Like most government IT schemes the Identity Assurance (IdA) Programme has taken a long time coming. Plans began to emerge from the Cabinet Office in 2011, the programme team in the Government Digital Service (GDS) and the procurement took shape in 2012, and the first companies to take part were announced last year. But it’s only in the next few weeks that a couple of Whitehall departments will begin to use the service on a private beta basis, and it’s likely to be next year before large numbers of people begin to register. It could, however, become a game changer for the way that public and private sectors deal with the issue of how to ensure an individual is who they say they are. It has been developed partly to lay the foundations for a consumer market in IdA services. “Part of the reason we’re approaching it in this way is we’re trying to stimulate a market of identity provision, so that companies will develop this capability of assuring identities, and that will be reusable in the private sector and wider public sector,” says Janet Hughes, the programme’s head of policy and engagement. “We expect it to create competition, excellence and innovation, and drive down prices to make assured identities into a commodity service.” SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe This is reason for CIOs in any organisation to watch how it works and develops. The big shift from previous government approaches to IdA is that it lets people choose from a number of trusted identity providers (initially five) to handle the initial validation of who they are and authenticate their identities when they want to use a government service. They won’t have to pay; the providers will be paid per registration under their contracts with the Cabinet Office. The approach to validation can vary between the identity providers, as long they conform to the Cabinet OfficeGood Practice Guides, and while the emphasis is on online there is provision for telephone and face-to-face processes – an important element in supporting people who don’t use the internet. The processes are going to depend on methods that are already established in IdA –checking the details people provide against a range of databases for any discrepancies, and when necessary asking for supporting documents such as passports, driving licences or utility bills. When the person wants to access a service they will be directed to the hub to choose their provider and sign in, prompting it to send the data set to the service provider to confirm the identity. When the identity provider is satisfied it will feed a data set of name, address, date of birth and gender for the person into a central hub, the point at which the authentication for specific services takes place. The service provider uses that data to identify their records about the user and, if there is a doubt about which record to use, can ask an extra question to get the correct record. The key feature of this is that the identity and service providers only communicate with the hub, not each other, so the former doesn’t know which government services its customer is using and the latter doesn’t know which identity provider is doing the job. This reflects the underlying concern about privacy that has been one of the big drivers of the programme, and which could be a major factor in boosting take-up. It’s a case where designing a simple process is complex business, and Hughes says the biggest challenge is in correctly matching a person’s data set on the hub to that held by a service provider. “There are a number of elements,” she says. “One is to verify you are who you say you are. In a way that’s technically speaking straightforward as there are records and you can ask knowledge-based questions. “The complicated thing is matching that identity to a record that’s already held by a service. If we succeed we’ll be the first people in the world to do it at that level of assurance.” The GDS has placed its faith in an agile approach to meet the goal, avoiding a precise specification at the beginning of the programme in favour of a few questions about user needs, then building, testing, changing and moving forward cautiously. Hughes says this has made the team confident that it’s going to be right for users of the service. It has reached the stage of identity and service providers being able to connect to the hub, and will soon make it available for a limited number of individuals to use as a private beta. Two services will begin to use it – HMRC’s PAYE Online and DVLA’s service for people to check their driving licence details – following which another 23 will join as ‘exemplars’ up to April 2015. It is staying clear of a firm timeframe beyond that, and there is no compulsion on government departments to use the scheme, but Hughes points out: “It’s been agreed by the Public Expenditure Committee that this will be the default way. “We’re working with all the service providers across government to understand their needs and ensure they are developing the service in a way that meets their users’ needs. There’s no reason a service provider wouldn’t choose to do that.” [Next – Diversity prevails for government identity assurance] Related content feature The dark arts of digital transformation — and how to master them Sometimes IT leaders need a little magic to push digital initiatives forward. Here are five ways to make transformation obstacles disappear. By Dan Tynan Oct 02, 2023 11 mins Business IT Alignment Business IT Alignment Business IT Alignment feature What is a project management office (PMO)? The key to standardizing project success The ever-increasing pace of change has upped the pressure on companies to deliver new products, services, and capabilities. And they’re relying on PMOs to ensure that work gets done consistently, efficiently, and in line with business objective By Mary K. Pratt Oct 02, 2023 8 mins Digital Transformation Digital Transformation Digital Transformation opinion The changing face of cybersecurity threats in 2023 Cybersecurity has always been a cat-and-mouse game, but the mice keep getting bigger and are becoming increasingly harder to hunt. By Dipti Parmar Sep 29, 2023 8 mins Cybercrime Security brandpost Should finance organizations bank on Generative AI? Finance and banking organizations are looking at generative AI to support employees and customers across a range of text and numerically-based use cases. By Jay Limbasiya, Global AI, Analytics, & Data Management Business Development, Unstructured Data Solutions, Dell Technologies Sep 29, 2023 5 mins Artificial Intelligence Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe