Wednesday, 26 April 2017 07:18

Digital Transformation - Identity in Government;

Written by 
Rate this item
(0 votes)
Most governments are rushing to deploy on-line services. The have no choice: it’s too expensive to maintain other channels, and millennials would have it no other way.

This means that there is a need for an authentication service that will provide access to government services and most governments are addressing the issue by developing a central facility that becomes a ‘one-stop-shop’ providing access to services across multiple departments or ministries.

There are basically two frameworks being adopted: a persistent ID system that establishes an identity store and a transitory ID approach in which no government ID store is required. A summary of the benefits of each approach are:

Persistent ID

This approach is by far the most widely deployed. In this instance a government agency establishes a central identity provider service to authenticate all users access government on-line services. Governments have a large amount of information that they necessarily store on their citizens. They issue driver licences so they know where we live, our age, what we look like and our driving history. They track medical expenses so they know how healthy we are and if we have any chronic illness. Tax returns advise on how much we earn and details such as our investments. But while government hold a wealth of information on citizens it’s quite fractured with each department or ministry maintaining their own records. There is typically little ‘sharing’ of information which means that identity data cannot be leveraged to the degree it could be. One issue is privacy legislation which restricts data-sharing without consent.

That means that, to develop an authentication mechanism for citizen access across multiple departments, government typically establishes a purpose-specific repository, to authenticate users before redirecting them to the requested service. The issue then is to associate an authenticated user to their record(s) within the department or ministry they are accessing. If a citizen is renewing their driver licence, either the authentication facility needs to pass through the driver licence number, if it’s available, or the target department will need to employ other attributes to establish the relationship. Another issue is harmonisation of common data. For instance, when a citizen moves house there is a need for a ‘change it once’ approach whereby an address change is propagated to the departments that maintain address detail. Another approach is to federate the identity data across departments, and levels of government, but this requires a level of co-operation within government that typically does not exist.

Transitory ID

The alternative to a persistent ID system is what we call a transitory ID framework in which the government does not create a data store of citizen identity information on their citizens, they rely on third parties who specialise in providing such services. The major benefit of a transitory ID facility is the elimination of the liability associated with maintaining a data repository of PII. In most jurisdictions there are severe penalties for unauthorised release of identity information and this represents a significant risk that is avoided if government relies on third-parties. It also allows citizens to select the service provider of choice for the storage and maintenance of their identity data.

But there are some drawbacks:
  • Since there is a reliance on third parties there is a need to establish rules; and a need for some form of conformance testing to ensure adherence to the rules.
  • There’s a cost component in that third-party identity providers typically want to be compensated, so some form of payment system is required and some subsidisation in the commencement phase is required, until a sustainable level of transactions has been reached,.
  • Since the third party will typically not have identity attributes to allow departments or ministries to establish relationships i.e. vehicle registration numbers, the target agencies need to match a user to their record(s) within the department so that the required service can be provided.
The most successful deployment of a transitory identity provider system is in the UK. There are several reasons for this:
  • They have a large enough population to support multiple third-party suppliers.
  • British citizens are fiercely protective of identity information and don’t want government to have any more of their identity data than they have to.
  •  The UK has a centralised form of government that makes it easier to enforce across government (there’s already been a large ministry that tried to establish their own authentication mechanism but they were encouraged not to).
Citizen identity management is an interesting area to watch. It will only grow in importance because on-line services continue to grow in importance and some innovative use of AI is expected that will make our experience with government more pleasurable. Won’t that be refreshing?
Read 3277 times Last modified on Tuesday, 25 April 2017 01:43

Leave a comment

Make sure you enter the (*) required information where indicated. HTML code is not allowed.