HMG appears about to admit that federated identity management is inevitable, if only because none of the tribes of Whitehall can agree to use a system controlled by another tribe. Meanwhile
“It’s Ours: why we, not the government, must own our own data” an excellent paper from the Centre for Policy Studies has moved the debate on.
Among the papers for release at the same time as the announcement of the new Government Security Strategy, including Cybersecurity, was supposedly an excellent paper encapsulating the latest policy on identity management, “Safeguarding your Identity”, including the information assurance principles to be followed.
I was only able to skim a copy supposedly given out at a briefing on the morning of the release. It was an excellent summary of good practice in Federated Identity Management and showed a refreshing recognition of the realities of working across the silos of Central Government. It recognised what has been inevitable since the breakdown of attempts to acheive concensus on centralised systems, whether run by the Office of National Statistics, Home Office, IPS or DWP. It does, however, require mindset transplants on the part of those who persist in ignoring political, economic and technical reality, let alone professional good practice.
Unfortunately I was not allowed to keep the copy I was shown. Worse, it does not yet appear on any website. Nonetheless, I look forward to giving an unequivocal welcome to an HMG paper on identity management.
Meanwhile, the CPS paper raises the question of why such systems should be run by government at all.
It is a great read, although I am not sure I would like my medical records held in the Cloud by Google Health or Microsoft any more than on the leaky and unreliable databases of the current outsource suppliers to the NHS.
However I would like the choice.
More-over I might be willing to trust BUPA or Experian – especially if I did not have to trust the security of a call centre or help desk in Bangalore or the receptionist in my local GP practice or hospital and knew that my data could not be accessed by the UK or US Governments under surveillance powers other than through the Courts – rackety though the latter might be.
More-over I greatly like the idea of organising low cost, high quality public services as simple add-ons to existing secure, high resilience, industry databases – in the way that DVLA on-line driving license renewal service does. I find it interesting that so many are happy to talk about the success of that service but not about how little it cost, let alone why it was so cheap.
P.S. Monday 17.15 I have just been given a link to the notice launching the new “Safeguarding Your Identity” strategy. Do read and enjoy.