Smartcard vendors will have a lot more to chew over this Christmas than the usual cake and pudding, given two significant tenders coming from the Federal Department of Human Services:
- Last week (27 November), Minister Hockey announced that an industry briefing will be held for the planned Health and Social Services Access Card. This briefing will be held in Sydney on 13 December to “inform the IT industry about the project prior to tenders being released”. As yet there is still no indication whether the tenders themselves will be released before Christmas. The briefing will also cover progress on privacy issues and provide an exposure draft of the access card legislation, for public consultation.
- Five days earlier (22 November), Human Services released its large Centrelink tender for a “staff identification card and related issuance services” The closing date for this tender will be 19 January.
The Centrelink tender could easily be underestimated given that its larger twin has received so much media attention. However there are a number of significant considerations for those who are monitoring smartcard directions in the federal government.
The Centrelink tender reinforces the need for a whole-of-government approach to identity management. This has now become a common theme worldwide. Centrelink draws strong linkages with the AGIMO IMAGE Framework (Refer Tender Section 2.2). While still largely under development, the IMAGE Framework is clearly drawing much of its detail from other well established international (ISO) and United States (FIPS) standards. In particular, the Centrelink tender singles out the United States PIV/FIPS 201 standard. This standard had its origins in the aftermath of September 11, and came about from no less than a formal Presidential Decree to develop a common way of managing the identification of government officials.
An interesting aspect of the tender is the release of Centrelink’s own internally developed security protocol called PLAID (Protocol for Lightweight Authentication of ID). At a time when common protocols and open systems are a common theme in technology development, this would appear to be an unusual diversion from accepted practice. However the tender does go to some lengths to explain the clear business and security exposures that are being addressed. If it gains acceptance, the protocol may find its way into future government tenders.
In a commendable effort to create a level playing field for international tenderers, Centrelink provided the following definitions in the Tender’s Glossary of Terms, presumably to explain the Australian Coat of Arms:
- “Kangaroo means a hopping marsupial of genus Magaleia rufa ……”
- “Emu means a flightless bird of genus Dromaius novaehollandiae ….”
Unfortunately there were no animations provided in the Glossary.