In February 2021, the UK government unveiled a policy paper on a trust framework for digital identity. Aimed at building trust between transacting parties, be it individuals or enterprises, the UK Digital Identity and Attributes Trust Framework details the principles, policies, and standards that must be followed by organizations providing or using digital identity services. Establishing trust and transparency between transacting parties is critical to the growth and evolution of the digital economy. The proposed framework expects to streamline the fragmented and proprietary digital identity verification landscape to a foundational digital identity infrastructure, promoting interoperability between service providers and letting people confidently identify themselves.
As products and services across industries increasingly go digital, the need to build one’s digital identity management becomes crucial to access them safely. Opening a bank account requires verifying identity. The gaming industry for long has battled with challenges of age verification. The health industry has identified the need for identity verification to drive its mission to increase access to health services in many countries. The use of physical evidence and face-to-face verification continues to be the dominant form of identification in many industries. However, producing physical identity evidence may not always be possible. It can also make digital processes inefficient. This is especially true in the case of social distancing necessitated by COVID-19. Moreover, the fragmentation that exists in the digital identity landscape across public and private solutions puts a question mark on their trustworthiness to protect identity data.
The Trust Framework and Its Working Model
The proposed Digital Identity and Attributes Trust Framework attempts to address these concerns. The trust framework is a set of rules, standards, and a governance structure that all organizations involved in creating, using, and managing digital identities agree to follow. The framework does not mandate the development of digital identities. Instead, it aims to ensure that exchanging them is safe and secure. By conforming to common standards, all participating organizations become certified entities, making them trusted parties in managing identity data. The framework lets users create transaction-specific or reusable digital identities. Digital identities are created using a combination of identity attributes that are pieces of information that describe something about a person or an organization. Identity attributes could be related to:
- Physical or digital documents such as a bank statement
- Devices such as a mobile phone
- Health records
The trust framework ensures that any participant, regardless of their role, follows the prescribed rules and standards to meet the following principles:
- Interoperability promoted through common technical specifications
- Data security through encryption and cryptography
- Quality management standards and best practices
- Information security and management
- Risk management
- Fraud monitoring and reporting
- Privacy and data protection
- Incident response mechanisms
- Records management
A governing body chosen by the UK government will oversee the trust framework. It is expected to work with other bodies and organizations to ensure that using the trust framework involves minimal complexity.
Creating a New Path
Technology is not a silver bullet to solve the problem of digital identity. As is evident from this initiative, the government, industry bodies, and the participating and consuming public and private entities must be aligned on a set of standards and governance framework to ensure implementation and adoption at scale.
By splitting the digital identity chain into its constituent parts, the trust framework aims to improve innovation independently in each of them. With a reliable identity verification framework in place, companies must be able to see significant benefits both in new revenue and cost reduction. The UK government has been successful in the past in implementing financial data sharing based on open banking standards and governance. The digital trust framework adopts a similar approach in operational and implementation guidelines. Once turned into a law, this framework could become the benchmark for other digital identity initiatives worldwide.