Home Government Tech Policy Open source, open standards to underpin Govpass
Open source, open standards to underpin Govpass Featured

When the Federal Government begins its trial of the identity solution Govpass in October, it will be both a proud and a nervous time for Rupert Taylor-Price, the man behind Vault Systems, the company providing the cloud infrastructure for the solution.

Taylor-Price told iTWire in an interview that Govpass was one of the most sensitive systems outside defence and intelligence that the government has had to run because it would be a single repository of all of the information of all Australians, "an incredibly sensitive dataset".

The system is intended to allow Australians to be able to prove their identity to government services online. According to the Digital Transformation Agency, "Users will be able to prove themselves by having an accredited organisation vouch for them, such as a government agency, or in the future, even their own bank."

One would need to provide personal details to establish a Govpass ID; after this is set up, most of the personal data will be deleted. The government allocated $92.4 million in the recent Federal Budget to see the project through to completion.

"All ID information in government today is held by each individual agency and each time you go to an agency you have to re-identify yourself, re-prove who you are and there is a process whereby they create some kind of an identity for you," Taylor-Price said, pointing out the problem that Govpass was meant to solve.

Given the fact that a move to set up a national identity card many years ago was as popular as having stones for breakfast, Taylor-Price said the DTA had consulted privacy groups before starting out.

"The DTA did an industry-wide consultation where they approached all of the privacy groups and they also got an external consultant to come in and assess the privacy impact that this would have," he said.

rupert taylor price

Rupert Taylor-Price: "...we're trying to support government in the move to open source and open standards."

As the Australia Card was not very well received, he said what was needed was to find a way to meet the security and privacy to a level which with the Australian public was comfortable.

Taylor-Price said there were many facets to how this was managed "including an opt-in system, how they manage the data within that system and using a cloud system like ours, which is entirely Australian-owned and located within the Australian legal jurisdiction. It has been certified by the Australian Signals Directorate and meets a whole range of security requirements."

Vault Systems is one of four Australian providers to have the coveted Protected status from the ASD for its cloud offering, the other three being Macquarie Government, Sliced Tech and Dimension Data. Microsoft was certified as the fifth provider recently.

"For an individual citizen, their identity is the most sensitive data that the government holds," said Taylor-Price who started Vault Systems some six years ago. "If they are working with the Department of Human Services that information is very sensitive as it could include medical records, psychological assessments, criminal history.

"Citizens don't choose the data that government comes to hold, it is picked up by compliance programs and brought into government.

"So we decided to build multiple clouds at the different security classifications, but all to the same high security standards. What we've done with Govpass is an example of the type of systems with which our entire business was built."

Taylor-Price, who has worked in government for 12 years, said Vault Systems was more involved in "the automation, the cloud technology, the delivery of the actual infrastructure and environment that sits behind that".

He said the DTA, along with the Australian tax Office and the Department of Human Services would run Govpass.

"What Govpass has done is quite unique, they have looked at how they can work with industry as well so the same ID information can be used for interaction with commercial entities," he said.

The DTA was trying to reduce the amount of vendor lock-in in government services, and that suited Vault Systems as it had always worked with open standards. Its cloud is built on the open source OpenStack platform and security is baked in.

"Government has a strong history of working with proprietary vendors and essentially getting locked in," Taylor-Price pointed out. "They think they embark on a project at a certain cost point and then, because they are in a proprietary environment, they lose the flexibility of being able to move within that environment.

"That's when you get the contract variations, you hear of costs being many times the initial budget (and) a lot of that comes down to proprietary and vendor lock-in. So there has been a big movement within government to move towards open source."

He said the DTA had a digital service standard and specification seven on that required open source and open standards. "It was a recommendation that went to government under (current Minister for Law Enforcement and Cyber Security) Angus Taylor last year to try and mandate the use of open standards across government.

"But, of course, there are a lot of competing financial interests that want as many proprietary systems within government as possible and we're trying to support government in the move to open source and open standards."

He said Vault Systems had a very different ethos and agenda to proprietary organisations.

"Microsoft is a partner of Vault Systems, we run many Microsoft workloads on top of our open source and open standards platforms. Because the base system is open source and [conforms to] open standards doesn't rule out running proprietary loads on top.

"We think it is important that the base infrastructure, the cloud layer conforms to open standards. The further down the stack you have open standards, the more flexibility you have. That would give government the freedom to move between providers."

Asked about the security of the set-up, Taylor-Price was quietly confident, but avoided any hype.

"[There are] always risks, no system is perfect," he said. "We have built in all system requirements natively into the base platform. All security components have been re-engineered at their source to natively meet the government requirements. I'm very sure this is the most secure platform the government has to host systems on."


With 4 keynotes + 33 talks + 10 in-depth workshops from world-class speakers, YOW! is your chance to learn more about the latest software trends, practices and technologies and interact with many of the people who created them.

Speakers this year include Anita Sengupta (Rocket Scientist and Sr. VP Engineering at Hyperloop One), Brendan Gregg (Sr. Performance Architect Netflix), Jessica Kerr (Developer, Speaker, Writer and Lead Engineer at Atomist) and Kent Beck (Author Extreme Programming, Test Driven Development).

YOW! 2018 is a great place to network with the best and brightest software developers in Australia. You’ll be amazed by the great ideas (and perhaps great talent) you’ll take back to the office!

Register now for YOW! Conference

· Sydney 29-30 November
· Brisbane 3-4 December
· Melbourne 6-7 December

Register now for YOW! Workshops

· Sydney 27-28 November
· Melbourne 4-5 December



Australia is a cyber espionage hot spot.

As we automate, script and move to the cloud, more and more businesses are reliant on infrastructure that has the high potential to be exposed to risk.

It only takes one awry email to expose an accounts’ payable process, and for cyber attackers to cost a business thousands of dollars.

In the free white paper ‘6 Steps to Improve your Business Cyber Security’ you’ll learn some simple steps you should be taking to prevent devastating and malicious cyber attacks from destroying your business.

Cyber security can no longer be ignored, in this white paper you’ll learn:

· How does business security get breached?
· What can it cost to get it wrong?
· 6 actionable tips


Sam Varghese

website statistics

Sam Varghese has been writing for iTWire since 2006, a year after the sitecame into existence. For nearly a decade thereafter, he wrote mostly about free and open source software, based on his own use of this genre of software. Since May 2016, he has been writing across many areas of technology. He has been a journalist for nearly 40 years in India (Indian Express and Deccan Herald), the UAE (Khaleej Times) and Australia (Daily Commercial News (now defunct) and The Age). His personal blog is titled Irregular Expression.


Popular News




Sponsored News