Biometrics testing requirement strengthened in beta of UK digital ID trust framework
A beta version of the UK Government’s Digital Identity and Attributes Trust Framework has been published, updating the guidance based on the alpha testing process and feedback received from various stakeholders to require standards-based testing for all services using biometrics.
The alpha prototype was established last year to enable testing, and the Government contracted BritainThinks to gather information on public perceptions to further inform the updates.
The Department for Digital, Culture, Media & Sport (DCMS) engaged with more than 250 organizations across structured feedback sessions during the alpha phase, including 43 private sector organizations that volunteered for the self-assessment process.
The use of the trust framework in the new DBS checking requirement represents a test with a real-world use case.
A testing requirement for biometric technologies based on an industry standard has been added for the beta version, which elsewhere refers to ISO/IEC 19795-1:2021.
Other changes made in the beta version of the framework include expanding the private sector technology provider roles, which in the alpha version 2 framework were identity, attribute, and orchestration service provision, with sub-roles that clarify which type and rules apply. The new version also provides “flow down terms” for relying parties to adhere to the framework, though they do not need to be certified.
More detail was added to the section on fraud mitigation and management, and the section on joining the framework through a licensed scheme has been revised, as the market is not developed enough for DCMS to issue certifications or licenses in this way. DCMS has determined that the data schema should be consistent with different approaches to data exchange that foster interoperability, and not necessarily based on OpenID Connect or the W3C’s Verifiable Credentials.
The beta framework also includes a data protection impact assessment, and the Good Practice Guide 45 has been updated to ease self-assessment.
Beta testing is planned, but the details are still forthcoming. The inclusivity of biometric technologies will be tested among various “sandbox style exercises.”
A recent report from techUK warned that the progress made thus far on the national digital ID system could be lost if it is not followed with further action.