UK digital identity framework update invites organizations to begin testing
An updated framework for the UK’s plans for digital identity includes details on how technology providers would be assessed for certification, how data can be shared between organizations and a scheme to start alpha testing the framework with service providers.
Applications for the taking part in the testing process have already opened. Organizations that apply will assess themselves as to how their digital identity services meet the proposed trust framework. Expressions of interest in this alpha testing are being accepted up until 5 September and the first cycle of testing is expected to end in 2022. It will then move to beta testing – real-world scenarios through sandbox-style testing.
The updated framework shows how independent assessment will take place. Bodies accredited by the UK Accreditation service will conduct service audits to assess eligibility for entities wanting to carry out certification. But feedback also shows that not all relying parties (those which receive data to grant access to a service) feel they should be included, with some arguing: “it is disproportionate to expect relying parties to become certified against the trust framework. Given the wide variety of use cases for digital identity in the future, it does not appear realistic or necessary to expect all organisations who accept digital identity to be externally audited.” Shops selling alcohol is given as an example.
Updates also include new guidance on how organizations can work together – by sharing data – to deliver a better user experience and reduce the number of times users would have to verify themselves.
The overall aim of the scheme being overseen by the Department for Digital, Culture, Media and Sport is to make it faster and easier for people to verify themselves through a process as trusted as using passports and drivers licenses. The first framework was published in February 2021, and a public consultation was opened in July 2021 which is accepting comments on the frameworks until 13 September 2021. Comments on the first framework have already informed this second version along with further consultation with the public and private sectors, civil society and experts.
A “significant amount” of public feedback is raising concerns which the minister leading the scheme, Matt Warman MP, Minister for Digital Infrastructure, has addressed in a foreword to the updated framework: “Also of note were the responses received from members of the public, which included concerns and misconceptions about the government’s intentions for the framework. Their voices have been heard and we recognise their concerns must be addressed. In order to do so, we must go further in our communications to explain how our work differs from the centralised databases and identity cards of other nations; why a rules based approach will improve security rather than increase risks; and how the framework seeks to ensure transparency and control for people over how their data is used.”
The documentation also suggests that it noted a high level of repetitive language in public feedback “indicating that individuals were being directed by a single source.”
Industry feedback includes a positive comment from The Open Identity Exchange (OIX) which sees the alpha as a “good step towards defining how Digital ID can work successfully to support the UK economy.”
Some organizations found the trust framework “too prescriptive in certain areas.” This feedback has led to rules being updated to “further demonstrate the framework’s technology-neutral approach.”