Electronic Identities: We need to trust them

The demise of the Id Card Project in 2010 has not removed the growing need for trusted e-Identities (e-Ids) to give access to public sector services. The State benefits from lower administration costs and reduced fraud; Citizens benefit from much simpler and faster application for services. Far fewer errors will be propagated. The Cabinet Office solution is to encourage a market for Identity Provider (IdP) services from any number of accredited suppliers, many of whom should be from the private sector. Public Service Providers (PSPs) will trust the e-Ids from any such IdP. Their architecture diagram below has been largely unchanged for more than a year.

Between the IdP and the PSP is the managed “Hub”.  This posting raises a fundamental question about why it is necessary.  There are already well established standards that control the governance requirements for federations of IdPs and PSPs.  One is the OIX model.  

 

 

This standard does not have a central hub.  It has rules for level of assurance and protection.  It is supported by many international IdPs such as Google, Facebook and Microsoft.  Public service organisations could act as both IdPs and relying parties.

The UK education sector uses a similar model for simplified sign on to multiple services.  Commonly known as Shibboleth, it is governed by the rules of the UK Federation.  It has an architecture that is scalable to millions of users without the need for a hub, see http://www.ukfederation.org.uk/.  It is a governance issue, you either trust other members of a Federation, or you don’t.  What are the problems of using such a federation architecture?  

  

  

Identity Governance: Protect-Policy

The Cabinet Office has completed some DRAFT policy documents on an Identity Assurance Framework.  In June 2011 they were “Final Draft approved for external review”.  There is some very good work documented with significant implications if the recommendations are acted upon.  They have been circulated to a limited extent, but every page has been protectively marked as:

PROTECT – POLICY

DRAFT – THIS IS NOT A STATEMENT OF GOVERNMENT POLICY 

The marking indicates that there are risks in widely circulating the documents.  It is a clear warning to Quarkside not to publish them and contribute to open debate.   On inspection, the criteria for assessing PROTECT (Sub-national security marking) assets are:

• cause distress to individuals;
• breach proper undertakings to maintain the confidence of information provided by third parties;
• breach statutory restrictions on the disclosure of information cause financial loss or loss of earning potential, or to facilitate improper gain;
• unfair advantage for individuals or companies;
• prejudice the investigation or facilitate the commission of crime; 
• disadvantage government in commercial or policy negotiations with others.

Surely “external review” should mean what it implies, and that the Cabinet Office should obtain feedback from more experts before the policy is cast in bronze.  There are enormous implications to Local Authority and Voluntary sector service providers. Couldn’t the draft be published for consultation and made unrestricted less than six months after internal approval?

Political traction for standards

Good news stories don’t attract much interest, but there is one unfolding about standards in the public sector.  The Local Government e-Standards Body (LeGSB) has obtained funding for this year from a number of central government departments.  Perhaps Martha Lane Fox’s message has filtered through the political process.

There’s a portfolio of about ten projects.  Some are having a significant impact in the way that central government can and should interoperate with local government ICT.

Quarkside’s main interest is the developing generic model for all public sector service interactions.  The guiding principle is that common language and understanding will enable reuse of data, services and solutions – reducing the resources required to share data more effectively between the Government and other public sector agencies.  It’s all about interoperability between systems.  However, the project cannot be accused of using accessible language in its title, “Upper Ontology for Operational Service Delivery“.  

The highest level for standards is the International Standards Organisation (ISO).  As it happens, ISO 18876 is the International Standard that establishes an architecture, a methodology, and other specifications for integrating industrial data for exchange, access, and sharing.

It supports:

• data sharing and data integration;
• specification of mappings between models;
• and data transformation.

LeGSB is not in the market for creating standards – only for helping organisations to grab the benefits that are on the table.  Perhaps ISO 18876 will find its place in helping to arbitrate in some complex areas of interoperability, eg it provides a logical basis for Identity Management not requiring a Unique Identifier (UID).

Identity and Queer Theory

This was an adventure into a new domain by attending a lecture at the Institution of Engineering and Technology.

“ Queer is by definition whatever is at odds with the normal, the legitimate, the dominant. There is nothing in particular to which it necessarily refers. It is an identity without an essence. ‘Queer’ then, demarcates not a positivity but a positionality vis-à-vis the normative.”

A completely new perspective on identity management.

“Queer theory developed out of an examination of perceived limitations in the traditional identity politics of recognition and self-identity. In particular, queer theorists identified processes of consolidation or stabilization around some other identity labels (e.g. gay and lesbian); and construed queerness so as to resist this. Queer theory attempts to maintain a critique more than define a specific identity.”

It has proved difficult to weave into Identity Management as previously discussed by Quarkside.  But, judging from the applause of 200 people, it meant an awful lot more to them.

Perhaps it can be used as support for the theory of managing multiple identities.

7DIG: Identify Risk with Confidence

Using Confidence to Identify Risks

Rather than starting the search for risks in a negative way, Quarkside recommends using the reverse psychology to ask about success – “How confident are you that targets will be met?” Asking about confidence levels not only helps to identify risks, it shows a positive view rather than a negative one.  Simple bar charts can be used to show targets, changes of opinion and alerts for areas of concern felt by staff.

Average Confidence

The chart above may look gloomy, but this was the state of play in a large public sector project. It was the result of interviewing many levels of staff.

• Anything below 50% confidence is worth further investigation and should be entered in the risk log.  Immediate risk reduction action should be taken.
•  For intermediate levels of confidence, say between 50% and 75%, risk log entries should reflect the reduced level of risk.  The root cause for reduced confidence should be investigated.
• Even if there is high confidence of success, greater than 75%, then there should be a risk log entry if the impact of failure is high.

Without claiming intellectual rigour,

Risk Probability% = 100% – Confidence%

Managers are comfortable with this concept – high confidence equates to low risk and vice versa.  Discussion helps people to accept that simple quantification of risks is neither difficult nor threatening.

Confidence Management Process

Confidence Management Process

It may be old-fashioned, but Quarkside is a proponent of managing to a baseline, or vision or goal or whatever you want to call it.  Lets also call them strategic objectives.  The main point is that they are organisation wide, and that leadership has ensured that everybody understands and has bought into them.

Interviews are carried out using a one-page questionnaire that records levels of confidence.  A five-point scale ranges from totally confident to minimally confident.  Subsequently, values from 90% to 10% are allocated.  The analyst can also select extreme values, say 100% or 0%, if the interviewee stresses strong opinions during the course of an interview.  Comments on the reasons for low values are welcomed – highlighting the root cause of a risk if raised by several interviewees.

To encourage open and frank responses, an independent interviewer asks questions in confidence and ensures that comments are not attributable to a specific person.  Interview data is analysed and presented in a report.  The contents include commentary on areas of high and low confidence and references to the risk log.

After several months second and subsequent reports discuss the change in confidence levels since the previous report.  A change chart graphically indicates the effect of risk reduction since the previous review.  The process provides feedback into the risk management control loop.

Most importantly it supports the risk management process by flushing out risks that may not have been formalised.  In extreme circumstances, it could contribute to a decision to change the baseline business or project targets.

Experience

The method has shown benefits in £billion programmes – but it could be applied in any form of project – even Agile ones.    Some key findings were:

• Confidential, non-attributable interviews help to open up discussions and identify root causes of problems.  It allows comment at peer level that might not surface in the presence of overbearing managers
•   The initial interview requires a few minutes to explain the concepts and establish understanding of the business objectives.  Subsequent interviews are quicker to execute and frank answers are obtained in less than one hour.
•  The questioning technique encourages managers to think more quantitatively about business targets and the probability of achieving them.  They feel comfortable that 90% confidence has a residual 10% risk, and that it is fair to include it in a risk log.
• Levels of confidence can diverge extremely between interviewees.  Whether lack of communication or “head in sand”, it is useful data worthy of further investigation.
• In programmes experiencing difficulties, the results provide a focus for debate at board level.  One organisation used the results to renegotiate a major contract.
• Even with generally satisfactory levels of confidence, it is worth investigating the target with the lowest confidence.  One internal audit team raised a security risk with an impact greater than £1 billion; procedures were tightened.  This is the company-threatening risk that is missed by using traditional risk matrices and resulted in the Risk Index to be described in the final section.

Looking to the future, the method should be used on all public sector programmes that rely on computer information for success eg Universal Credit, Health Service ICT, Individual Electoral Registration,  the Government ICT Strategy and Identity Management.

            

Universal Incredibility

Local Government have been presented with more information about DWP’s Universal Credit (UC) programme.   The complexity is such that it will replace more than 30 working age benefits, across 4 agencies, with 10,000 pages of guidance.  DWP have published their implementation plan.         

They have been coy about when design and build will finish, let’s say Dec 2012 and about 6 months testing.  All using agile programming methods!

Not declared in the document is another staggering statistic; there 19 million claims by 8 million households.  Households will become the unit to which DWP will pay benefits.  Total household income will be reconciled every month as people move in and out of work.  The new on-line self-service system will speed up registration for  benefits from weeks to days, and avoid the often devastating, annual reconciliation.  The Devil thrives in the detail.  Households may contain parents, step-parents, grandparents, uncles, aunts, children at school, young people at work, unemployed NEETs, students and cohabitees.    To complicate the issue for some beneficiaries, UC will not replace:

• Disability Living Allowance
• Contributory Benefits
• Carers’ Allowance
• Child Benefit
• Pension Credit

Quarkside’s question to DWP about how they are going to define households remains unanswered.

Attempting to design a system without a definition of the primary unit of measure points to incompetence or a guarantee of promotion.  Apparently, top flight consultants are involved.  Perhaps they only have experience of well behaved nuclear families with bags of broadband and integrated internships.  Local authorities have to deal with the fall-out when the edifice crumbles.  Any ICT developer could devise a simple agile program for a consultant’s family – not for a family of travellers where ‘household’ has no meaning and may change on a weekly basis.  Change is second-most important reason for computer system failure, the first-most is getting the wrong specification.  UC hits both sweet spots.

Many new claimants for current benefits cancel broadband contracts as a luxury.   Many older claimants are also digitally excluded.  Currently LAs handle benefits claimants face to face and they employ many staff to do so.  Quarkside does not know the numbers, neither did DWP.  So they enquired to find out the number, perhaps indiscreetly, by asking Heads of Revenues and Benefits what their redundancy costs might be when UC is implemented.  LA Chief Executives were not amused.  Face to face service will be necessary and it is not clear who will provide it from which premises.

In answer to some of these challenges a DWP spokesman was most enlightening.

• Ian Duncan Smith is only interested in outcomes
• There’s a commercial market for recycled computers, everybody should be able to afford one
• 70-80% of transactions will be on-line by beneficiaries
• Most beneficiaries will be in full-time work
• LAs may be asked to work as agents for DWP
• HMRC and DWP are working closely together, but there is a bit of a conflict with DCLG housing policy and benefits caps
• Ease of use is important and wireframe design will eventually help beneficiaries (aka customers)
• LA support is essential for success and more consultation will be carried out
• Writing the letter to Heads of Revs & Bens was a mistake
• £180,000 for developing the system must also  be a mistake, it’s more likely to be             £18million.

Finally, we learn that £8.5b is lost in error, fraud and administration in the current means tested sytems.  How much this is a result of identity error, identity fraud and identity administration?  Quarkside raised the issue in February, “Identity Icebergs to sink Universal Credits“.  There’s not been a lot of action to allay fears by LAs about providing an Identity Hub which collects personal data and matches it with third party credentials.

Shared Services says SOCITM Strategy

Top marks to SOCITM for developing an open consultation on an ICT strategy for local government.  “Routemap for Local Public Services reform – enabled by ICT“.  As the President of SOCITM confirmed “We have never actually had a strategy and action plan for IT-enabled local public services, let alone one conceived for a citizen-driven public sector.”  So it is long overdue and should help beleagured ICT Managers (aka CIOs) to squeeze out more from less.

The five year Vision is straightforward:

• “pan-local/pan-public-sector” ICT provision , encompassing strategy, architecture and commissioning, to drive efficiency and reform of public services, according to the needs and preferences of people in the diverse places that make up the UK.
• ICT footprint in terms of people, technology, process and costs to be reduced substantially from today’s level.“

The way to achieve it is through sharing, re-design and innovation.  Note that Sharing must come first to achieve the economies of scale and buying power.  Sharing is dependent on partnerships and there’s already been a lot of investment in how to form, implement and sustain multi-agency, information sharing partnerships.  The research and test projects revealed nine dimensions that have to considered for successful partnerships.

• Business Scope
• Governance
• Legal Issues
• Information sharing
• Identity Management
• Federation
• Transactions, Events, Messages
• Infrastructure
• Sustainability

The SOCITM Strategy covers most of the dimensions, but there’s one glaring omission; Identity Management.  All shared service systems WILL FAIL if identity management methods are not applied to both staff and citizens.  Both need federating across the public sector infrastructure. Identity Management cannot be tagged on at the end of a project – look how ContactPoint suffered.

Within the Governance dimension lies funding.  Believe it or not, the inability of partners to agree a funding structure is the primary reason for the failure of partnerships.  The funding formula for shared services should be agreed on Day 1.  This a CEO and CFO role, not the responsibility of the CIO.

The benefit of drafts for consultation is that improvements can be made, and there are over 400 local authorities that can contribute their knowledge and experience.