The U.S. government has long sought to create a single sign-on infrastructure that will help citizens access online services in a more organized and secure way. But the latest effort, Login.gov, has suffered a significant setback with the departure of the U.S. Citizen and Immigration Service's decision to pull out of the pilot program, as Federal News Radio reports:
[T]he decision by USCIS not to be a part of the initial pilot is a blow to a concept that has struggled over the last 15 years. Three other attempts to create a standard approach to identity management for citizen services either failed or never got far enough out of the starting gate to have an impact.
18F launched Login.gov in May, hoping to find the magic formula that has eluded others.
A government source, who requested anonymity, said the decision to for USCIS to drop out was a matter of risk versus reward. The official said that Login.gov has a lot of potential and is a service that the government would benefit from, but the time wasn’t right for USCIS.
The source said the main issue was USCIS would have to take on too much responsibility around security authorizations, cloud hosting and other support services while not having enough confidence that 18F would get the critical mass for Login.gov to make it a long-term viable option.
The source said USCIS is open to working with 18F in the future.
Analysis: Login.gov's woes underscore hard truths about digital transformation
18F is the organization under the General Services Administration that's guiding the project. It awarded Equifax a $3.3 million contract for some of the initial work on Login.gov. Without a high-level agency sponsor, however, Log-in.gov's momentum—what there was of it—has come to a halt.
But that's not necessarily a bad thing, according to Constellation Research VP and principal analyst Steve Wilson. That's because Login.gov or any other effort at a federated single sign-on must consider much more than the construction of shared infrastructure if it's going to be successful, he says.
"For many, many years, there has been an intuitive business case for federated single sign on, which says instead of having dozens of agencies managing identities for themselves, it's surely cheaper to have one hub that manages identification on behalf of all agencies, but the business case is just a guess," Wilson says. "What people overlook is that identification is a part of risk management. When an agency identifies users, it knows its own processes are imperfect but it also knows how to manage the occasional misidentification. When an agency outsources all that to a single sign-on hub, it is getting into unchartered territory."
In the case of Login.gov, each agency that uses it needs to spend time thoroughly understanding how it works, and needs to negotiate novel new contracts with the hub specifying what happens when there is a misidentification, Wilson adds.
"This is all new," Wilson says. "The cost of change is massive and never seems to be factored into the business case for SSO. So when USCIS says the reward for changing over to login.gov is less than the risk, what they're saying is, 'we've looked at the new way of doing identification, and cost and risk of the change over, including negotiating the new way of doing business with our existing users, is just too great.'We all know that the greatest cost in any digital transformation is change management. It's not the technology but the business processes, and the associated legal arrangements, that are most expensive to change."
Thus, Login.gov's stumbles have relevance for any organization or enterprise undergoing digital transformation efforts. It's not simply a case of building technology and throwing the switch, but keeping a much bigger picture in mind during the budgeting, planning and execution stages.
24/7 Access to Constellation Insights
Subscribe today for unrestricted access to expert analyst views on breaking news.