The UK National Identity Card ceased to be a valid legal document on 21 January 2011. What does this mean for e-Government in the UK? In October 2010 Martha Lane Fox – the founder of Lastminute.com and UK Government’s digital champion – delivered a report on delivering government services via the web. As a result of this report the Right Honourable Francis Maude, the minister responsible, launched a study “Ensuring Trust in Digital Services” through the Technology Strategy Board. On October 31st, 2011 I attended a series of presentations and demonstration describing the results of this study. This is not a new idea and Professor Brian Collins – who chaired the sessions – reminded us that these issues have been under discussion since the 1990's and that papers published then are still relevant! More recently the Foresight Cyber Trust and Crime project covered areas including identity and authenticity. Francis Maude introduced the session with the statement that "if a government service can be delivered online it should be delivered online, and achieving this depends upon identity". He confirmed that the UK Government will not deal with the question of citizen online identity through a centralized ID repository or ID card. Rather it will depend upon private sector services for identity assurance. For this to be successful it depends upon technology and market drivers. Identity federation technology has been around for nearly ten years (the S2ML standard – the precursor of SAML - was first ratified by OASIS in November 2002). The real issue is to identify the commercial drivers that will make this practical. As a result the government has earmarked £10M pound to support this strategy because it is seen as essential to enable the government to save money as well as improve services. David Rennie – the Cabinet Office Lead for the ID Assurance programme – described the challenges. These include the problems of trust, the registration overhead, fraud, the security arms race and the need to limit the propagation of personal data. The solution must be customer centric, decentralized and based on standards allowing collaboration. Identity assurance provides a means of improving the customer experience while mitigating risks of fraud. For it to work it also depends upon governance, certification and dispute resolution which must be doen by the governement. The challenges of ID assurance extend beyond the identity of the individual. Joan Wood – Director, Online Services & Digital Development at HMRC (the UK Tax authority) described the need to support businesses and business intermediaries as well as individuals. Employers and payroll service providers report data on payments made to individuals as well as their tax deducted at source. Financial services organizations make tax returns on behalf of individuals as well as companies, and all of these use cases need to be accounted for. Currently, on January 31st – the deadline for filing tax returns – the HMRC Web Site is the 3rd busiest in the world processing 0.5 million submissions. Mike Bracken – Executive Directory, Government Digital Services and identity - explained the benefits to the government of the programme. In one year the UK Government call centres received 690m telephone calls at a cost of £6.28 per call. It is estimated that 150m of these calls were due to failed online transactions – so improving online services could lead to massive savings. But what's in it for the identity services providers and what liabilities would they incur? Mr Bracken replied that these issues were being discussed with potential organizations. One of the demonstrations at the event was from EnCoRe – “Ensuring Consent and Revocation”. This demonstration addressed the challenge of securely aggregating personal information while ensuring privacy. The example being to allow an individual to obtain a parking permit online. This process currently requires an individual to visit local government offices armed with paper information. To obtain the parking permit the person needs to prove they are who they are – this involves the DWP government department who can confirm the person’s NI number (social security number). Then the person’s address needs to be confirmed through various sources – usually a recent utility bill or local tax payments. The relationship between the vehicle the person and the address needs to be confirmed through the Driver and Vehicle Licensing Agency. All of this need to be achieved in a way that the aggregated information about the person is not revealed but allowing a subsequent allegation fraud to be investigated. So far so good – but how do recent events like the DigiNotar and RSA hacks impact on these aims? Both of these events showed that identity providers are not immune from advanced persistent threats. If one individual has their identity stolen it is a problem for that individual, if an identity provider is compromised it is a major disaster for everyone who relies on it. In the case of DigiNotar – it is believed that the faked certificates were used to intercept the online activities of Iranian citizens . This makes issues like aggregation of personal data pale into insignificance. It has also created an enormous cost for the Dutch government whose websites relied upon the certificates issued by this authority. In the case of RSA – the cost has been to its reputation and the need to offer a replacement Secure-ID token to their entire user base. So being an identity provider has its risks and if the government relies on third parties it may end up picking up the pieces when things go wrong. This is a very interesting programme and with the first deliveries expected in 2012/2013. KuppingerCole's opinion is that it is best to architect systems to avoid any single point of failure – and this applies to identity assurance. A good approach is one of versatile authentication. Here the authentication demanded depends upon the risk assessed at the time the transaction is being requested. So a low value transaction being requested from a known mac address at its usual IP address is viewed as being lower risk than a high value transaction being requested from an abnormal geographical location and an unusual computer. In the latter case the authentication system would require additional verification of the identity of the requestor (preferabley from an alternate ID provider). Security must be designed in such a way that it does not depend on a single entity. How this could be solved on the Internet is the real challenge for ID Assurance.