RE: [egov] HUNGARIAN INITIATIVE

["Peter F Brown" <peter@justbrown.net>]

My first reaction, was: is this a product pitch?; closely followed by my second reaction: is this timed deliberately to coincide with Google's IPO?

 

The concept and infrastructure "seem" (qualified because some phrases are not entirely clear in this English translation) quite attractive, certainly in terms of replying to defined needs: an authenticated online citizen identity. However, there are a few things that trouble me (as well as the commercial questions):

 

- like Anders, I am concerned about the authority of the "guardian" of personal information spaces. But I would go further: there is a big question of responsibility and liability. Bluntly stated, I can sue an ISP if it lost my data, allowed unauthorised access, or allowed my identity to be stolen, provided I set the contract up adequately. A citizen cannot however sue a government or hold it liable [1]. This is a commercial ISP acting under the authority of a public administration, and would presumably have very limited liability in cases of ID theft. That makes me worried;

- the system architecture diagram refers to "Internet/Anynet", but there is no evidence of how the system might handle a non-Internet transaction: for example - authenticating a user ID by challenge/response via a mobile phone in order to authorise a transfer or personal data between two systems ("this is 'me' authorising the transfer of my annual tax return, from my personal space - where it is drafted and stored - to the tax authority, while on the end of a phone line on holiday"....it's more or less a use case that I've heard several times in the last few days). Without meaning to be too negative: it sounds very good, but I lack details on the specs being proposed. Or is it a proprietary black box? In which case, why not just use other DRM solutions?

- this does look like an over-centralised model, ultimately doomed if at all based on proprietary specs. It would be far healthier to see the Hungarian government, or any other, look at SAML (an OASIS spec) together with the work being done on "network identity" by the Liberty Alliance. Given the range of vendors and users (=govt agencies) involved there, this would seem to be a better bet. It would certainly be interesting to see their reaction: this Hungarian example *might* be exactly the sort of proof of concept that they are looking for, in which case I'll eat my words or caution;

- the Hungarian Government is proposing to offer this service free as a basic citizenship right? Wow...but as the company owns the patents, the phrase "proprietary lock-in" comes to mind. What guarantees do the government have for continuity of service? DNS persistence (wil they, or the company, administer the namespaces?)? How are the authentication requirement levels determined, and by whom?

 

I think what I'm coming to, in answering John's specific question, is: no, we shouldn't add it to the eGov project list, except perhaps to flag and signpost existing OASIS and other open specs as best practice; and caution buy-in to any black box solution.

 

Peter

 

[1] I had a very interesting discussion today at SUN in California with Simon Nicholson, former OASIS board member and ebXML chair, and currently SUN's lead in the Liberty Alliance [2], during which we discussed precisely these sorts of problems of "network identity".

[2] www.projectliberty.org

---

From: John.Borras@e-Envoy.gsi.gov.uk [mailto:John.Borras@e-Envoy.gsi.gov.uk]
Sent: Monday, May 03, 2004 11:49 PM
To: egov@lists.oasis-open.org
Cc: ilonakakuk@axelero.hu
Subject: [egov] HUNGARIAN INITIATIVE

Colleagues

Please see the attached project outline from a contact in Hungary.  I would welcome any observations you may have on this initiative and also views on whether we should add it to our TC project list.

John

----- Forwarded by John Borras/e-Envoy/CabinetOffice on 03/05/2004 10:55 -----

"Kakuk Ilona" <ilonakakuk@axelero.hu>

25/03/2004 12:25

To	"John Borras" <john.borras@e-envoy.gsi.gov.uk>
cc	"Andrew Pinder" <andrew.pinder@e-envoy.gsi.gov.uk>
Subject

Dear Mr Andrew Pinder and Mr John Borras!

We met you Mr Pinder, in Hungary last week. I gave you a short description about our hungarian logical egovernment model concept, we called it "Documents Works" based on the "eSzéf" (Electronic safe) technology.

This model solve number of questions of  the todays probelms, models of egovernment public services and create an egovernment service layer between the government and citizens, business entities, providing private security for  the personal datas and transactions,  and a hierarchical private autenthication system, wich satisfy's even the strongest law-requirements in EU states.  

I hope, you could overview the description.

We offer you to collaborate in this project, and make a common EU project based on your results and on our concept.

If you need further informations, please feel free to contact me.

Furthermore, my company is the project manager for project called here "KEIR", wich is a project for standartisation of governmental records handling and management. Please give me some information if you run similar projects or have results in that field.

With thanks,

Ilona
Mrs Ilona Kakuk
general manager
LogiSter Ltd
+36-20-444 3980
ilonakakuk@axelero.hu
www.logister.hu
-          

______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________
______________________________________________________________________
This email has been scanned by the MessageLabs Email Security System.
For more information please visit http://www.messagelabs.com/email
______________________________________________________________________