This is part two of a series of blog posts about introducing a digital ID for Jersey. In part one I explained the reasons why we are looking at options for a citizen authentication scheme – if you haven’t read that, please do so to understand the context. In this post, I will outline the research we’ve been doing over the last few months and how we see the way forward.
Watching the leaders
In 2014 a delegation from Jersey went to Estonia to find out about how their citizens are able to perform many government transactions online, including voting in elections.
Jonathan Williams (eGovernment director) and Ian Webb (director of IS) have had meetings with the UK’s Government Digital Service (GDS) to understand more about the UK Verify scheme. (We have established that this is not something we can join in with directly in the short term)
Since March, I have been carrying out research into how other jurisdictions operate national online ID schemes together with Stephen Hart (Head of IT Services). We have been to the Netherlands for the two-day “European Digital Identity (Un)conference” and attended three London-based workshops run by the Open Identity Exchange (OIX) where we were able hear about various R&D projects that are underway in the UK and meet some of the private sector identity providers involved in UK Verify.
The bigger picture
One of the things that we have learnt from the conference and the OIX workshops is that government-led national eID schemes have a wider impact than just government. European governments are working towards identity schemes that work across borders and across industries. If Jersey does not take account of that, we will be left out in the cold in the next 3-5 years.
We are considering alignment with the identity verification scheme of a national government, either the UK or Estonia, to be key to the Jersey scheme being able to inter-operate internationally in the future, both with other governments and with the private sector.
In our minds we have all but dismissed the idea of a Jersey-only scheme that can only be used to identify Islanders accessing just States of Jersey websites.
Working through OIX
OIX – the Open Identity Exchange – is a interesting organisation, in that it is bringing together the companies that are the innovators in online identities to work together in a pre-competitive way in a “coopetition sandbox”. Together with buyer-side organisations such as GDS they are exploring the market for pan-industry digital ID solutions. Software vendors and service providers are putting their own money into joint research projects and agreeing that the outputs will be published in the public domain. 22 such projects have completed or are underway at the moment including one to capture the identity requirements of a range of industries (including retail, travel, dating, law, gambling, financial services, telecoms and lending) with the intention that UK Verify will expand to meet their collective needs.
The States of Jersey has joined OIX, which we see as excellent value and will enable us to propose a project for other OIX members to contribute to. The project brief will be along the lines of “how could the concepts and components that have been built for the UK Verify scheme be adapted to meet the needs of the Crown Dependencies?”. We are expecting some of the members of OIX to work with us on this report at their own cost; initial conversations with four other members indicated that they were all looking to expand the market for their service offerings and saw Jersey as an ideal testbed.
Jersey software companies may wish to join OIX (as two have done already) and participate both in the proposed project and in the wider sense. Our feeling is that this is a new, rapidly expanding field of innovation that Digital Jersey members could enter and launch commercial products on a global scale.
Open standards
There are some widely accepted open standards in use for web sites (known as ‘relying parties’) that need to rely on another organisation (the identity provider) to check a user’s identity when logging in. Right now – in parallel with work we’re doing on our strategic solution – we have a proof-of-concept project underway that will integrate an e-form based business process with MyGov. The use of open standards will mean that when the strategic solution is in place we can swap out the identity provider with only a minor amount of re-work.
Next steps
We are taking a two-pronged approach:
- The white paper that will be generated at the end of the discovery project will inform us whether a solution along the lines of UK Verify is viable, and if so we expect to tender for such as system in Q2 2016. By then we need to have a broadly complete set of requirements. Simplistically, the things we will want to procure will be:
- a way for citizens to register for an ID; during registration they will provide evidence of who they are and this will need to be checked;
- a way for citizens to log on when they need to prove who they are online;
- help to integrate the system with new and existing States of Jersey web sites.
If we pursue this route we will aim for the tender to allow potential suppliers latitude to be creative in their solution, and the competition won’t be limited to those who are members of OIX or have contributed to the report.
- Further exploring the Estonian model
Following on from last year’s visit to Estonia we are now looking in more detail at how their e-ID solution could be adapted for use in Jersey.