Luciditi first to claim certification across full spectrum of UK trust framework roles

Digital identity firm Luciditi has become the first provider to certify against all five roles of the UK’s Digital Identity and Attributes Trust Framework (DIATF). An announcement from the firm says that means it is now certified as an Identity Provider, Attribute Provider and Orchestration Service, as well as two new roles included in version 0.4 of the DIATF: Holder Service and Component Service.

“Achieving certification across all five roles is more than a technical milestone – it’s a statement of trust,” says Philip Young, CTO of Luciditi. By covering the full spectrum of roles, he says, the Luciditi platform ensures that every interaction meets the highest standards of compliance and security.

“We’re enabling businesses to adopt digital identity services with confidence, while giving individuals control over their data in a way that is simple, secure and interoperable with other DVS provider services.” (These include Yoti, Post Office EasyID and Lloyds Bank Smart ID.)

The Luciditi app now officially boasts the Holder Service certification, and the Luciditi Mobile SDK Component Service brings Luciditi’s trusted age and ID checks directly into apps and services customers already use.

Luciditi says the latter is aimed at retail, hospitality and other consumer-facing sectors, to enable businesses to offer age and identity verification without rebuilding digital infrastructure.

UK government to digital verification providers: know your role

The Office for Digital Identities and Attributes (OfDIA) and Department for Science, Innovation and Technology (DSIT) have published an explainer on the five different roles that can qualify a service for certification under DIATF, including the two added in the recent pre-release of the gamma (0.4) publication of the framework.

Holder service providers (HSPs) “allow users to store and manage their identity and attribute information for future reuse. Digital wallets and personal data stores are both types of holder services.” The Luciditi app is a pertinent example.

Component service providers (CSPs) “specialize in just part of the various identity verification or authentication processes, such as fraud checks or biometric face scans.” CSPs might provide pieces of technology for other IDV and digital ID vendors.

These two roles join the three existing designations. Identity service providers (IDSPs) prove and verify a user’s identity at a single point in time; they might also be called identity verification providers. Attribute service providers (ASPs) “collect, create, check, or share a single piece of information about a user, for example that they are over a certain age.” Age assurance providers – which also describes Luciditi – fall into this category.

Orchestration service providers (OSPs) “act as the ‘pipes’ between different parts of the digital identity market to support secure data sharing between different participants.” These services connect and conduct data between entities in the identity ecosystem.

The government says that “by splitting-out the holder and component service provider roles in the gamma publication, our primary aim was to provide greater clarity for these kinds of providers. This should make it easier to ensure that services are meeting the right certification requirements.”

Services can, like Luciditi, be certified under multiple roles. That’s not mandatory – but,
“end-to-end services that work with certified CSPs may find it easier and cheaper to prove compliance during their own certifications, as these parts will already have met the trust framework’s standards.”

Article Topics

Attribute Service Providers  |  Component Service Provider  |  DIATF certification  |  digital identity  |  Luciditi  |  Orchestration Service Provider  |  UK  |  UK digital ID