Authentication – who’s site is it really?
There are many issues in the business of authentication, and methods by which it is achieved, that are worth discussing at some length, but that is not the topic of this paper and they are not considered here.
The point of this paper is that whilst there was an enormous amount of material contained in the advice about authentication of the citizen/customer coming into the government system, there was nothing at all about how that user could authenticate the government web sites.
And that set me to thinking. Is there a difficulty about authenticating web sites. Obviously, if it make senses for the government to insist that people using its services have to be authenticated, those people should know precisely who or what in government they are dealing with?
Download the paper in PDF format here.