Wednesday, September 25, 2002
Today I found, by accident, a link to this blog from Scott Loftesness' blog which in turn took a link from Jiri Ludvik's site ... both of these are well worth spending some time on. They're focused on technology and security issues generally and, particularly, identity and authentication. Jiri starts his post by noting that he thought that the Government Gateway was a country-specific version of MS Passport. That's not a bad first shot and I wouldn't argue with the principle - Passport is about single signon to multiple web sites and the Gateway is about single signon to multiple government online services. The Gateway isn't in any way related to Passport (and although it uses MS products, the two technologies are far apart). The first job of the Gateway is to provide a way of linking "you" as a person to "you" as something that Government can relate to, using any of the myriad of numbers that the average citizen will use in their occasional contacts with Government. But secondly (and, for me, more importantly) it provides a route into Government for transactions (in our case, these are sent as XML documents that can be digitally signed if a certificate is available). That "route" is a common route for any transaction coming from any source - so a commercial web site (say a bank that wants to provide tax services for its customers) can send transactions to government (and, if the same bank wanted to move into benefit-related services, it could use the same interface); likewise, applications (such as Sage that handles small business accountancy), can also send transactions (so ... a small business need only press "send tax returns" and, provided there is an Internet connection, it will wing its way to the Inland Revenue, be authenticated, submitted and acknowledged. I don't know of any other Government in the world that has independently created a system like this - one that supports both internal government web sites and 3rd parties so that the process of submitting authenticated transactions to Government is simple (well, relatively simple - nothing is easy when you're composing XML schemas, dealing with digital certificates and trying to join up Government departments). Pleasingly, Jiri goes on to ask whether we can succeed where Microsoft (with its originaly .net vision and hailstorm services) did not. Here. he's talking about our plans to offer notification services (via mobile phones, email and so on), appointment booking etc. "Tune back in 2004" he asks. That should give us enough time ... it's not going to be easy, but it is worth it!
Posted by Alan at Wednesday, September 25, 2002