We all suffer multiple personality disorder. Visiting a bank or government agency, or even logging on to social media requires that you identify yourself using some sort of credential.
Rachel Dixon is the Head of Identity for the Digital Transformation Office – an executive agency that was established in 2015 and forms part of the Prime Ministers ministerial portfolio. She spoke at the recent technology in Government conference held at Canberra’s National Convention Centre.
Dixon’s remit sounds simple – create a single identity that people can use to access government services through the MyGov portal. This has led Dixon and her team through a process to develop the Trusted Digital Identity Framework (TDIF). This is a product to verify the identity of consumers to a level that’s sufficient for them to access government services.
The vision is to create a genuinely whole of government digital identity solution based on extensible, open standards.
DTO is working with a wide range of public and private sector stakeholders to develop a broader framework for trusted digital identities. There’s a three step processes DTO is undertaking.
“The genesis of this project is the government is complicated to deal with and there’s a realisation that people in the community want to do more online,” says Dixon. The impetus for looking at a federated identity model stemmed from the Financial Services Industry report that was released in 2014 and led by David Murray AO.
“The issue is that people don’t want a digital identity,” says Dixon. “People just want to get stuff done. The only want a digital identity in the context of trying to achieve something. Which means that depending on the task you might be prepared to wear a certain amount of pain to prove who you are.”
Doing this for the whole of government is, of course, a challenge. Dixon notes that while there are many services which are “whole of government” many have quite limited contexts. In many cases, it might be about a specific function that perhaps only a handful of agencies actually share. That’s not whole of government she says.
“Whole of government means business. It means government agencies. It means individuals. It means people who are authorized to do various things. It means a platform that all of government can use.”
This meant the approach Dixon and her team took had to be different to other projects because the cost of onboarding needed to not be a disincentive to smaller agencies. Dixon observed that many initiatives were championed by larger agencies but missed on bringing smaller entities along because of costs.
“We’re trying to be as consultative as we possibly can,” says Dixon.
Work started with a Discovery process and was followed by the release of an Alpha version of the TDIF. Dixon says all of the code written in developing the Alpha will be thrown out as it was intended to demonstrate capability rather than represent a specific mode of software development.
Later this month, on 29 August 2016, Dixon will be showing off the TDIF at a roadshow event. The plan is to then release the TDIF in a public beta in July 2017. All the source code and documentation for the project – other than that which is commercial in confidence – will be released into the public domain through GitHub.
Her team is conducting research right across the country and talking with agencies, private companies and individuals. The project is also looking to leverage existing state-based identification systems so people who have already established an identity with their state government can be easily verified for a national digital identity. Similarly, they are looking for ways for a federal identity to also be used for state-level services and for it to be portable so when someone moves from one state to another they don’t need to re-establish their identity.
Importantly, Dixon says the platform she is building “is only about identity- it has nothing to do with transactions. It’s about what make you different to someone else. How do I know you are you?”.
As more and more services are offered online, the issue of having a secure online identity becomes more important. This is why Dixon’s team has spent considerable effort conducting research, to understand what people actually do when they are online and access services. In particular, Dixon notes that while many people say password security is important, their actions don’t always reflect this.
“We try to design things based on what people do, not what they say they will do”.
The system will be based on a federation hub that will connect the Commonwealth identity provider, state services, federal services and other identity providers. The hub will be built using standards that mean the onboarding of new agencies won’t rely on coding changes.