Security theater?

Peter Tomlinson pwt at
Thu Sep 9 17:02:59 BST 2010

Roland Perry wrote:
> In article <4C87C51C.4050801 at>, Peter Tomlinson 
> <pwt at> writes
>> Bring on eID tokens: Kable and The Reg reported that " fishes 
>> for ID ideas.
> I already have two, I really don't want one for every "online account" 
> I have with anyone.
I suspect that the Cabinet Office idea is that all the public eServices 
that will cluster under DirectGov will accept your one token. But that's 
old hat centralist govt thinking [1], while the USA thinking is much 
more open.
> >"Directgov has asked IT suppliers to come up with new thinking on 
> >identity verification.
> >
> >The team, which is now within the Cabinet Office
> That's where it was 10 years ago, where did it drift off to in the 
> mean time?
True. It got lost at the end of 2004, but was going nowhere up until 
then [2].

I can see that in a USA style scheme we could have numerous issuers of 
the token, and you could get your single token for use with public 
sector services from any one of them providing that that provider is 
govt approved (including having an online verification.authentication 
service for the benefit of eService providers). Or you could have 
several tokens. And the USA govt would also encourage you to use, from 
an approved provider, a token or tokens for use online to private services.

And I think that in a USA style environment it would not be necessary to 
federate the token providers.


[1] And not much use for local govt either

[2] 1999 Framework for Smart Cards in Government

"Still in force." So nobody did better than my technical edit of that 
document (a sensible civil servant who was one of the Information Age 
Government Champions got me that contract - he recently retired, also 
thinking that we have not moved on).

More information about the ukcrypto mailing list