No need to say it, it goes without saying, it should be obvious to all but,
just in case it isn't obvious to all,
IDA is dead.
IDA, now known as "GOV.UK Verify (RIP)",
is the Cabinet Office Identity Assurance programme.
We have seen how Digidentity, one of the Government Digital Service's "identity providers", can unilaterally revoke your on-line GOV.UK Verify (RIP) identity. In GDS's projected digital-by-default internet era world, with no on-line identity you won't exist.We have seen how users of GOV.UK Verify (RIP) who registered with Barclays may find it impossible to access public services.
Cassidian, Ingeus, Mydex, PayPal and Verizon have all pulled out as "identity providers" to GOV.UK Verify (RIP).
Who does that leave?
Among others, the trusty old Post Office:
What happens when DMossEsq now tries to access HMRC's on-line self-assessment service? He enters his username and password, the Post Office send a one-time password to his mobile, he enters it and sees:
But don't get your hopes up because next thing you know, "Aw, Snap! Something went wrong".
There are four more "identity providers" to check – CitizenSafe/GB Group plc, Experian, the Royal Mail and SecureIdentity/Morpho. But we're really not having much luck with GOV.UK Verify (RIP), are we. It doesn't work. That's what it looks like.
And by the way, when we say "trusty old Post Office", remember that the Post Office isn't actually certified trustworthy by tScheme. Their application lapsed 18 months ago in February 2015.
Digidentity, surprisingly in view of our findings, is certified trustworthy. But the Post Office isn't. It's not a "certified company", whatever the Government Digital Service say.
The Post Office is only allowed to operate as an "identity provider" because of some otherwise undisclosed connection to Digidentity:
If you register for GOV.UK Verify (RIP) via the Post Office, are you really being catered for by Digidentity?
Post Office uses the same system as another provider which has been t-Scheme certified, so we [GDS] have agreed that there is no need for a second certification of the same system unless and until Post Office introduces anything that is different in its system for verifying identities, in which case that would need to be separately certified.
No comments:
Post a Comment