Bad security engineering kills project
wmheath at gmail.com
Thu Sep 5 14:03:00 BST 2013
The suppliers on cross-government ID assurance were announced Monday
As I understand it DWP decided some months ago to focus on UC just for new
claimants first. New claimants have a f2f interview at Job Centres anyway,
so online ID Assurance took something of a back seat among many pressing
priorities for them, but remained urgent across HMG. That's why GDS is now
the lead on it (ie GDS took over the contracts and the process from DWP).
In terms of function it might be relevant to look at the draft privacy
principles for ID assurance. These are still open to consultation; the
deadline is a couple of weeks away -
On 5 September 2013 12:59, Ian Batten <igb at batten.eu.org> wrote:
> NAO report on the Universal Credit car-crash.
> Entertainment, in a rather bleak sense, is available from Figure 2, in
> Appendix 5 on page 50. It sets out the security objectives, most of which
> have not been met.
> The one that jumps off the page is ID Assurance, which you'd have thought
> would be the most critical and challenging part of a programme that pays
> out more than a billion pounds per week. Because anything that's rolled
> out is going to be the de-facto ID scheme for citizen-to-government
> transactions over the next ten years, and once started, any programme is
> very hard to change. They don't have anything ready to take to Pathfinder,
> which means that the Pathfinder project can't implement more than a small
> subset of the overall requirement.
> Does anyone know what the candidate technologies are? I've seen all sorts
> of proposals, but nothing beyond the "yeah, we might look at" stage.
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the ukcrypto