Online Identity Assurance – focus on technical
As you will have seen from our earlier blog posts, our work has been focussed so far on understanding the challenges associated with developing a common approach for online identity assurance in accessing public services. ASE/Consult Hyperion are providing support in identifying the technical options for this work. Here, Steve Pannifer from Consult Hyperion offers an update on how this is being done.
Consult Hyperion, together with our partners ASE, are delighted to have been appointed to spend a few weeks exploring the potential technical options for identity assurance for Scottish public services. To do this we are talking to as many stakeholders and interested parties as we can, in order to understand the required scope and to test out some ideas. Our aim is to present, in the near future, a view on what the ‘common approach’ might be, from a technology perspective.
There is no shortage of digital identity solutions out there. In Scandinavia, citizens are able to access government services with their online banking credentials. A similar scheme exists in Canada. In New Zealand, the Postal Service operates a digital identity scheme for the government. Many countries issue smart identity cards, although usage of these cards for online services varies considerably. In the Fintech community, serious effort is being put into building privacy-respecting digital identity solutions, putting the individual at the centre. These sit in contrast to the pervasive but low assurance digital identity schemes offered by the social media giants where the individual is really the product. With so much digital identity technology you’d be forgiven for thinking this is easy.
There is also no shortage of need. Over the past couple of weeks we have spoken to several Scottish public services. Unsurprisingly, some services, such as healthcare, need digital identity that is very robust – so that the service provider can be confident they are dealing with the correct person and so that the person can be sure that their information is protected. Other services, such as bin collections, are much less sensitive.
In all cases though, there is a desire to provide services that make the lives of people easier, not putting unnecessary barriers in the way of services and reducing the burden to people of managing their digital identities.
Delivering this will be no mean feat. Having just spent half an hour sorting out a password issue with my Skype account, it is clear to me how easy it is to get this stuff wrong.
What is certain is that for the identity assurance programme to be successful, the full range of stakeholders – not just service providers but people who access those services too – need to be involved all the way along. And from what I have seen, the identity assurance team is working very hard to make this happen.
See our earlier blog posts:
- Online Identity Assurance (including our Programme Plan)
- What have we been doing? Come see for yourself
- Come to our Show and Tell
- Welcoming expert and stakeholder input