UK drawing blueprint for massive scale identity infrastructures

UK drawing blueprint for massive scale identity infrastructures

Summary: The UK is reaching significant milestones in its plan to build an identity infrastructure for a digital government that connects citizens and online services

SHARE:

While the U.S. is just revving up pilots for its government-inspired identity plan, the United Kingdom is gearing up for a massive identity rollout aimed at consumer access to public services via mobile and social identities.

The U.K.’s Identity Assurance (IDA) program has the potential to be a marquee example worldwide for creating an identity infrastructure at scale that links consumers and services while incorporating next-generation user interfaces and credentials, and solving back-end challenges such as secure user-data exchange and trust models.

IDA gives citizens the option of accessing mobile and Web-based services offered at Gov.uk  using a non-government issued identity credential they already have with social media sites, banks, or other approved entities.

“The whole world is watching and this may well set precedent for how large-scale enterprises, governments and non-governments begin to take on the challenges of consumer identity,” said Don Thibeau, chairman and president of the Open Identity Exchange (OIX), which is working with the UK Cabinet Office.  “This is the most significant stuff happening in the identity ecosystem today. It will scale to cover all citizens, its scope will cover a number of use cases and it will introduce new user interfaces.”

Last week, the IDA approved eight companies and organizations, including PayPal, Verizon, Experian and the UK Postal Service, whose end-user credentials will integrate with government systems.

Later this month, the government will add up to another dozen identity providers (IdPs) that could include banks, mobile phone providers and tech giants like Facebook and Microsoft.

In April, a trial will be staged by the Department of Work and Pensions with the rollout of a Universal Credit program.

IDA is but one initiative under a larger project called Government Digital Services that is designed to modernize interactions with citizens.

The goal is to provide online services, from fishing licenses to pension benefits, secured with an underlying secure identity layer to foster inexpenisve and convenient digital transactions. Another goal is to eliminate the user headache around multiple passwords.

As part of its development, the IDA team went to the White House in May and met with Howard Schmidt, White House cyber security coordinator, and Jeremy Grant, who heads up the White House identity initiative called the National Strategy for Trusted Identities in Cyberspace (NSTIC).

While there, Chris Ferguson, UK Cabinet office deputy director and the UK government lead on IDA, also met with Thibeau and OIX officials. In June, the IDA team joined OIX.

“We’ve been talking about the theoretical benefits of ‘federated trust’ in the UK for a very long time,” Ferguson wrote on the IDA blog after the meeting. “Our intention is to demonstrate the benefits over the next months through practical application in public service transactions.”

OIX is providing consulting services, technology pilot support, and user-experience and policy research.

The effort is not a mirror to the all-inclusive U.S.-based NSTIC initiative although some of the technology on the drawing board and the policy issues are the same.

Instead, the UK is specifically setting itself up to rely on IdPs to authenticate users and attribute providers that contribute key identifying data, like age, address, or mobile phone number. In technical terms, the UK has taken on the hardest part of the identity authentication flow, that of a Relying Party (RP) which must be able to discover user attribute providers and IdPs among other tasks.

“This is an RP-led initiative,” said Thibeau. “The UK has a fundamental problem it is trying to solve.” And Thibeau said IDA is a test case others are glaring at with interest.

“The industry has talked about these issues - scale, user experience, attributes, trusts - we’ve talked about standards, and now this is a big deployment that will really test those notions at scale in operation across all demographic groups.”

The remaining questions are will it work and will privacy groups and consumers embrace it. The government has been fighting criticism that IDA is a national ID program in sheep’s clothing. The message is IDA will prevent such an outcome.

“This is not a drill,” said Thibeau. “The UK is aiming to save billions of pounds by taking this approach.”

See also:

 

Topics: Security, Cloud, Government UK, Mobility, Networking, United Kingdom

About

John Fontana is a journalist focusing in identity, privacy and security issues. Currently, he is the Identity Evangelist for cloud identity security vendor Ping Identity, where he blogs about relevant issues related to digital identity.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

0 comments
Log in or register to start the discussion