Plans for digital identity provider participation in UK government system partially revealed
Indications of the UK Government Digital Service’s (GDS’s) plans for digital identity after the expected sunset of its Gov.uk Verify service are beginning to accumulate, with private companies in the digital ID space in communication with the agency over recent weeks, according to an illuminating blog by Computer Weekly.
The need for the Department for Work and Pensions (DWP) to rapidly process Universal Credit applications when the lockdown struck motivated the extension of Verify’s funding for an additional 18 months, but conditional on no other services adopting it. DWP is also proceeding with plans to reduce its reliance on Verify.
Department for Culture, Media and Sport (DCMS), which is supposed to set digital identity policy in Britain, and the GDS, which sets policy for digital identity for national government services, are supposed to form a joint Digital Identity Unit, but its implementation has been delayed by the pandemic response.
Documents provided to private sector players by the GDS and seen by Computer Weekly are reported to show that the agency intends to replace Verify with a trust mark scheme for digital identity products, known as the Identity and Attributes Exchange (IAX).
Digital identity services can be certified for IAX, based on adherence to the Good Practice Guide (GPG) 44 and 45 standards, by an independent auditor. Once certified, an authentication solution can be used across public and private online services. The ecosystem GDS describes is strikingly similar to the original vision for Verify, Computer Weekly notes. GPG45 is an aging standard, according to the report, which is not well suited to supporting smartphones or eID document data, and has been adopted by Verify, but not commercial digital identity providers.
IAX divides stakeholders into “buyers,” usually known as relying parties, identity providers, attribute providers, such as passport and driver’s license issuers, and brokers, which connect stakeholders to allow buyers to access multiple identity or attribute providers.
What is not included yet are the legal and commercial conditions.
GDS suggests that an IAX trust mark could make it easier to qualify for other industries, or even enable separate certification processes to be skipped, but Computer Weekly says indications from the financial services sector are not positive.
GDS is currently soliciting feedback on the system.
A consultation on private and public sector cooperation on digital identity was due from GDS last year, before being pushed back to spring of 2020. It has yet to be released.