Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.
To post in this sub-forum you must have made 100 posts or have Trust status or have completed our ID Verification



ForumsPoliticsDigital Identity Bill - Harmless or the start of something sinister?
View this topic in a long page with up to 500 replies per page Create new topic
1 | 2 

gzt

gzt
18686 posts

Uber Geek
+1 received by user: 7827

Lifetime subscriber

  #2830511 11-Dec-2021 21:19
Send private message

David321: Digital Identity Bill - Harmless or the start of something sinister?

This sounds a lot like "5G - Faster mobile networks or Bill gates secret mind control plan?" ; )🐇🐇🥕

Back to the bill. I have no idea. I read the introduction to the bill. It was not enlightening. I'm guess it will allow govt depts and approved 3rd parties to verify identity in relation to govt services using RealMe mechanisms instead of asking for a driver's license etc.

https://www.legislation.govt.nz/bill/government/2021/0078/latest/d3525532e2.html#LMS459582

Governments of all stripes do tend to like this stuff because it makes life simple when knowing they are delivering services to actual people. That's a good reason for everyone else to look twice. Tldr; bill has crappy introduction and does not surprise me no one can figure out what it's for. Maybe I'll read the whole thing one day maybe you should instead.



David321

507 posts

Ultimate Geek
+1 received by user: 105


  #2830519 11-Dec-2021 21:36
Send private message

gzt:
David321: Digital Identity Bill - Harmless or the start of something sinister?

This sounds a lot like "5G - Faster mobile networks or Bill gates secret mind control plan?


Yeah I was just thinking it sounds like a NZ Herald headline eh? Lol

Well done for the most on topic answer though! 👏




_David_

BarTender
3629 posts

Uber Geek
+1 received by user: 2572

ID Verified
Trusted
Lifetime subscriber

  #2841197 1-Jan-2022 09:01
Send private message

Coming back to this early on New Years day as everything is quiet across the house here and relaxing.

 

My understanding is the desire for wider uptake of RealMe across private enterprise rather than solely focusing on Government Agencies.

 

There are many constraints with RealMe as it stands today in regards to who can use it and how the data can be leveraged. These issues include (but are not limited to)

 

  • They only use SAML rather than moving to OpenID Connect for modern authentication providers even though they just went through a like for like migration from Forgerock to Microsoft B2C which natively supports OIDC.
  • Even after you are onboarded as an agency all you get in the SAML Response is a FLT aka random number which is meaningless and only really proves you were able to login via RealMe which anyone can do with an email address so you as a target agency still need to verify who the user is as all that RealMe has provided "A user was able to login" and potentially the agency has offloaded 2FA controls to RealMe. If you used RealMe to login to MyCovidRecord and weren't a Verified Identity you would notice you still needed to provide DL/Passport to MoH and MoH verified your identity on the spot instead of RealMe.
  • If you are going for the high level "Verified Identity" login in RealMe only a small percentage of the population have bothered to do it, granted with MoH supporting Verified Identity will have no doubt gone up, but the barriers for using Verified Identity is far higher than standard RealMe login.

The other problem is Banks and large utilities think they can get into the Identity game as they have the customer base which is really what this trust framework is all about, my concern has always been even with banks you have a mortgage with do you want them to know you have logged into various other sites. It's the same issue with Google / GMail or Social Providers. Plus in a true decentralised identity model you can't easily move between providers as it's all blockchain nonsense whereas that disregards that humans are inherently will forget their password so recovery of the account is always required so the private keys need to be kept somewhere. 

 

IMHO the only option is RealMe, they could innovate more and potentially other orgs could adopt it but there is zero chance it will be mandated for access to NZ based services.

 

And if you ever wanted an examples of what the clearly deranged would do you just need to read the outdoors party response.

 

https://www.parliament.nz/en/pb/bills-and-laws/bills-proposed-laws/document/BILL_116015/tab/submissionsandadvice

 

 

1 | 2 
View this topic in a long page with up to 500 replies per page Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright