Wednesday, August 01, 2007

Biometric entry into Australia

I'm still catching up with my news and I came across this story today (yes I know it was written almost a week ago). Apparently by 2010 non-Australian citizens will have to go through the pain of being fingerprinted and iris scanned when they enter the country. I imagine this will be similar to the process the US currently employs.

The most interesting thing from a technological standpoint was this statement:
"This information will be stored in the department’s central Identity Services Repository, which will be complemented with an ID management toolkit, including high-integrity enrolment and registration systems, forensic document examination techniques, a specialist identity investigation capability, advanced name search software, and an online document verification system."

It makes it sound easy doesn't it. Those of us who have had anything to do with identity Management and repositories know it's not, especially when you're talking about something of this scale. The thing that jumps out at me most of all is "central Identity Services Repository". Are they kidding? If that's really the plan, they better do some serious design work.

I'm also a little wary of the sentence: "ID management toolkit, including high-integrity enrolment and registration systems". Do they mean they want to use one of the provisioning solutions out there (I can make a pretty educated guess about what this would be because I know what they bought - I'm just not sure I'm allowed to say)? What's there to provision to besides the actual repository? The users being stored in the system will never have to use the system. I'm not saying that using a provisioning solution is a bad idea, but they don't need all the functionality that comes with it. The benefits you get from using an off-the-shelf product may not pay dividends here because of the performance trade-offs. They just need a scalable data store that performs. In other words, they need a great big relational database (or LDAP if they want something that has an open standard attached to it) with an application in front of it. I'm over-simplifying of course, but that's essentially what they need at the back end with the application being the glue between the biometric devices and the data store.

The DIAC actually have a bunch of off-the-shelf software products they could just pull out and use if they wanted. In fact, if I put my vendor hat on, I'd be able to slot a product into each part of the paragraph above (and not just for the "identity" part). But that would be fitting business processes to a set of products rather than the way it should be - figuring out what needs to be done and using the right solutions that fit.

IBM and Unisys are the service providers helping them put all this together and have their work cut out for them. They won't complain though. There's too much money to be made.

No comments: