B.C. to test virtual digital ID card

Here's a story by the Canadian Broadcasting Corporation (CBC) on the British Columbia government's IDM project.  Dick Hardt of sxip played the key and even charismatic role in developing a catalytic relationship between industry and government.

British Columbia will test a virtual ID “card” that enables citizens to connect with the government's online services more safely and easily, a top technology official said.

The government plans to begin tests on an “information card” early in the new year, said Ian Bailey, director of application architecture for the province's Office of the Chief Information Officer.

The cards are in the early stages, and “there's going to be some challenges,” Bailey said.

An information card is not a card at all: it's more like a document delivered to users’ computers which they can then use to access government websites.

It's meant to replace the current method of access, which involves logging on to a site with a name and password, and has a digital signature that can't be changed or reproduced, Bailey said.

“It will give us better privacy protection for individuals,” he said.

Among other attributes, Bailey said using an information card means:

• The government won't know which sites the user visits.
• The user is in control of shared information.
• The cards won't have to reveal users’ birthdates or addresses, or a student's school. Instead, it could simply confirm the user is over 19, a B.C. resident or a student.

He compared using the card to using a driver's licence for identification since, in both cases, the government does not know what the citizen is doing.

Ontario privacy commissioner likes cards

Ann Cavoukian, Ontario's privacy Commissioner, said information cards have “several key advantages” over username/password systems.

She outlined the benefits in a white paper about identity metasystems — a means of ensuring users can easily access all their online identities, such as an information card — on her website.

The paper said information cards mean:

• The end of stolen, lost or forgotten passwords.
• Less “phishing,” when a password is stolen by an unauthorized user, because authentication used by one site is useless for another, even for the same information card.
• Less storage of sensitive information, because the cards can resend it every time they are used, so the accessed site doesn't need to retain it.

But Cavoukian also warned that a universal identity metasystem could be misused and “become an infrastructure of universal surveillance.”

Seven laws of identity

The Seven Laws of Identity, developed by Microsoft's chief identity architect Kim Cameron and other privacy experts is at the base of B.C.’s trial.

The laws outline ways in which online retailers, banks and other organizations can enhance privacy in the next generation of internet identifiers, such as the information card.

B.C. will offer the ID card first to residents who already have government issued passwords for accessing certain sites, Bailey said.

The project includes identity companies CA Inc. (formerly Computer Associates), Microsoft and Sxip.

Sxip's web site notes that vendor participation in the project is even wider: 

The project actually includes a lot more of the leading IdM vendors including: IBM, Microsoft, Oracle, Novell, Nortel, Computer Associates, Siemens, Sun Microsystems, Deloitte, Bell, Telus, and Sxip. The government asked Sxip to lead this vendor team. The goal is to make online provincial government services more accessible to its constituents while reducing the costs for delivery, and unified IdM has been identified as a primary driver. We'll be producing a user-centric IdM architecture that scales to meet the needs of government ministries, the broader public sector (Crown Corporations, health providers, etc), non-governmental bodies, businesses and citizens.

The project's IDM Architecture Document will be of great interest to many readers working on eGovernment initiatives.  Ian Bailey gave a cogent presentation at the recent DIDW 2007, and when the presentations are available publicly, you'll want to hear this one.