The Guardian’s web and mobile application usage rates are experiencing explosive growth. This growth is driven by an increased consumption of news online. Today’s users have high expectations in terms of usability, security and performance. This session aims to highlight the challenges that Identity faces and will discuss the technology that can be used to keep pace in this fast moving development environment.
Topics covered will be:
The Australian Government’s coordinated approach to digital identity started in the business-to-government domain, with the creation of a whole-of-government credential (AUSkey) and trust broker (VANguard) in 2007. A separate process occurred in the citizen-to-government domain (myGov) in 2013.
This case study examines the policy decisions leading to the creation of these systems, and the technical challenges and compromises that followed. This includes the decision to use digital certificates for business transactions, but username/password-based credentials for citizens. It also explains the delay between centralizing business-to-government and citizen-to-government authentication, partly due to the Australian public’s rejection of nationalized identity in the Australia Card.
At a more technical level, it also discusses multiple exposed and exploited security flaws, which threatened the security benefits of this centralized authentication.
Finally, the case study details the changing environment of digital identity, and the technical and policy questions currently being uncovered by the Australian Government in its quest to have all 50,000+ transaction-per-annum systems available end-to-end digitally.
Key takeaways: