This article is more than 1 year old

Turnbull's Transformers intend to test single sign-on to Gov.au on the offshore, public cloud

Because after #CensusFail we're all up for biometrics guarded by unicorn worshippers

Australian prime minister Malcolm Turnbull's Digital Transformation Office (DTO) has posted the bones of a proposal for federated identity across Australian government web sites to GitHub.

Given that Australia can't manage a census, the idea that it's considering something as technologically and politically complex and/or risky - and on a public cloud, too - may raise eyebrows.

At the very least, federated identity looks hard for the DTO to pull off given that it doesn't maintain a functional capacity to explain it to The Register.

We're asking questions because the DTO's releases on GitHub are revealing, but since its average response time to questions from The Reg is measured in days and its standard response is “sorry”, it's hard to put its nuggets in context.

The Register can tell you, therefore, what we can glean about its Federated Identity project – which the PM hopes will deliver a national single sign-on for all citizens at all levels of government – but cannot put any of it into context, nor query the insular DTO bosses about its details.

Here's what we can surmise:

  • Biometrics – have been talked about in public, with no details. But the DTO's GitHub repo for the project tells us that facial recognition is under consideration.
  • State involvement – Malcolm Turnbull wants all states involved, but the only code contributions so far, outside of the DTO's own, have come from the New South Wales Roads and Maritime (RMS) department.
  • Deployment model – this is indeed a treat. In dealing with individual identifiers, the DTO has made the to-us-inexplicable decision to use a public cloud as the prototype.

All of this we have discerned by looking at the DTO's identity prototype as stuff gets added to it. The repo is here.

Facial recognition is revealed by this note, explaining that a file dependency had to be changed: "Fixing broken localstorage redux context changed hub-id to id as facial verification is pointing to id.apps”.

The lousy participation rate of states has two indicators. The repository was kicked off by forking a repo written by Mohan Ambalavanan, here.

Second, the only examples offered on the DTO repository – other than from the federal government – look like the NSW state government mock-up below.

DTO / RMS mockup image

NSW seems to like the idea of government single sign-on. Nobody else does

This could, of course, get updated if any other state decides it wants citizen identity handled by the DTO's UK seagull bosses and website designers.

The deployment model is a killer: the federated identity project is, at this stage, pre-alpha getting prepped for prototyping. It handles the most sensitive of personal data, identity, so of course the DTO's digital evangelists seem intent to testing the whole thing on a public cloud.

Specifically – at least from the notes accompanying Ambalavanan's “webpack starter” – the whole thing is meant to run on the Heroku cloud (these days owned by Salesforce). Heroku does not have a region in Australia.

We'd just love to ask someone at Turnbull's “how to transform an only-intermittently-successful agency into an Australian success by importing the same executives” and why prototype identity services should run in the cloud, never mind an offshore cloud.

The DTO therefore practises a curious mixture of radical openness – look at our code! – while also leaving its GitHub repositories without Readme files and just not replying to polite media inquiries.

Yet the facts we listed are easily discoverable in the GitHub repository.

Is the DTO not talking because it doesn't want Australia to know it's messing around in Heroku? Is it trying to kill the story?

Perhaps the DTO will read this and let us know. ®

More about

TIP US OFF

Send us news


Other stories you might like