Ben Laurie blathering

Government Consultation on Information Assurance

The government is running a consultation on its e–Government framework for Information Assurance. The thing I find most disappointing about it is the complete inability to see beyond identification as a means of access control. I believe it was at PET 2005 that someone claimed that an analysis of citizens’ interactions with government in Australia showed that in over 90% of cases there was no need for the individual to be identified – all that was needed was a proof of entitilement. This can be achieved quite easily even using the kind of conventional cryptography the framework advocates, though this will still allow a citizen’s interactions to be linked with each other – which we all know is not desirable. Even better to use zero knowledge or selective disclosure proofs, as discussed ad nauseam in this blog. Yet, despite this, there is not a single mention of any access control method other than complete identification.
If you do nothing else, I encourage you to make this point in any submission you make.


  1. Ben – can I also flag which I wrote to you about: place to collect things we need to say to CSIA about informaion assurance issues.
    which is where we can comment line by line (as you did already! But the link isnt on the CommentonThis home page)


    Comment by William — 2 Mar 2007 @ 18:35

  2. There is confusion in the IA draft about authorisation, because their basic definition is pre-authorisation, not authorisation at start of a transaction by providing a credential which is simply a proof of entitlement. The definition of authorisation in the draft is:

    “A.2.15 Authorisation
    Authorisation is the process of determining which activities and access are permitted to a client.”

    Then they add:

    “Within a session, a client may request authorisation to carry out further activities, which may require further authentication of the client to the service.”

    Which, in the absence of further extension or explanation, is just taking you back through the pre-authorisation process.

    But how is an entitlement credential supposed to be presented? I think that an even more basic problem is that they have not differentiated between attended and unattended transactions, even though the real goal for improved efficiency, better availability and doing it the way the EC wants, is unattended always available access from anywhere (which may not be possible today or even tomorrow for transactions requiring strong authentication).

    Comment by Peter Tomlinson — 4 Mar 2007 @ 15:27

  3. The problem is that one can’t trust an average Joe not to compromise his card (or whatever device would create assertions), so we need at least an assertion that comes with some identyfying data (ie. photo, …) or an assertion which the user can identify after having his card stolen (ie. without card). I can’t see a way to do second which doesn’t involve either a second card or trusting some third party. The first one doesn’t help much (the second card can also get stolen) and second is hard (for the lack of satisfactory third-parties), albeit not incoceivable (some mediocre password-based encryption + self-contained tamper-evident storage stored somewhere like bank vault).

    Comment by Robert Obryk — 25 May 2008 @ 19:12

RSS feed for comments on this post.

Sorry, the comment form is closed at this time.

Powered by WordPress