Archive for the ‘technology’ tag
Comments on Identity Verification Service
I just heard today that the Department of Internal Affairs is consulting on an opt-in single sign-on identity verification service (IVS) that may be used by government agencies to identify us online when interacting with said agencies.
I have included my submission below for reference.
We would like to know whether you are likely to use the Internet to verify your identity with a government agency.
Yes – but it must work on any operating system and web browser. I use a variety of operating systems and web browsers including:
- Operating Systems – Apple OS X, Fedora Core Linux, and Microsoft Windows
- Browsers – Firefox and Safari
I will not be able to use the service if it is tied to Microsoft Internet Explorer/Windows platform. I expect that all the good work that the State Services Commission has been doing on standards and interoperability will be applied to IVS as well.
We would like to hear from you regarding the type of services you might want to access that require you to verify your identity.
- Inland Revenue for management of personal/business taxes, KiwiSaver?
- Government Electronic Tender Service (GETS)
- NZ Qualifications Authority for NZQA Learner’s Record
- Local Government
We would like to know what you think of being able to verify your identity with businesses and other organisations.
I would support the service being made available to local government.
I am initially dubious about IVS being made available to businesses until such time as more details are made available. I trust the Government to run their IT systems to a higher level of security than most businesses. I am also concerned that if the IVS was made available to non-governmental users, that uptake may well make the IVS to be more than an opt-in service – businesses may use incentives that Government cannot to strongly promote registration and use of the service.
I would however support a limited number of business sectors to utilise the IVS – in particular those that provide online financial services such as banks, fund managers and sharebrokers. It is preferable to have them using a national framework rather than having a token for each organisation AND government on my keyring. Note that this would present some risks – in particular the risk of a distributed-denial-of-service (DDOS) attack against the IVS infrastructure. If the IVS does grow to become widely used, and includes the financial sector, then a DDOS against poorly planned IVS infrastructure may have significant negative consequences – even if just in perception of the service. Naturally, as IVS grows in usage, it would have the potential to become national critical infrastructure and would need to be managed as such.
Read the rest of this entry »