https://identityassurance.blog.gov.uk/2014/12/17/procurement-update-3/

Procurement update

The Contract Notice for the next framework for certified companies (formally known as identity providers) has now been published in the Official Journal of the European Union.

The procurement documents are also publicly available to download - look under the heading 'Procurements being run on behalf of customers' or search the page for 'verify'.

We'll be holding a briefing event in London on 8th January for all prospective bidders to answer questions about the procurement. To take part, bidders need to register by 6th January. The details of how to register are available through the Crown Commercial Service e-sourcing suite.

Potential bidders can ask questions by using the messaging tool within the e-sourcing suite. We will also answer questions here on the blog and through our Twitter account (@GOVUKverify).

We will send all the questions and answers to those that have registered on the e-sourcing suite. This is so that prospective bidders can have an official channel they can rely on to receive all the relevant information.

7 comments

  1. MarkK

    Processes for change are covered, but bids must presumably all work from the same documentation. Where does it specify which version of the reference documents (eg SAML spec and GPGs) are to be used? Could they please also all be linked from
    https://www.gov.uk/government/collections/identity-assurance-enabling-trusted-transactions
    as you have previously noted that the SAML spec there is out of date.

    Link to this comment
  2. MarkK

    Thanks for confirming we have the latest.
    On 10th November you advised:
    We’ll be updating the SAML profile shortly to reflect the language and other issues you mention.
    At what point will the necessary corrections be made so that, for example, the effort to change and test issues such as character set compatibility can be scoped and all characters used in (at least) Welsh supported?

    There are other documents referenced in the call, eg G3.1.2..
    the interim PKI for the IDAP Ecosystem Version [1.0] (the “CPS”) and the relevant
    Certificate Policies (the “CPs”). One would expect the policies to be available, even if not all of the CPS. Policies define significant matters with legal implications and aren't merely inconvenient detail. Which ones are they, and where can they be found? (The name 'Interim' also suggests an expected update.)

    On a completely different UX subject, why are the times of features related to user availability fixed on UTC rather than the UK local time relevant to the vast majority of likely users? (7am UTC is 8am in summer when most of us use BST.)

    Link to this comment
    • Janet Hughes

      Hi Mark - thanks again for your questions.

      The updated SAML profile will be published in January. For the purposes of preparing bids, please use the existing profile (v.1.1a).

      The Certification Practice Statement (CPS) and certification policies are not published. We'll publish a summary document for use by bidders by Tuesday, 23 December.

      We use UTC for the purposes of consistency across organisations so that all their logs are consistent.

      Link to this comment
  3. MarkK

    Any chance of an updated SAML profile yet?

    UTC for logs makes sense, but for specifying when a service is available to users, the local time zone of the majority of users would seem a more user-centric way to specify what is wanted.

    Link to this comment