[Dave Birch] An example that I’ve used before to explore what can go wrong with identity management system is the smart card-based “strong” authentication system that has been delivered as part of the National Health Service (NHS) £20 billion Connecting for Health (CfH) scheme.

The poll of more than 300 GPs found that one in six family doctors said they were aware of NHS staff sharing smartcards in their area, and one in 20 GPs admitted they sharing their own smartcard. Reasons given included the time taken to log-on to systems or to access data at multiple terminals, and losing cards or leaving them at home.

[From E-Health Insider Primary Care :: CfH condemns smartcard sharing]

Now, obviously the $20 billion and-still-rising Connecting for Health scheme is hardly representative of the average project with identity management requirements, but it does illustrate what happens when the management consultant-driven top-down politically-architected grand project meets the real world: in the end, something always gives.

A spokesperson for NHS Conecting for Health said the sharing of smarcards was unacecceptable and a serious discplinary offence.

[From E-Health Insider Primary Care :: CfH condemns smartcard sharing]


What’s puzzling about all of this, to a technologist, is that the entirely predictable consequences of the implementation chosen would have been obvious to anyone with more than a passing acquaintance with security, smart cards, identity management or people.

These opinions are my own (I think) and are presented solely in my capacity as an interested member of the general public [posted with ecto]

Leave a Reply

Subscribe to our newsletter

You have successfully subscribed to the newsletter

There was an error while trying to send your request. Please try again.

By accepting the Terms, you consent to Consult Hyperion communicating with you regarding our events, reports and services through our regular newsletter. You can unsubscribe anytime through our newsletters or by emailing us.
%d bloggers like this:
Verified by MonsterInsights