Moving forward, user-centric Identity Management is clearly an interesting alternative to centralized systems. The promise of a solution where the user has choice over how and what identity information is shared with Service Providers is worth working towards. It is not surprising that user-centricity is finding its way into pilots and initial implementations in the public sector.
It is becoming clear to me that user-centric IAM is a philosophy / model / strategy that is well-suited to government implementations because it has potential to return ownership of identity information to individuals, many of whom access multiple public services.
If they can avoid it, Canadian governments do not want to hold identity information outside their highly secured core registries. These government departments recognize that our relatively tough privacy laws prohibit retention of information beyond what is needed to deliver a service. Storing additional identity information, or unnecessarily storing the same information in more than one place, increases the risk of breaches and identity fraud.
Adopting user-centric strategies can reduce the volume of sensitive data to be managed, move privacy decisions closer to the user and make governments more compliant with their own legislation and policies. Perhaps most importantly, as Dick Hardt’s Identity 2.0 presentation made it clear, user-centric IdM allows the creation of privacy- and user-driven solutions that mimic the real-world we live in.
This is possible because many systems do not necessarily require identification, but rather authorization. Or if they do need identity information, they need it to support a transaction and have little need to store it after the transaction is completed.
Think about an e-commerce transaction using a credit card. The system does not actually need to permanently store identity information. Rather, it needs to know that you have the funds to cover the transaction. The key information is the card number. Your name is only provided to support the transaction, i.e. to verify that the card being used can be matched to an accountable card holder. If these authorization elements are present in the transaction (and not disputed later) then the business can be conducted. The storing of the name information beyond a reasonable dispute period (say 45 days) is unwarranted.
When faced with breaches of identity information, goverments may soon find themselves needing to identify less. It may seem counter-intuitive, but for certain low-value business transactions, a government organization may not actually want to know very much about those individuals, or at least they don’t want to have to store information about them in local databases. What they do want is to ensure that these citizens are authorized to access the system and the information it contains.
An example of a provincial service that could likely dispense with traditional retention of identity information would be a system that issues a fishing license. When issuing the license, it is important for the individual to properly identify themselves so that their name can be printed on the actual license document. The license then authorizes the named individual to fish, so after the transaction it is important to have that identity information on the card to support an enforcement officer’s needs for proving ‘eligibility’. While the issuing department may make a case for retaining the identity information in a license database, does it need to have its own Identity Provider service — chock full of duplicated identity information? Can it not simply trust one of several provincial or federal Identity Providers?
In time, this user-driven approach should result in fewer identity providers and many more relying service providers. In a provincial government, there could conceiveably be three or four identity providers. These could be linked to key registries such as HR (for internal users) or public education, health or motor vehicles (for citizens). Add to this a federally provided IdP, perhaps based on tax records or a passport database, and citizens would have real variety in IdP services.
Moving to user-centric IdM with real choice in identity provider services can provide greater privacy protection and reduce the complexity of government electronic service delivery.