Government launches digital identity trust framework

The government has published a digital identity trust framework, setting out principles, polices procedures and standards to govern the digital identity market.  

The framework, which is in an “alpha” or prototype mode, aims to allow key stakeholders such as industries, services, organisatons and users to test and provide feedback on the document before a final version is published. Once the framework is finalised, it will be brought into law.

It sets out detailed requirements for organisations providing or using digital identity services, including having a data management policy in place and following industry standards for information security and encryption.

Organisations must also tell the user if any changes have been made to their digital identity account and follow guidance on how to choose secure authentication.

They will also have to publish a yearly report explaining which demographics have been or are likely to have been excluded from their service and why, in order to deal with any inclusivity problems .

In the framework’s foreword, digital infrastructure minister Matt Warman said it has “become increasingly important in this digital age to be able to establish trust, particularly online”.

“This is the foundation thriving markets are built on. Having an agreed digital identity that you can use easily and universally will be the cornerstone of future economies,” he said.

In November 2020, Computer Weekly reported that the Department for Digital, Culture, Media and Sport (DCMS) had been meeting with suppliers to discuss the future of the UK’s digital identity market and its plans for the trust framework

Warman said that the document is “the first ‘working’ version of the UK digital identity and attributes trust framework, and is an important step to meeting these commitments”.

“I want the trust framework to help facilitate a clear understanding between people using identity products, the organisations relying on the service and the service providers, letting each party know data is being used appropriately and kept safe,” he said.

“My department will actively seek feedback from across industry, civil society, other government departments, and the public sector over the coming months to develop the document further. All the trust framework joining requirements in the ‘alpha’ are subject to change in line with the feedback we receive.” 

The framework is also central to the Government Digital Service’s (GDS) work with “other departments to develop a new secure system that will make it easier to prove who you are online to access government services,” the framework said.

It added that being part of the UK digital identity and attributes trust framework will help organisations save time, money and effort, develop new services, deal with data breaches and identity fraud, as well as improve user experience.

Organisations can use the framework by themselves as a single organisation or as part of a scheme, the framework said, adding that they need to perform one of four roles.

These include an identity provider, which prove and verify user’s identities; an attribute service provider, which collects, creates or shares pieces of information that describe something about a user; an orchestration service provider, which ensures data can be securely shared between the roles; and a relying party, which are organisations that get services from other participants in the framework – this includes banks and retailers, which don’t check the users’ identities themselves.

“A scheme can help organisations work together more effectively by making it easier for them to share information. They can do this by adding additional requirements to the rules of the trust framework,” it said.

The framework will also promote the use of “vouching”, where trusted people in the community, such as teachers or doctors, can vouch for a person’s identity.

Commenting on the framework, Cabinet Office minister Julia Lopez said: “Products that help digitally to verify a person’s identity are becoming increasingly important as more areas of our work and home lives move online.

“Creating a common trust framework will give greater clarity and certainty to organisations that want to work in this field about what is expected of them. More importantly, however, it will help to deepen users’ trust and confidence in digital identities and the standards we expect in the safeguarding of their personal data and privacy.  

“GDS is working closely with DCMS and across government to develop guidance and products in support of the trust framework. We believe building users’ confidence will be fundamental to delivering our overall ambition to make it much easier and simpler for citizens to access government services online.” 

The government aims to publish the next iteration of the framework in summer 2021.