Note: These are rough notes from the W3C Workshop on eGovernment and the Web. It is being held in Washington DC on June 18th-19th.
Just like when a citizen talks to a Government representative and trusts them, he should be able to have the same trust when the citizen goes to a government Web site.
Average Joes want to be able to use the services. People get scammed. We have to make sure that we provide Average Joe with secure services.
According to a report, senior citizens are the fastest growing on-line audience, who will double by 2010. The US IRS Web site had 13.5 million unique visitors in March 2007.
Portals are a one stop shop for information. Secure portals are necessary.
The different parties are the users, the browsers (technical clients), government services, software, and the communication medium. All of these parties have to work at making things secure.
End-users can be insecure and error prone. Delegate as much responsibility as possible to technology. The W3C Security Context Working Group is trying to establish some type of visual trust context to help the user feel reasonably secure. Use SSL or SRP.
Use a federated identity that allows the user a single authentication service and access multiple heterogeneous services. There is OpenID.
Getting buy-in into a single IT installation from various departments and organizations of a Government is difficult.