Identity Assurance: First delivery contracts signed

Today we are happy to announce an exciting new phase in the Identity Assurance Programme as we develop user-focused identity services for exemplar transactions as part of the transformation of government digital services.  Five of the Identity Providers on the cross-government identity assurance framework (Digidentity, Experian, Mydex, The Post Office, and Verizon) have now signed contracts to deliver our first live services.

The identity assurance service will enable people to assert their identity online safely and securely, and allow government to be confident that users of online services are who they say they are.

We are pleased that these suppliers have chosen to invest in this phase of the programme and work with government to create this new market.  We will now be working closely with those that have signed, who represent the range of types of providers needed to make online identity provision a success.

The number and nature of organisations engaging with the Identity Assurance Programme is growing. Helping industries understand and develop identity assurance is an important part of what we do – and we’re doing it transparently via the Open Identity Exchange (OIX) forum.  Working together in this way is proving to be mutually beneficial for government, for identity providers and for the people who will be using the service once it’s live.

Our contracted suppliers are working closely with us and the government departments in an agile way to develop the service and help us understand and meet future needs.  Inevitably, new features and capabilities will be required as the service matures and we’ll add these into our next phases.

This is a rapidly developing marketplace, and Cabinet Office is pleased to continue to support and manage this for all of government to provide a better, faster and safer way for users to access government transactional services.

We’ll be posting news of our first Beta services soon.

11 comments

  1. Thanks Steve. We’re pleased to be part of it and we look forward to making it a success. Let’s add a plug for the importance of GDS’ ID privacy principles and the consultation you’ve got under way.

  2. Another multi-billion pound government IT project which is nothing more than a solution looking for a problem. If this results in what I would consider unnecessary personal data having to be provided, I won’t be using ANY online government services. Tenchy.

    1. LOL Tenchy – if this was a multibillion pound gig there’d be a riot of people outside trying to buy shares in Mydex. Times have changed; HMG is more SME-friendly and a lot more parsimonious. And all of us (apart from some BigCo CEOs) are fine with that. I dont know any serious player who’d expect to get silly money from GDS. Just look at how much GCloud achieves for how little.

      Re the personal data question check out and respond to the privacy principles consultation (link above)

    2. Well said. The programme is a joke pretty much like Universal Credit was which is paid for that money you loose every single month in your pay packet. I know people who worked on the IDA project and millions were lost whilst DWP “security experts supported by security consultants” wrote endless amounts of papers without ever actually delivering anything or taking responsibilities (they don’t make decisions, took them nearly 2 years to agree what the opening page looked like). It’s a disgrace and with the current batch leading this, of course supported by those strategy paper “DWP security experts”, it won’t happen. The tax payer would be devastated and distressed to know how their money is thrown on a fire and burnt.

  3. Seems bizarre that contracts have been signed while the draft identity assurance principles are still out for consultation. Have the providers undertaken to conform to those principles in there (as yet unknown) final form, or has the Government promised them that it will ensure that anything these providers don’t like is excluded from the final form of the principles? I suspect the latter is far more likely to be the case than the former, which means that privacy and informed consent and minimisation and all the other good things we hoped to see will not be happening after all. Or do the contracts cover only the exemplars (pilot projects?) and are these exemplars similar to the Universal Credit pathfinder stuff which has just been effectively slammed by the NAO (of course that project will continue to waste money and reduce the scope of deliverables, rather than being chopped and rethought from scratch)?

  4. As the NSA & GCHQ between them have systematically cracked or subverted a majority of internet encryption systems used by such entities as banks & credit card companies, inserting ‘backdoors’ to allow third party access on the more secure, harder to crack encryption systems .. presumably the idea of presenting a warrant never occurred to them.

    These same encryption systems are also used by Digidentity, Experian, Mydex, The Post Office, and Verizon.

    So none of these companies can be sure that the person they are dealing with electronically is the person they think it is.

    It could be an NSA or GCHQ operative or it could be some less savoury character who has found the backdoor, this is the problem with backdoors, you can never be sure who is using them.

    So no one can trust electronic transactions any more and any discussion of on-line identity assurance is moot until that trust has been re-established.

    Trust in the security of electronic communication needs to be re established as a matter of urgency.

    Then we can discuss whether or not we trust the government to manage our identity in light of the abuse of trust they allowed to be inflicted on us by the security services.

  5. Hi,
    Does anyone know how identity providers such as PayPal etc. will verify people with high levels of assurance (3 & 4). I would expect that people have to show up at some office and show their passports and such.

    ???

  6. Hopefully this will be a unique identifier to ensure duplications are not possible I suggest the following would be required:-

    Date of birth / full names at birth /.sex at birth / Location of birth /.mother’s full name at her birth / mother’s date of birth.

    I think this would cover all eventualities except with multiple births of the same sex on the same day that were given exactly the same names!

    I recognise that some special cases such as birth mother not know would have to be dealt with but this is not insurmountable and of course the careful control of issuing the identity number is critical.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s