UK firms sign up to identity credential scheme

Companies in regulated UK industries are expected to join forces to develop a cross-industry identity scheme that will allow them to trust how each other...

Companies in regulated UK industries are expected to join forces to develop a cross-industry identity scheme that will allow them to trust how each other identify and authenticate their employees.

If successful, the scheme, technically called a federated trust scheme, will reduce the cost of background checks on new staff and may allow individuals to switch employers more easily.

The initial target industries are financial services, telecommunications, aerospace and defence, pharmaceuticals, energy and law.

The scheme, based on similar projects overseas could start as early as January 2010.

The UK Ministry of Defence, Rolls Royce, BAE Systems and GlaxoSmithKline are among the British organisations that are already members of similar US trust federations.

A new company, the British Business Federation Authority, has been set up to coordinate the development of protocols that will enable the credentials of a worker from one industry to be accepted by employers in the same or another industry.

In UK, the credentials, which could be a smart card or a software certificate, depending on the level of assurance required, will operate independently of the proposed UK national ID card scheme, said Patrick Curry, director of Clarion Identity and spokesman for the team behind the initiative.

Patrick Curry said a national ID card capable of remote authentication to a back-end database could greatly enhance the industries' enrolment processes by helping to prove citizenship and work entitlement for new employees.

The British Business Federation Authority (BBFA) aimed to cater for organisations with credentials with different levels of assurance, in different locations, across different industries, and potentially across national borders, he said. Many of these features were desirable in a national identity card system.

"The BBFA seeks to build its governance model on existing best practice," he said. Overseas examples include the US Federal Bridge, CertiPath and SAFE-BioPharma, the Kantara Initiative, NIST and ISO.

The BBFA wanted the scheme to include geographic awareness for location based services, data loss prevention and common federation components in enterprise architectures. These could increase re-use, and reduce cost and risk of the credential scheme, he said.

Curry said the BBFA was starting to ask firms and organisations for letters of intent to support the initiative and become the founding members of the BBFA Steering Group.

The initiative is being steeering by a group know as the cross-domain enabling group (XDEG) . Members of XDEG come from Eurim, the parliamentary-industry forum, the British Computer Society, the Institution of Engineering and Technology (IET), Royal United Services Institute (RUSI), T-Scheme, the UK electronic trust service self-regulatory body, as well as academics from Oxford University and the London School of Economics.

Read more on IT governance