Has Cabinet Office given up on trying to dictate ID solutions ?

I am told that the Cabinet Office ID team are going to Washington to look at the Open Identity Exchange . I assume this is linked to the Open Identity Foundation although I see some subtle, and some not so subtle, differences in the backers.

I welcome the change of heart.

However, if HMG is indeed planning to respond to market forces I do remind them that there is, as yet, little overlap between the openID operations and those used by the banks and transaction and payment clearing services, or by fixed and mobile telcos, ISPs and pay TV operators. The main reason is that they are technology solutions to what is a problem of trust in people processes.

Will DWP really use Open ID solutions?

Would anyone in financial services trust an ID issued by Government any more that they trust the passport and utility bill they are required by law to use for the worthless “know  your customer” rituals that get in the way of customer service. 

It is interesting to note that most of the headline industry names in the Open ID consortia commonly check the context against the footprint for that ID before authorising any  transaction that puts them at significant risk of fraud.

Where does that put them under the planned European Data Protection Regulation, if they base operations inside the EU?

The issues of inter-operability across the different families of ID systems, both within and across national boundaries, are among the reasons why so much on-line trade within the EU is routed via the United States. 
But is HMG context to rely on ID operations based outside the EU, let alone the UK?  

Meanwhile at least 20% of the population, including most of us for our last decade on this planet, are incapable of reliably using anything that requires us to remember a password or use a keypad.  Given that elderly voters may actually outnumber those of the facebook generation who have bothered to register that presents a political  problem. 

Sooner or later we will need an exercise to reconnect debate over ID policy with human
as well as electronic reality.  

Join the conversation

1 comment

Send me notifications when other members comment.

Please create a username to comment.

I sincerely hope that this is not an attempt to resurrect the ill-advised National ID scheme. I was involved in consortium bids for this back in the day, and have a bunch of documentation on why it would not work as it was proposed, how it might be made to work instead, and how in any case it would not act to address the issues it was claimed to.

Banks have rather more experience in ID management than governments do, so I welcome the fact that the Cabinet Office is widening its view. OpenID has had its flaws - most notably around self-assertion - and hopefully some of these have been addressed in the last couple of years since I looked at it, but it seems to me that all ID schemes have issues around transitive trust and enrolment, never mind the different risks that different organisations wish to use them to mitigate.

A banking-oriented ID scheme can have acceptable failures every once in a while - and it's no secret that the banks maintain a pool of funds to mitigate these failures - it's an open question as to what the acceptable failures (and, indeed, the risk appetite) of a Government ID scheme would be, based on a threat model.

In a wider context on the subject of identity, I recommend my pal Alec's discussion piece on the subject, as provocative mind-fodder: http://dropsafe.crypticide.com/article/2475