https://gds.blog.gov.uk/2012/06/14/cabinet-office-joins-open-identity-exchange/

Cabinet Office joins the Open Identity Exchange

On Tuesday, 12th June, Mike Bracken announced that the Cabinet Office will be joining the Open Identity Exchange (OIX). The Identity Assurance Programme team explain how this will enhance a process of collaboration and inform ongoing, small-scale, alpha projects.

Recently we blogged about the Cabinet Office Identity Assurance Programme (IDAP) team’s visit to the White House where the IDA team also met up again with the Open Identity Exchange (OIX) for a day of workshops and discussions exploring how we could collaborate with OIX to achieve our goals.

A meeting in London was held on Tuesday this week to formalise our commitment to OIX and share how we plan to work with OIX going forward.

The Open Identity Exchange (OIX) gathered around 50 organisations together to hear how OIX works and how the UK Government plans to structure a dialogue with interested parties on this subject.  We also described how we will use OIX to communicate progress on a series of practical alpha projects.

Like the range of problems that it is trying to address, OIX is international. Established in the US and responding to the White House strategy (National Strategy for Trusted Identities in Cyberspace), it encourages collaborative working across geographical, political and organisational boundaries, in order to respond to a fast moving and complex set of problems.

To participate in OIX, or its related activities, interested organisations do not have to pay (though there is a membership framework should organisations wish to join). Instead it asks participants to sign up to principles, for example around intellectual property. OIX is about openness and interoperability and the principles reflect this.

So why has the UK Government joined?

HMG has made a commitment that new digital transactions from central Government Departments such as DWP’s Universal Credit will adopt a federated model for identity registration and credential authentication to prevent ‘login fatigue’ – having too many usernames and passwords. This approach will require close collaboration with industry and this is what OIX can help encourage.

The Cabinet Office Identity Assurance Programme (IDAP) will use OIX in two ways, firstly to create a UK Working Group through which organisations can participate in the development of the initiative. Secondly, it will engage with partners about ongoing small scale alpha projects that experiment with solutions to real world problems. These projects will allow us to ‘learn from the journey’ and allow us to focus discussion around tangible problems.

Joining OIX is big step forward on the IDA mission. We will use this blog (and other channels) to communicate the evolving structure but also the progress we’re making. If you’d like to get involved, the Contact Us button is at the top of the page.

14 comments

  1. Robert Clark

    Re “will adopt a federated model for identity registration and credential authentication to prevent ‘login fatigue’” – who will have access to this?

    Reply
    • steve

      Thanks for your comment, Robert. Please would you clarify the question.
      Steve

      Reply
      • Robert Clark

        Will Local Authorities be able to make use of the identity registration/credential authentication within their own systems (eg Parking, Libraries, etc)?
        Robert

        Reply
  2. LEIs, Dodd-Frank, FATCA and Markets for Identities - Let's Talk security

    [...] also recognising the market for identities that exists in the real world. The UK Government made announcements to this effect in [...]

    Reply
  3. dmossesq

    Steve Wreyford’s post on OIX is the latest on the ID assurance blog and is dated 14 June 2012, three months ago.

    Has there been no activity on identity assurance since then?

    Surely there must have been some, GDS are due to announce by the end of September – 85 hours time – which bidders have been approved to provide identity assurance services as per the 1 March 2012 notice in OJEU.

    When will we be told who the winners are?

    Reply
    • steve

      Thanks for your comment, David.

      Firstly, please don’t take our lack of posts as evidence of inaction. We’ve actually been incredibly busy over the summer and are expecting a bumper crop of posts in October, to share what we’ve been up to. So, watch this space.

      Secondly, DWP are still working to resolve final contractual issues. The outcome will only be made public when final contracts are signed.

      Steve

      Reply
      • steve

        Furthermore, this notification will come from DWP, not Cabinet Office or GDS, as it is their framework.

        Reply
      • dmossesq

        Dear Mr Wreyford

        Thank you for your reply.

        I don’t mistake the absence of posts for inactivity – as I said, surely there must have been some activity in view of the importance of Universal Credit.

        You say that “DWP are still working to resolve final contractual issues”. Ex-Guardian man Mike Bracken made it clear on 1 March 2012 that Identity Assurance belongs to the Cabinet Office and not DWP: “… this approach ensures that, ultimately, HMG-wide Identity Assurance is supplied across central departments via a common procurement portal (to HMG agreed standards) and governed by the Cabinet Office”. Presumably GDS are involved in those “final contractual issues” just as much as if not more than DWP*.

        The absence of posts does create a vacuum, though, which draws in all sorts of flotsam …

        The Department for Business Innovation and Skills (BIS) midata initiative, for example. Why are GDS using BIS to try to legislate for Personal Data Stores/Inventories (PDSs/PDIs) instead of doing it themselves?

        And GOV.UK – why waste a lot of time and money re-writing central government websites? Is it to provide consistent hooks for PDS-based identity assurance in all government communications over the web?

        A PDS is a dynamic dematerialised ID card, isn’t it. The public won’t “wear it”. Neither will the banks if the Cabinet Office try to insert PDSs into the nation’s payment systems.

        If Google and/or Facebook turn out to be on the list of GDS-approved suppliers of identity assurance services, then DWP and everyone else will have wasted their time negotiating any contractual issues, final or otherwise. Again, the public won’t wear it.

        And the GOV.UK team will have wasted their time.

        And BIS will have wasted their credibility …

        Goodness, just look at all that dust, you never can tell what the vacuum’s going to draw up, can you. The sooner GDS can tell an expectant public what you’ve come up with identity assurancewise, the better.

        ———-

        * While writing this reply of mine, your second reply popped up, trying to push responsibility back on to DWP. Too late, Mr Wreyford. The Cabinet Office burnt their bridges when they made DWP withdraw their December 2011 OJEU notice. You know that. If Universal Credit fails for lack of identity assurance, that will be the Cabinet Office’s fault now and not DWP’s.

        Reply
  4. National identity cards, of the virtual kind | The Economic Voice

    [...] Cabinet Office led Identity Assurance Programme will ensure that only companies with properly secure login and identity verification systems will [...]

    Reply
  5. Identity assurance for local government services | Government Digital Service

    [...] how to login to services.  It would also like to hear from any LAs interested in speaking at the Open Identity Exchange (OIX) about their supplier [...]

    Reply
  6. Identity assurance – Stepping Up A Gear | Government Digital Service

    [...] builds on the great progress we’ve made in recent months. By joining the Open Identity Exchange (OIX) we’ve created a forum for exchanging ideas between interested suppliers and the broader market. [...]

    Reply
  7. Cabinet Office joins the Open Identity Exchange - Government Tenders, Government News and Information - Government Online

    [...] a blog post on the Government Digital Service website, the identity assurance team says that it has formalised its commitment to OIX, which provides [...]

    Reply
  8. Digital Transformation in 2013: The strategy is delivery. Again. | Government Digital Service

    [...] Performance Framework and digital throughout the Civil Service Reform Plan (PDF) plus we joined OIX Jul: Launched the Transactions Explorer Aug: E-petitions birthday Sep: Delivered alpha of Student [...]

    Reply
  9. Policy, delivery, Government digital service

    [...] Performance Framework and digital actions throughout the Civil Service Reform Plan, plus we joined OIX to develop the Identity programme. Jul: Launched the Transactions Explorer which shows the key [...]

    Reply

Leave a comment