U.K's opposition Labour party commissioned and released the results of a Digital Government Review (PDF). The high priority recommendation regarding the GOV.UK Verify Program?
That government urgently deliver on the Identity Assurance programme.
Where necessary investigating the reason for ongoing delays; the potential need for legislation, the dispute resolution and support structures in place in case of failure; the audit structures to ensure that data is kept secure; and how to meet the expected demand for non-private sector identity providers.
The fact that the recommendation actually supports the program has not stopped many from trash-talking the program.
++ Expect that part of the vitriol is coming from those whose cozy relationships may have been disrupted by the acquisition reforms being put in place by GDS.
++ IDAP itself appears to be on the path to address the identity verification issues that came up in the DFRA CAP scheme public beta by looking to expand the range of data sources available for verification, and bringing a new identity provider online.
Patterns of internet trust
Kaliya (@identitywoman) and Steve Greenberg with a Field Guide to Internet Trust Models that speaks to managing risk, trade-offs and interoperability.
++ Download as a single PDF here.
cyberforge: random and relevant
The answer is a definite 'Ja' from Denmark's WAYF federation broker with 10 million logins a year!
++ What will Santa bring to connect you?
++ ACM paper on the Security Collapse in the HTTPS Market has troubling but familiar words such as 'too big to fail' and 'a sense of urgency [..] seems nonexistent' which do not engender feelings of comfort in a core piece of the internet security fabric.