The roles of Identity, Attribute and Orchestration Service Providers

Digital identity ecosystems rely on distinct service layers to verify who you are, assemble the details that describe you, and route that information securely to the parties that need it. Understanding the difference between Identity Service Providers, Attribute Service Providers and Orchestration Service Providers clarifies how your data moves, who checks it, and where it lands.

These roles are defined by the UK Digital Identity and Attributes Trust Framework (DIATF), which aims to create a secure and interoperable system for digital identity verification. The DIATF moves forward an efficient digital identity ecosystem by establishing clear standards and robust governance. For individuals it simplifies the process of proving identity, for example, and for businesses the framework builds consumer confidence.

Applications to be DIATF-approved may be assessed by BSI and the Kantara Initiative, which each completed a pilot assessment program and have been approved as conformity assessment bodies (CABs) to certify against the framework.

Identity Service Providers (IDSP)

Identity Service Providers are the gatekeepers of “who you are.” They prove and verify an individual’s identity, issue a digital credential or assertion on behalf of a relying party and often rely on government IDs, biometrics, or certified identity checks.

An example might be a recruitment agency uses an IDSP to confirm a candidate’s identity before processing applications. The IDSP issues a digital token stating, “Alice Smith is who she claims to be,” which the agency trusts.

Attribute Service Providers (ASP)

Attribute Service Providers focus on the pieces of information that describe you, such as age for age verification purposes. They gather, validate and package attributes (data elements) within a digital ID. They store user-approved details such as age, address, qualifications or employment status, and share only the attributes you authorize with identity providers and relying parties.

An example could be a landlord who needs to verify a tenant’s right to rent. The tenant consents to an ASP sharing their verified address and immigration status with the landlord’s portal.

Orchestration Service Providers (OSP)

Orchestration Service Providers act as the traffic controllers of identity data. They coordinate secure data flows between IDSPs, ASPs and relying parties. Manage consent, ensure protocols match and encrypt data in transit. They enable seamless end-to-end workflows without requiring each party to integrate separately.

An example would be when a bank onboards a new customer, the OSP ensures the IDSP and the ASP holding proof of address, and the bank’s own systems, exchange data smoothly, honoring user consent and security policies.

How they work together

IDSP confirms your identity; ASP curates the trusted details about you; OSP wires those pieces together under the right permissions and security controls.

Together, these providers form a flexible, secure digital identity framework that respects user consent and makes verification frictionless.

Article Topics

Attribute Service Providers  |  biometrics  |  DIATF certification  |  digital identity  |  Digital Identity and Attributes Trust Framework (DIATF)  |  Identity Service Providers (IDSP)  |  Orchestration Service Provider