egov message
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]
Subject: RE: [egov] HUNGARIAN INITIATIVE
- From: "Peter F Brown" <peter@justbrown.net>
- To: <John.Borras@e-Envoy.gsi.gov.uk>,<egov@lists.oasis-open.org>
- Date: Tue, 4 May 2004 22:48:56 -0700
My first reaction, was: is this a product pitch?;
closely followed by my second reaction: is this timed deliberately to coincide
with Google's IPO?
The concept and infrastructure "seem" (qualified
because some phrases are not entirely clear in this English translation) quite
attractive, certainly in terms of replying to defined needs: an authenticated
online citizen identity. However, there are a few things that trouble me (as
well as the commercial questions):
- like Anders, I am concerned about the authority of
the "guardian" of personal information spaces. But I would go further: there is
a big question of responsibility and liability. Bluntly stated, I can sue an ISP
if it lost my data, allowed unauthorised access, or allowed my identity to
be stolen, provided I set the contract up adequately. A citizen cannot
however sue a government or hold it liable [1]. This is a commercial ISP
acting under the authority of a public administration, and would presumably have
very limited liability in cases of ID theft. That makes me
worried;
- the system architecture diagram refers to
"Internet/Anynet", but there is no evidence of how the system might handle a
non-Internet transaction: for example - authenticating a user ID by
challenge/response via a mobile phone in order to authorise a transfer or
personal data between two systems ("this is 'me' authorising the transfer of my
annual tax return, from my personal space - where it is drafted and
stored - to the tax authority, while on the end of a phone line on
holiday"....it's more or less a use case that I've heard several times
in the last few days). Without meaning to be too negative: it sounds very good,
but I lack details on the specs being proposed. Or is it a proprietary
black box? In which case, why not just use other DRM
solutions?
- this does look like an over-centralised model,
ultimately doomed if at all based on proprietary specs. It would be far
healthier to see the Hungarian government, or any other, look at SAML (an OASIS
spec) together with the work being done on "network identity" by the Liberty
Alliance. Given the range of vendors and users (=govt agencies) involved there,
this would seem to be a better bet. It would certainly be interesting to see
their reaction: this Hungarian example *might* be exactly the sort of proof of
concept that they are looking for, in which case I'll eat my words or
caution;
- the Hungarian Government is proposing to offer this
service free as a basic citizenship right? Wow...but as the company owns the
patents, the phrase "proprietary lock-in" comes to mind. What guarantees do the
government have for continuity of service? DNS persistence (wil they, or the
company, administer the namespaces?)? How are the authentication requirement
levels determined, and by whom?
I think what I'm coming to, in answering John's
specific question, is: no, we shouldn't add it to the eGov project list, except
perhaps to flag and signpost existing OASIS and other open specs as best
practice; and caution buy-in to any black box solution.
Peter
[1] I had a very interesting discussion today at
SUN in California with Simon Nicholson, former OASIS board member and ebXML
chair, and currently SUN's lead in the Liberty Alliance [2], during which we
discussed precisely these sorts of problems of "network
identity".
Colleagues
Please see the attached project outline
from a contact in Hungary. I would welcome any observations you may have
on this initiative and also views on whether we should add it to our TC
project list.
John
----- Forwarded by John
Borras/e-Envoy/CabinetOffice on 03/05/2004 10:55 -----
"Kakuk Ilona"
<ilonakakuk@axelero.hu>
25/03/2004 12:25
|
To
| "John Borras"
<john.borras@e-envoy.gsi.gov.uk>
|
cc
| "Andrew Pinder"
<andrew.pinder@e-envoy.gsi.gov.uk>
|
Subject
| |
|
Dear Mr Andrew Pinder and Mr John
Borras!
We met you Mr Pinder, in Hungary last
week. I gave you a short description about our hungarian logical egovernment
model concept, we called it "Documents Works" based on the "eSzéf" (Electronic
safe) technology.
This model solve number of questions
of the todays probelms, models of egovernment public services and create
an egovernment service layer between the government and citizens, business
entities, providing private security for the personal datas and
transactions, and a hierarchical private autenthication system, wich
satisfy's even the strongest law-requirements in EU states.
I hope, you could overview the
description.
We offer you to collaborate in this
project, and make a common EU project based on your results and on our
concept.
If you need further informations,
please feel free to contact me.
Furthermore, my company is the
project manager for project called here "KEIR", wich is a project for
standartisation of governmental records handling and management. Please give
me some information if you run similar projects or have results in that
field.
With thanks,
Ilona
Mrs Ilona Kakuk
general manager
LogiSter Ltd
+36-20-444 3980
ilonakakuk@axelero.hu
www.logister.hu
-
______________________________________________________________________
This
email has been scanned by the MessageLabs Email Security System.
For more
information please visit http://www.messagelabs.com/email
______________________________________________________________________
______________________________________________________________________
This
email has been scanned by the MessageLabs Email Security System.
For more
information please visit http://www.messagelabs.com/email
______________________________________________________________________
[Date Prev]
| [Thread Prev]
| [Thread Next]
| [Date Next]
--
[Date Index]
| [Thread Index]
| [List Home]