In a recent blog post, Anil John posits that the Public Sector has an obligation to play the same role in the future electronic Identity Validation world as they do today with Drivers Licenses, Passports and the like. I have similar views, but a slightly different opinion of the actual role Public Sector should play or will be willing to play.
Here’s my response to his post:
I often think about the ‘vouch for and stand behind’ assertion of the Government-as-Authoritative-Source-of-identity-attributes discussion.
I don’t buy the claim that Government plays this role in today’s ID Document real world. If I show a fraudulent drivers license and manage to register a business to commit untraceable fraud, is the DMV accountable for it in any way? Or is it the clerk/Department that failed to recognize the fake ID?
I think that today, Government ID is accepted because of the assumed process rigor and security features embedded to protect the services the ID document is intended to entitle. It’s “well known” and the issuer has no motives detrimental to the holder – this in contrast to the suspicions about commercial organizations.
I do believe that Government does have a role in the identity validation world – but am not sure what it will be. Maybe it is a service that verifies the security features of tokens and claims presented electronically (but not the information itself)? This would be more similar to the current Government role.
In the Canadian Public Sector, the discussion often turns to Liability. It is hard for Agencies to accept new liabilities especially if it does not relate to their Service Mission. Of interest is that in many cases Governments are not permitted to sue themselves.
This would be a great issue to come to ground on – it would clarify where the work actually is.