Tuesday, 29 May 2018 11:24

Open source, open standards to underpin Govpass Featured


When the Federal Government begins its trial of the identity solution Govpass in October, it will be both a proud and a nervous time for Rupert Taylor-Price, the man behind Vault Systems, the company providing the cloud infrastructure for the solution.

Taylor-Price told iTWire in an interview that Govpass was one of the most sensitive systems outside defence and intelligence that the government has had to run because it would be a single repository of all of the information of all Australians, "an incredibly sensitive dataset".

The system is intended to allow Australians to be able to prove their identity to government services online. According to the Digital Transformation Agency, "Users will be able to prove themselves by having an accredited organisation vouch for them, such as a government agency, or in the future, even their own bank."

One would need to provide personal details to establish a Govpass ID; after this is set up, most of the personal data will be deleted. The government allocated $92.4 million in the recent Federal Budget to see the project through to completion.

"All ID information in government today is held by each individual agency and each time you go to an agency you have to re-identify yourself, re-prove who you are and there is a process whereby they create some kind of an identity for you," Taylor-Price said, pointing out the problem that Govpass was meant to solve.

Given the fact that a move to set up a national identity card many years ago was as popular as having stones for breakfast, Taylor-Price said the DTA had consulted privacy groups before starting out.

"The DTA did an industry-wide consultation where they approached all of the privacy groups and they also got an external consultant to come in and assess the privacy impact that this would have," he said.

rupert taylor price

Rupert Taylor-Price: "...we're trying to support government in the move to open source and open standards."

As the Australia Card was not very well received, he said what was needed was to find a way to meet the security and privacy to a level which with the Australian public was comfortable.

Taylor-Price said there were many facets to how this was managed "including an opt-in system, how they manage the data within that system and using a cloud system like ours, which is entirely Australian-owned and located within the Australian legal jurisdiction. It has been certified by the Australian Signals Directorate and meets a whole range of security requirements."

Vault Systems is one of four Australian providers to have the coveted Protected status from the ASD for its cloud offering, the other three being Macquarie Government, Sliced Tech and Dimension Data. Microsoft was certified as the fifth provider recently.

"For an individual citizen, their identity is the most sensitive data that the government holds," said Taylor-Price who started Vault Systems some six years ago. "If they are working with the Department of Human Services that information is very sensitive as it could include medical records, psychological assessments, criminal history.

"Citizens don't choose the data that government comes to hold, it is picked up by compliance programs and brought into government.

"So we decided to build multiple clouds at the different security classifications, but all to the same high security standards. What we've done with Govpass is an example of the type of systems with which our entire business was built."

Taylor-Price, who has worked in government for 12 years, said Vault Systems was more involved in "the automation, the cloud technology, the delivery of the actual infrastructure and environment that sits behind that".

He said the DTA, along with the Australian tax Office and the Department of Human Services would run Govpass.

"What Govpass has done is quite unique, they have looked at how they can work with industry as well so the same ID information can be used for interaction with commercial entities," he said.

The DTA was trying to reduce the amount of vendor lock-in in government services, and that suited Vault Systems as it had always worked with open standards. Its cloud is built on the open source OpenStack platform and security is baked in.

"Government has a strong history of working with proprietary vendors and essentially getting locked in," Taylor-Price pointed out. "They think they embark on a project at a certain cost point and then, because they are in a proprietary environment, they lose the flexibility of being able to move within that environment.

"That's when you get the contract variations, you hear of costs being many times the initial budget (and) a lot of that comes down to proprietary and vendor lock-in. So there has been a big movement within government to move towards open source."

He said the DTA had a digital service standard and specification seven on that required open source and open standards. "It was a recommendation that went to government under (current Minister for Law Enforcement and Cyber Security) Angus Taylor last year to try and mandate the use of open standards across government.

"But, of course, there are a lot of competing financial interests that want as many proprietary systems within government as possible and we're trying to support government in the move to open source and open standards."

He said Vault Systems had a very different ethos and agenda to proprietary organisations.

"Microsoft is a partner of Vault Systems, we run many Microsoft workloads on top of our open source and open standards platforms. Because the base system is open source and [conforms to] open standards doesn't rule out running proprietary loads on top.

"We think it is important that the base infrastructure, the cloud layer conforms to open standards. The further down the stack you have open standards, the more flexibility you have. That would give government the freedom to move between providers."

Asked about the security of the set-up, Taylor-Price was quietly confident, but avoided any hype.

"[There are] always risks, no system is perfect," he said. "We have built in all system requirements natively into the base platform. All security components have been re-engineered at their source to natively meet the government requirements. I'm very sure this is the most secure platform the government has to host systems on."

Read 4126 times

Please join our community here and become a VIP.

Subscribe to ITWIRE UPDATE Newsletter here
JOIN our iTWireTV our YouTube Community here


The past year has seen a meteoric rise in ransomware incidents worldwide.

Over the past 12 months, SonicWall Capture Labs threat researchers have diligently tracked the meteoric rise in cyberattacks, as well as trends and activity across all threat vectors, including:

Encrypted threats
IoT malware
Zero-day attacks and more

These exclusive findings are now available via the 2022 SonicWall Cyber Threat Report, which ensures SMBs, government agencies, enterprises and other organizations have the actionable threat intelligence needed to combat the rising tide of cybercrime.

Click the button below to get the report.



It's all about Webinars.

Marketing budgets are now focused on Webinars combined with Lead Generation.

If you wish to promote a Webinar we recommend at least a 3 to 4 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site itwire.com and prominent Newsletter promotion https://itwire.com/itwire-update.html and Promotional News & Editorial. Plus a video interview of the key speaker on iTWire TV https://www.youtube.com/c/iTWireTV/videos which will be used in Promotional Posts on the iTWire Home Page.

Now we are coming out of Lockdown iTWire will be focussed to assisting with your webinars and campaigns and assistance via part payments and extended terms, a Webinar Business Booster Pack and other supportive programs. We can also create your adverts and written content plus coordinate your video interview.

We look forward to discussing your campaign goals with you. Please click the button below.


Sam Varghese

Sam Varghese has been writing for iTWire since 2006, a year after the site came into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News