› 
User Centric ID management - Heading for New Zealand

Malcolm Crompton's picture

In 2 weeks, I will be heading to New Zealand to participate in Managing Identity in New Zealand - Identity Conference 2008.  Among the other speakers will be Stefan Brands to talk about Credentica & its purchase by Microsoft, which we first celebrated in A great day for privacy: genuine privacy respecting, user centric Identity Management has hit the mainstream the day after it was announced.

As a consequence, I have been brushing up on latest developments in ID management in New Zealand.  The short version of that story is that, at least among the Anglo cultures, the New Zealand government almost certainly takes the prize for seeking to provide privacy respecting, user centric ID management.

See for example igovt public consultation at Vikram Kumar's fabulous Identity & Privacy blog; while you're there have a wander round his site.  Martin Stewart-Weeks from Cisco introduced me to the site. 

For a fuller description of what the NZ'ers are doing, go to Section 4, How it works in the Department of Internal Affairs' paper IVS - Information for Public Consultation. They summarise it this way:

The new identity verification service is part of igovt. Igovt is the working title for a group of online government services aimed at helping you interact with government agencies securely and conveniently online. Initially igovt will consist of two separate but integrated services presented through a single, common front-end.

  1. a logon service (the government logon service) that provides ongoing confirmation that it is the same person accessing secure online services. This service is operated and maintained by the State Service Commission. The logon service can be used on its own, without the identity verification service, to provide logon management services to government agencies. 
  2. an identity verification service (the new service) that establishes and verifies who a person is. The new service will be operated and maintained by the Department of Internal Affairs. The service defines a person’s identity as an individual, i.e. a person distinctly and separately known from all others.

If people choose to use the new identity verification service they will also be using the logon service (the logon service provides logon management for the new service).

Providing the two services separately is deliberate and important in protecting privacy. The separation prevents information about who you are (the new identity verification service), being connected to information about your use of online services (the logon service).

While wandering round Identity & Privacy Blog, take a look at Interviewing Simon Willison about OpenID.  It is an interview that covers OpenID & how it can be used with high degrees of control.  Simon covers a number of topics, including how to harden it against phishing, although it is still probably a low security option unless it is further hardened, as the OpenID foundation recognises.

Managing Identity in New Zealand - Identity Conference 2008 in New Zealand is going to be a high spot for ID management in this part of the world; indeed anywhere.

Malcolm Crompton is Managing Director of Information Integrity Solutions (IIS), a globally connected company that works with public sector and private sector organisations to help them build customer trust through respect for the customer and their personal information.