single sign-on and data sharing

I haven’t seen my old colleague Stefan Brands for a while, but most days I’ll find myself thinking of or mentioning his work – particularly given some of the naivety and poor thinking that still seems to be doing the rounds when it comes to “data sharing“.

Thankfully, a lot of Stefan’s excellent work in this area from a decade or more ago is still online at his Credentica website.

For anyone who wonders how you can tackle problems like proving who you are online and proving your entitlement to something without handing over loads of sensitive personal data too, take a look at his site and catch-up with state of the art … as it already was 10 years ago.

It’s a reminder that solutions to these issues have been around a long time, yet we still see ill-informed approaches to the topic that assume slopping data around is the way to go – an approach which seems rooted in the pre-digital mindset of carbon paper and filing cabinets.

For anyone wanting an overview of how to do secure, privacy-aware single sign-on and data sharing in a government context, the PowerPoint deck here (.PPT) provides a good overview. It’s animated so you’ll need to run it in presentation mode.

What’s frustrating is why, after all this time, so few people seem to have implemented it and instead keep banging on about the need to copy data around – apparently oblivious to the negative impact it has on fraud,  security and self-esteem. Perhaps that’s because, as Bill Buxton has pointed out, it can often take around 20 years from an initial idea to its mainstream implementation and adoption.

Hopefully, with the likes of the federated trust model being implemented by Verify and the desire to make better use of data in the public sector and to strengthen cyber security, we’ll start to see some implementations of the type of approach Stefan outlined sooner rather than later.

It’s time to finally get away from all the security, fraud and privacy risks of the lazy “data sharing” mindset – and put citizens and consumers back in control of their own data.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.