Tuesday, 29 March 2016

RIP IDA – not good enough for the NHS and not good enough for you

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.


This is what the Government Digital Service (GDS) have to say about the security of GOV.UK Verify (RIP). It's secure. And it stops someone pretending to be you. And it fights the growing problem of on-line identity theft.

The splash screen you see if you bravely register for one of GDS's GOV.UK Verify (RIP) accounts

HSCIC
Health and Social Care Information Centre
We are the trusted national provider of high-quality information, data and IT systems for health and social care.
But it's not quite as clear-cut as that. According to Computer Weekly magazine, Gov.uk Verify [RIP] not secure enough for NHS, says HSCIC.

Friday, 25 March 2016

RIP IDA – Verizon

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.


The Government Digital Service (GDS) claimed until recently that they had nine "identity providers" through whom we proles could register an account with GOV.UK Verify (RIP).

Then PayPal bolted. One minute you see them. Next minute they're gone.

PayPal gave no explanation. Neither did GDS.

Whatever, GDS were then down from nine to eight "identity providers". Or should that be seven?

Thursday, 24 March 2016

An open address register

First he was the director of open data and transparency. Then director of open data and government innovation. Now Paul Maltby is director of data at the Government Digital Service (GDS) and yesterday he blogged about An open address register:
The UK government is regularly recognised for being a global leader in making public data openly available. Ministers have committed to being the most transparent government ever. We are determined to make sure that we keep producing high quality data and that we make it as accessible as possible ...

Data has become a part of our core national infrastructure, and a huge driver of innovation ...

Registers, canonical lists of core reference data, are at the forefront of the government’s effort ...

GDS Data Group and the Department for Business, Innovation and Skills (BIS) are working in conjunction with a range of other stakeholders to explore how to fully exploit the benefits of open and freely available address data ...
All these predicates may have disappeared from his job title but Mr Maltby wants us to know that he's still in favour of openness and transparency and that he still sees a connection between making data open and inspiring innovation, which in turn will cause the economy to grow. That reference to registers also alerts us to his support for Government as a Platform (GaaP).

Wednesday, 23 March 2016

RIP IDA – UK First Government to Offer U2F-Secured Digital ID

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.


We told them. On 16 April 2015. Please see RIP IDA – what they omitted from the obituary:
Where's the nationwide information campaign?

Normal people have never heard of GOV.UK Verify (RIP). GDS want the system to be live in a year's time, by April 2016. Some time soon GDS are going to have to tell 60 million people what GOV.UK Verify (RIP) is. And how it works. And why they should use it.
GOV.UK Verify (RIP) is due to go live next month. April 2016. Maybe nine days away. And still there's no attempt to tell the public what's going on.

Why this reticence?

Google never mounts a campaign to launch a new service. So the Government Digital Service (GDS) shouldn't either. But GDS isn't Google.

-----  o  O  o  -----

Thursday, 17 March 2016

RIP IDA – to lose one "identity provider" may be regarded as a misfortune

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.


Why did PayPal jump ship?
And when will Verizon climb back aboard?


The Government Digital Service (GDS) operate GOV.UK Verify (RIP) under a framework agreement. First there was Framework 1. Then there was Framework 2.

Tuesday, 15 March 2016

@gdsteam & the search for doctrinal authority

Icon depicting the Emperor Constantine,
accompanied by the bishops of
the First Council of Nicaea (Sprint325),
holding the Niceno–Constantinopolitan Creed
of Sprint381.
Wikipedia:
The purpose of a creed is to provide a doctrinal statement of correct belief, or Orthodoxy. The creeds of Christianity have been drawn up at times of conflict about doctrine: acceptance or rejection of a creed served to distinguish believers and deniers of a particular doctrine or set of doctrines.
Twice we have recently drawn attention to the troubled creed of the Government Digital Service (GDS).

On 3 March 2016 we noted the article of faith in the primacy of user needs and how that is no match for the superior faith in digital-by-default, please see RIP IDA – users and their expressed, tacit and created needs for the truth.

In the same text, we recorded the inability of the assisted digital sect to get off the ground and suggested that the same fate may befall the interoperabilitarians.

Many creeds believe that they are uniquely open, even when they manifestly aren't. GDS are no exception.

RIP IDA – reciting the creed

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.

What are the Government Digital Service (GDS) up to? Making GOV.UK Verify [RIP] the default way to access digital services. That's what they're up to. So they say.

"GOV.UK Verify [RIP] is for everyone". So they say.

Not right now it isn't. Right now, at most 62% of people who try to register with GOV.UK Verify (RIP) succeed in doing so – at least 38% fail:


So it's not "for everyone". Even though GDS say it is.

Sunday, 13 March 2016

RIP IDA – what is the point of GOV.UK Verify (RIP)?

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.

In a few weeks time, in April 2016, according to the Government Digital Service (GDS), GOV.UK Verify (RIP) will go live.

Time for someone at last to summarise the implications.

A spreadsheet has been prepared summarising the terms and conditions of business of the GOV.UK Verify (RIP) services offered by each of GDS's nine "identity providers". Not just the business terms but the privacy policy also:


GOV.UK Verify (RIP) summary spreadsheet
It's too wide to display properly on this blog. Readers are asked kindly to take a look here. [Added 12.5.16: updated version of spreadsheet now available. [Added 3.7.16: updated version of spreadsheet now available. [Added 4.1.17: updated version of spreadsheet now available. [Added 24.9.17: updated version of spreadsheet now available.]]]] The effort is worthwhile. It reveals that GOV.UK Verify (RIP) is a machine for collecting and storing your personal information and sharing it widely in the UK and abroad.

What is the point of GOV.UK Verify (RIP)? Answer, it's a personal information publishing service. That's what the summary spreadsheet shows.

-----  o  O  o  -----

Monday, 7 March 2016

RIP IDA – GBGroup/ID3global

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
And it's dead.

The Government Digital Service (GDS) have contracted with nine so-called "identity providers" or "certified companies" to register all us Brits and to supply us with on-line identities, ready for the brave new digital-by-default world.

Armed with these on-line identities, 90% of us will be able one day (in April 2016?) to use public services via GOV.UK Verify (RIP). That's the idea.

GDS are more diffident about this but, later on, these on-line identities may allow us to use private sector services, too.

GBGroup is one of GDS's "identity providers", although you won't see their name when you try to sign up for GOV.UK Verify (RIP) – there they aren't:


Saturday, 5 March 2016

RIP IDA – Safran Morpho/SecureIdentity

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
And it's dead.

The Government Digital Service (GDS) have contracted with nine so-called "identity providers" or "certified companies" to register all us Brits and to supply us with on-line identities, ready for the brave new digital-by-default world.

Armed with these on-line identities, 90% of us will be able one day (in April 2016?) to use public services via GOV.UK Verify (RIP). That's the idea.

GDS are more diffident about this but, later on, these on-line identities may allow us to use private sector services, too.

Safran Morpho is one of GDS's "identity providers":


Safran Morpho offer a product called "SecureIdentity".

GDS promised in the past that all "identity providers" would be certified by tScheme, an independent body, expert in measuring trustworthiness. That's meant to give the public confidence in GOV.UK Verify (RIP).

Safran Morpho applied for certification for SecureIdentity on 19 November 2015. These things take time. SecureIdentity may or may not be certified in the end but it doesn't appear on tScheme's roll of trust yet.

Thursday, 3 March 2016

RIP IDA – users and their expressed, tacit and created needs for the truth

No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.

IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
And it's dead.

Last heard of, Stephen Dunn wrote a blog post with Janet Hughes, please see RIP IDA – what they omitted from the obituary. That was about GOV.UK Verify (RIP) and so is his latest contribution, Meeting user needs:
The GDS Design Principles state that services should start with user needs. To pass the Digital by Default Service Assessment for a live service, the service manager must demonstrate that the team building [the] service understands user needs and has undertaken research to develop a deep knowledge of who the service users are and what that means for the design of the service.