Companies in regulated UK industries are expected to join forces
to develop a cross-industry identity scheme that will allow them to
trust how each other identify and authenticate their employees.
If successful, the scheme, technically called a federated trust
scheme, will reduce the cost of background checks on new staff and
may allow individuals to switch employers more easily.
The initial target industries are financial services,
telecommunications, aerospace and defence, pharmaceuticals, energy
and law.
The scheme, based on similar projects overseas could start as
early as January 2010.
The UK Ministry of Defence, Rolls Royce, BAE Systems and
GlaxoSmithKline are among the British organisations that are
already members of similar US trust federations.
A new company, the British Business Federation Authority, has
been set up to coordinate the development of protocols that will
enable the credentials of a worker from one industry to be accepted
by employers in the same or another industry.
In UK, the credentials, which could be a smart card or a
software certificate, depending on the level of assurance required,
will operate independently of the proposed UK national ID card
scheme, said Patrick Curry, director of Clarion Identity and
spokesman for the team behind the initiative.
Patrick Curry said a national ID card capable of remote
authentication to a back-end database could greatly enhance the
industries' enrolment processes by helping to prove citizenship and
work entitlement for new employees.
The British Business Federation Authority (BBFA) aimed to cater
for organisations with credentials with different levels of
assurance, in different locations, across different industries, and
potentially across national borders, he said. Many of these
features were desirable in a national identity card system.
"The BBFA seeks to build its governance model on existing best
practice," he said. Overseas examples include the US
Federal Bridge,
CertiPath and
SAFE-BioPharma, the
Kantara Initiative,
NIST and
ISO.
The BBFA wanted the scheme to include geographic awareness for
location based services, data loss prevention and common federation
components in enterprise architectures. These could increase
re-use, and reduce cost and risk of the credential scheme, he
said.
Curry said the BBFA was starting to ask firms and organisations
for letters of intent to support the initiative and become the
founding members of the BBFA Steering Group.
The initiative is being steeering by a group know as the
cross-domain enabling group (XDEG) . Members of XDEG come from
Eurim, the
parliamentary-industry forum, the
British Computer Society, the
Institution of Engineering and
Technology (IET), Royal United
Services Institute (RUSI),
T-Scheme, the
UK electronic trust service self-regulatory body, as well as
academics from Oxford University and the London School of
Economics.