Toward a Modern Magna Carta for Internet Identity


Many have noted similarities in the work of the US National Strategy on Trusted Identity in Cyberspace’s via its Identity Ecosystem Steering Group, and in the UK via HMG Cabinet Office Identity Assurance Program via its Identity Steering Group.

After the recent US National Strategy on Trusted Identity in Cyberspace Plenary in Atlanta, I attended meetings in London that focused on how the progress and precedents in GOV.UK Verify can inform business cases for identity services across both public and private sectors. The common denominator is a need for a private sector led, public private partnership, that helps accelerate the volume, velocity and variety of Internet transactions while recognizing government’s role in protecting the security and privacy of its citizens.

At an Open Identity Exchange (OIX) speaker’s dinner preceding a big tech entrepreneurs’ conference at the Royal Institute of Great Britain, industry leaders and investors from British banks and Silicon Valley talked about how best to grow bespoke services in the UK that interoperate with global identity ecosystems. There was begrudging acknowledgement that emerging UK identity services markets risk being dominated by a small group of US companies whose “walled gardens” and proprietary standards limit the upside and expansion for established and entrepreneurial enterprises alike in Britain.

All the attendees acknowledged that leveraging GOV.UK Verify as a catalyst for commercial services pivots on issues around how identity services that serve government might be repurposed for commercial applications. Put another way; what are the rules of the road in the UK for the reuse of government approved identity services?

The need for guidelines for the Internet—a Magna Carta, of sorts—was part of a discussion with Baroness Martha Lane Fox and others on the BBC recently. (http://www.bbc.co.uk/programmes/b048l00t). A week later in Silicon Valley, President Obama called for new cooperation to wrangle the Wild West of the Internet. (http://www.nytimes.com/2015/02/14/business/obama-urges-tech-companies-to-cooperate-on-internet-security.html?_r=0)

Francis Maude, the Minister for Cabinet OfficeHMG Minister for Cabinet Office Francis Maude reminded us before the dinner that all stakeholders have much to gain by a public-private partnership like OIX. It can help develop, deploy and govern a set of scheme rules that clarify and articulate the business, technical and legal interoperability requirements needed for robust business cases. The Right Honorable Francis Maude’s remarks  reminded many of us of his “JFDI” reference at the first Economics of Identity conference held last June in London.

Minister Maude eschewed that particular exhortation in his keynote last week, but his message was clear: British taxpayers will be well served by the efficiencies of the Government Digital Service (GDS) GOV.UK Verify program, as well as the catalyst it can provide to the emerging identity services in the UK private sector.

During the OIX member meetings that followed, GDS leader Chris Ferguson pointed to the challenge of starting with government procurement language to inform a public and private sector set of scheme rules.

The OIX Advisory Board noted the success of trust frameworks underway via the Transglobal Secure Collaboration Participation (TSCP) in defense and aerospace, and with the SAFE-BioPharma Association in the biopharmaceutical and healthcare sectors. Today these organizations provide identity federation services that are the rules of the road necessary to govern their sectors’ commercial Internet identity systems.

OIX UK is beginning to organize what we call a “scheme rules sprint” using a proven multi-stakeholder collaboration process that solves a specific and common problem. The process is key, as we take on the forcing-functions of transparency and a second annual Economics of Identity Conference on Canary Wharf on June 30 of this year. This work, like all others, will follow the now time-tested process set out in the UK Identity Steering Group, ensuring transparency and deliverables as we would expect with any government and Open Identity Exchange led project.

It is terribly presumptuous to compare our modest scheme rules or trust framework development efforts to a modern Magna Carta. But as they say in the UK, it’s a direction of travel, a way to honor the original Magna Carta on its anniversary and a road worth taking.

Don Thibeau