The Post Office has tendered for the IT infrastructure to support its strategy to become an "identity assurance" service provider to business and government.
The Royal Mail subsidiary posted an accelerated contract notice in the Official Journal of the European Union, justifying its need for an accelerated process by saying it needs a third party provider to help it provide "comprehensive bids" to government and private organisations.
The contract notice is split into two lots. The first, worth £2.5 million, covers the provision of consumer’s data to the Post Office including name, date of birth, address, gender, date of death, identifying document numbers (e.g. passport, driving licence), financial history, electoral roll status, and telephone numbers. The Post Office stated it would need to "to modify or augment [the] data, and to assert rights over its future use by the provider".
Interesting Links
Identity Assurance warrants more public debate – Creating an ID register for 60 million-plus people is a very different challenge
The second lot, worth £6.5 million, will cover the identity management services themselves. The Post Office said it would accept wither a managed services set up, hosted by the provider, or an off-the-shelf service which could be integrated into the Post Office’s current systems.
The identity management software and systems will need to support the Security Assertion Markup Language 2.0 (SAML2) authentication standard, the contract notice said, as well as delivering single sign-on into the Post Office’s current systems.
The second lot also includes the provision of credentials such as near-field communications tokens and biometrics, mobile telephony integration, support and customer relationship management services, and management interfaces to ensure that any new services will work with the Post Office’s existing billing and reporting capabilities.
The IT services will support the Post Office’s plan to become one of the identity providers (IDPs) under the government’s Identity Assurance strategy.
As opposed to the previous government’s plan to build a unified ID management infrastructure for the UK, the current strategy is to build a federated system of identity that devolves responsibility for identifying the citizen to a number of trusted third parties from the private sector. The idea is to provide consumers a choice of identity providers while minimising cost to the government.
Cabinet Office minister Francis Maude allocated £10 million to fund the government’s Identity Assurance scheme in November last year. “We think government can and must be involved [in identity],” he said. “Not as Big Brother, in the way associated with ID cards, but as a little brother helping, supporting and providing […] funding.”
Speaking to Information Age after the announcement of the ID assurance scheme, the Post Office’s proposition manager for identity assurance Toby Stevens said that the key challenges facing the scheme were usability, governance and developing a commercial model.