Comments on: Identity and Authentication http://comment.idealgovernment.com/identity-and-authentication/ Just another WordPress weblog Tue, 27 Apr 2010 17:20:58 +0000 hourly 1 By: Phil http://comment.idealgovernment.com/identity-and-authentication/comment-page-1/#comment-100 Thu, 22 Apr 2010 05:41:08 +0000 http://comment.idealgovernment.com/?p=25#comment-100 I’d re-cast ‘An effective UK identity framework needs to ensure that it provides various levels of trust, identity and authentication’ as ‘Any effective identity assurance framework (in the UK or elsewhere) needs to ensure that it provides various levels of trust, identification and authentication’. Your wording implies a single framework, and – unlike every instance up to that point – I feel its use of the word ‘identity’ is a bit imprecise.

Similarly, I’d say principle 1 should read: ‘Government is just one potential *credential* provider of many: it does not, and should not have, a monopoly on citizens’ identity and authentication.’

Principle 2 is more problematic. Government’s role may be to ensure/enforce proper governance of any identity assurance framework(s) operating in the UK – though its record to date makes it a pretty poor candidate. It may even have a place in establishing standards – if it can get over its obsession with its own administrative convenience. But ‘an overall governance framework’ could easily be misinterpreted to mean ‘one ring to rule them all’…

Governments don’t issue identities. So, ‘credential-issuing and authentication functions’ or ‘identity assurance’ would be far preferable to ‘identity-issuance and authentication functions’.

Principle 3: why not ‘adopt’, rather than ‘support and promote’? A bit of ‘leadership by example’ might help rehabilitate trust…

]]>