Security theater?
Peter Tomlinson
pwt at iosis.co.uk
Thu Sep 9 17:02:59 BST 2010
Roland Perry wrote:
> In article <4C87C51C.4050801 at iosis.co.uk>, Peter Tomlinson
> <pwt at iosis.co.uk> writes
>> Bring on eID tokens: Kable and The Reg reported that "UK.gov fishes
>> for ID ideas.
> I already have two, I really don't want one for every "online account"
> I have with anyone.
I suspect that the Cabinet Office idea is that all the public eServices
that will cluster under DirectGov will accept your one token. But that's
old hat centralist govt thinking [1], while the USA thinking is much
more open.
>
> >"Directgov has asked IT suppliers to come up with new thinking on
> >identity verification.
> >
> >The team, which is now within the Cabinet Office
>
> That's where it was 10 years ago, where did it drift off to in the
> mean time?
True. It got lost at the end of 2004, but was going nowhere up until
then [2].
I can see that in a USA style scheme we could have numerous issuers of
the token, and you could get your single token for use with public
sector services from any one of them providing that that provider is
govt approved (including having an online verification.authentication
service for the benefit of eService providers). Or you could have
several tokens. And the USA govt would also encourage you to use, from
an approved provider, a token or tokens for use online to private services.
And I think that in a USA style environment it would not be necessary to
federate the token providers.
Peter
[1] And not much use for local govt either
[2] 1999 Framework for Smart Cards in Government
http://www.cabinetoffice.gov.uk/govtalk/archive/policy_documents_2_of_2/smart_cards_policy_framework.aspx
"Still in force." So nobody did better than my technical edit of that
document (a sensible civil servant who was one of the Information Age
Government Champions got me that contract - he recently retired, also
thinking that we have not moved on).
More information about the ukcrypto
mailing list