechanism.  It must not be centralised,  to avoid being blocked by the anti-totalitarian brigade.  It must be as part of a trusted federation.  Many agencies can issue credentials after due process, but all agencies should accept them up to agreed levels risk.  Yes, we need standards first – but who is working on them?

Which agencies should should be certified to issue federable public sector credentials?