Federation is the key to Govt ID
Thor Essman: Identity is central to the efficient operation of the network
Creating a single identity for Australians has long been a complex issue with the potential for significant backlash from the public when handled poorly.
The attempt at an Australia Card in the 1980’s demonstrated Australians have a fundamental level of concern with governments creating a national identity framework, fearing too much “Big Brother” insight into their lives and that their privacy will be compromised.
Not to be deterred, Australian governments at the federal and state level have recently focused on creating digital identity solutions, often with mixed success as they have not all resolved the fundamental mistakes of the past – making a single identity opt-in and also focusing the solutions on benefiting the citizen, not the government.
The Federal Government created the infamous MyGov in the early 2010s, administered by the Department of Human Services. It had been conceived as a means of having a single identity and sign on to numerous services including the Australian Taxation Office and Centrelink and has been plagued with user experience and recently stability issues.
Australian states have also rolled out their own digital identity platforms, arguably the most successful being Service NSW, which was formed in 2014. The Service NSW mandate was to enable a citizen to “Tell the Government Once” and its primary focus was to benefit the citizen.
As part of this delivery, they created a framework that provided an opt in Identity that allows for single or multiple credentials based on a user’s privacy concerns. These credentials allow access to digital services provided by the state.
Other states, including Queensland have had success with a federated identity model within the state, while South Australia has a mobile-phone-wallet-based solution for digital licensing.
The question that remains is how these digital identities interact with one another, and how Australians can be brought on board to trust government with their digital identities.
Federation is the key
The Federal Government has recognised that federation is a key enabler and through the DTA is drafting a Trust Framework that outlines the compliance and operational requirements for participation in a National Identity Ecosystem.
According to Ping Identity Australia’s Chief Technology Officer Mark Perry the framework is an excellent foundation. However, since its origination, industry and federation standards have progressed.
To Mr Perry, the framework is missing an interoperability capability that can now be provided with a modern federated model, where a state identity will work across federal domains, provide identity for citizens moving from one state to another and allow third parties to participate in this ecosystem.
“A Modern Identity federation framework is the only way to make this work,” he said. “There is concern with a single digital identity at a federal level, and with current solutions and approaches it will be difficult to realise the full value of these investments and enable the next wave of open government.”
Thor Essman, Founder and CEO at technology and PaaS provider Versent, agrees that a federated model is critical to digital success and government interoperability.
“One of the challenges associated with digital identity for government is that for too long governments have been trying to solve the digital identity problem for themselves, and not for the citizens,” he said.
According to Mr Essman, a federated model is essential, but he adds that it should not be viewed with a Government only lens and that there is a role for industry within any framework as both a provider or consumer of identity and that the framework should enable the consumption of government services by industry.
Historically, as individuals we have willingly offered up our identities to an email or social media platform, often without reading the terms and conditions and simply clicking ‘yes.’
“The components of an ecosystem already exist,” he said. “Technology companies and government are all running their own technology capability with varying degrees of maturity. The solution would be to leverage modern standards and the identity resources of both government and industry in a federated model.”
In Mr Essman’s eyes, the government could broker the trust of identities and the relationships as opposed to actually brokering identities, this would ultimately allow Australians to use any approved digital identity they wanted in the context they wanted.
There is a role for iconic companies, such as Australia Post or Telstra, to provide digital identity services that could be used both privately and across levels of government.
The Privacy Question
Many years ago, Scott McNealy, CEO of then powerful computer company Sun Microsystems, was quoted as saying “You already have zero privacy — get over it.” And that was before the rise of social media platforms like Facebook.
Mr McNealy’s statement has become true for the vast majority of people on this planet, yet Australian citizens remain deeply suspicious of government attempts to give them a digital identity.
Mr Perry said Federation is the way forward as it allows for transparency and a citizen will know what is being shared and have to provide their consent to share any information, and that broad acceptance of a digital identity scheme hinges on privacy being at the centre.
“Privacy has often stopped Government moving forward with a single national identity,” he said. “That is why we need to allow individuals to leverage multiple identities for different interactions with government. Some people want to isolate parts of their interactions with different identities - they want to feel their privacy is intact.”
Versent’s Mr Essman agrees, but wants us to expand our lens of what’s possible. Scott McNealy was also famously quoted as saying “The Computer is the Network” – Mr Essman believes that we are moving towards a paradigm where “Identity is the Network”– with privacy and consent are core components.
“The sensitivity of information is different between individuals – some may not consider their name and date of birth particularly sensitive as they share it via social media - others protect this information as judiciously as medical data,” he said.
“It comes down to transparency to allow citizens to make the right decision. If we can highlight what has already been shared and we need to share – people can authorise these interactions with a greater understanding – the challenge is that organisations have not chosen to be that transparent with the information that is being shared or held.”
Australia will see the release of an initial Federal Identity framework in 2018 – the initial release aims to simplify some citizen pain points and organisations and government need to be ready to take advantage of the initial benefits for citizens.
The evolution of the framework is important for the success of digital government and to allow for a more fine-grained choice for citizens and easier consumption of government services as well as integration and adoption by industry.
Ping Identity will host its Identify 2018 events in Sydney on May 8 and Melbourne on May 10. Identify 2018 is an event by the Ping Community for the Ping Community. You can reserve your seat here. Ping Identity is a valued InnovationAus.com partner.