Identity Assurance (IDA) in UK

Came across this rather interesting blog post in Computer Weekly almost a month ago. Just scroll down until you get to the sub-title “Identity Assurance” to find this, that I have quoted for your convenience below, and more if you are interested.

“The Government Digital Service (GDS) has devised a fresh approach to building online trust: the Identity Assurance (IDA) programme. The aim is to allow users to prove their identity, or other information about themselves, using services from private-sector organisations. In the IDA model, individuals and businesses will be able to ‘reuse’ existing trust relationships to interact with government (and ultimately with each other): for example, a customer might use their online banking credentials to prove their entitlement to a public authority so that they can claim benefits. GDS is working with key authorities to deliver the necessary technical, commercial and regulatory infrastructure to make this new approach possible.

GDS is also developing a market of companies wishing to act as Identity Providers (IDPs), who will have to bid for the right to do so, and undergo rigorous independent certification to ensure that their security and commercial controls are appropriate. Eight Identity Providers have been selected to provide the first set of IDA services in support of pilot activities from October 2013. Those IDPs are working together under the aegis of the Open Identity Exchange (OIX) to deliver the technology, commercial and legal approaches needed to make the service a reality.”

Fixing security

Hear! hear! Are my thoughts when reading David Lacey’s blog post on software development, especially when I got to the last sentence.

“Security professionals should note these points, because the key to effective security is not reams of policies and tick-lists, but empowerment, effective solutions, large-scale collaboration and agile response.”