Quarkside

21/11/2012

LAs frozen out of IdAP

Filed under: Local Government,Policy — lenand @ 12:04 am
Tags: , , ,

Quarkside has heard that the Cabinet Office do not want Local Authorities (LAs) to compete in the Identity Assurance market against the private sector. This is strange because LAs could be more cost effective, given access to standardised private sector products or services.  Assuming that DWP will pay for Id Assurance, couldn’t any of the seven companies on the Id Assurance Programme (IdAP) framework ask LAs to front enrollment for their products?

LAs probably have the most capable local enrollment infrastructure – with the possible exception of Job Centres or some Post Offices.  Many towns with over 100,000 population, no longer have a General Post Office.  For example, Woking residents now have to dive down to a basement of WH Smiths.  What the policy makers have not accepted is that certain levels of trust should have face to face enrollment.  If somebody is receiving benefits of tens of £ thousands each year, wouldn’t eyeballing the person increase the level of trust in credentials presented at later stages?

Quarkside’s suggestion for a process that sets financial trust levels based on the transaction values may not be all that crazy.  Could it have a significant impact on fraud reduction?

Advertisements

21/02/2011

Identity Icebergs to sink Universal Credits

Does the Cabinet Office talk to the Cabinet Office – or any other Department for that matter?  Last week’s Local Government Delivery Council also had two related presentations; “Identity Assurance for Public Services” by the Cabinet Office and  “Employee Authentication Services (EAS)” by DfE and DWP.

Put these into the context of “HMG CTO Council – Government Employees Strategy for management of Identities – Version 1.1 – 1 February 2011. ” This noble document has some excellent content as far as it goes – but look at the juicy bits it deems out of scope.

  • “Access control of data within a single system or organisation
  • Entitlements of a validated identity within a single system
  • Authorisation services and other capabilities enabled by identity management
  • Citizen and Individual authentication even for access to government services or visitors to government sites
  • Identity Management of systems, devices and other entities
  • Audit and accounting requirements other than by reference to their need.”

Most, if not all of these are required by real live systems, especially in Local Government.  They are probably the hard bit where most guidance is needed.  Federated identity management protocols do understand how to include these options.  For example the use of Shibboleth 2 in the education sector can easily differentiate between children and teachers in Web based application systems.

EAS has been around for years in DWP.  It has been recently used for the “Tell Us Once” (TUO) project, authenticating for multiple agencies handling common citizen data.  They have discovered the need for, and have implemented, some employee attributes that allow differential access to application systems. This is out of the scope of the strategy above, but they found they had to do it.  Every Local Authority (LA), and there are hundreds of them, needs guidance on this because most do not have the internal skills and knowledge to interoperate with external identity providers (like EAS, but there are lots more). A common standard for federating identity, supported with standard software, is the only sensible way to proceed.

Finally, there was a bomb shell from the Cabinet Office.  As part of the stakeholder engagement process, they presented  “a federated approach through which a person is able to assert a trustworthy identity“.  Here are some of the enlightening aspects of a working federated system:

  • delivered for DWP Universal Credits in April 2012
  • provided ‘by the market’, presumably meaning non-funded
  • dependent on external verification of identity by third parties (such as banks) selected by the citizen
  • LAs will provide an Identity Hub which collects personal data and matches with the external credentials (this is a minefield, not just icebergs)
  • links with biographic, health, wealth and education data by attributes
  • links with DVLA
  • links with an ‘official’ address file
  • not dependent on a centralised identity register
  • Oh, and by the way, it will run on the GCloud. Trebles all round.

The aspirations are wonderful, straight out of the junior management consultant’s handbook, but three simple questions illustrate the risks involved:

  1. Does the Identity Management industry, working with hundreds of LAs, have the capacity to deliver in such a time scale?
  2. Does the Cabinet Office (or anybody else?) have a Technical Architecture that is fit for purpose and compliant with the CTO Council strategy?
  3. Identity management ignorance crippled the development of ContactPoint – why is it so much easier and simpler for Universal Credits?

Create a free website or blog at WordPress.com.