Passport in Government? Already there!
April 27th, 2002 by jiri
There was quite some noise about US Federal Government considering selection of Passport to deliver single sign-on recently. The original story from The Seattle Times was slashdotted and you could here some really excited reactions out there.
Nikolaj reckoned that we “should understand ‘Passport’ as ‘authentication within the GXA framework’ coupled with Microsoft’s ‘Digital Rights Management Operating System’ and XRML”.
I though that I could imagine quite scary scenarios using technologies he had mentioned, but that there was one, more immediate connection missed. Merging Passport with a UK thing called Government Gateway. At front-end, Gateway is essentially a citizen portal to e-government services and at back-end it is an integration hub usable by central and local governments. It is run by the Office of the e-Envoy, the UK e-business government unit, and it was built by Microsoft who are now trying to sell it to outside the UK.
Information from the e-Envoy technical pack seemed to indicate that identitywise, Gateway provides initial registration, but authentication is done by individual departmental systems. This would mean that citizen would have single userid for all e-government services but multiple passwords - each for every department.
Gosh, I was wrong.
The new informational Gateway website speaks clearly - central authentication is at the heart of Gateway. Bam. Central database of passwords to all e-government services. When I realised this, I was really relieved that I am didn’t register for internet tax self-assessment and still using paper based tax return forms. Isn’t this, in fact, a government-run Passport?
Gateway supports certificate based authentication, which thanks to a boon of assymetric cryptography does not require any passwords to be stored centrally. The only downside here is that the certificates do not come particularly cheap - about 20 pounds a year and therefore I would think that 95 % out of of registered 400.000 users are using passwords.
In this situation, replacing Gateway authentication capabilities with Passport could become benefit rather than threat with the promise of Kerberos-federated Passport comes true. This would, for example, allow all my access to Inland Revenue internet tax facilities to be authenticated against a database of the local council to which I, based on my residence, belong to.