The UK Digital Identity and Attributes Trust Framework – Could This Be the Holy Grail of Digital Identity?

April 6, 2021

In February 2021, the UK government unveiled a policy paper on a 'trust framework' for digital identity. Aimed at building trust between transacting parties, whether individuals or enterprises, the UK Digital Identity and Attributes Trust Framework details the principles, policies, and standards that must be followed by organizations providing or using digital identity services. Establishing trust and transparency between transacting parties is critical to the growth and evolution of the digital economy. The proposed framework expects to streamline the fragmented and proprietary digital identity landscape into a foundational digital identity infrastructure, promoting interoperability between service providers and letting people confidently identify themselves.

As products and services across industries increasingly go digital, the need to prove one’s identity becomes crucial to access them safely. Opening a bank account requires verifying identity. The gaming industry for long has battled with challenges of age verification. The health industry has identified the need for identity verification to drive its mission to increase access to health services in many countries. Usage of physical evidence and face-to-face verification continues to be the dominant form of identification in many industries. However, producing physical identity evidence may not always be possible. It can also make digital processes inefficient. This is especially true in the case of social distancing necessitated by COVID-19. Additionally, the fragmentation that exists in the digital identity landscape across public and private solutions puts a question mark on their trustworthiness to protect identity data. 

How Does the Trust Framework Work?

The proposed UK Digital Identity and Attributes Trust Framework attempts to address these concerns. The trust framework is a set of rules, standards, and a governance structure that all organizations involved in creating, using, and managing digital identities agree to follow. The framework does not mandate the development of digital identities. Instead, it aims to ensure that exchanging them is safe and secure. By conforming to common standards, all participating organizations become certified entities, making them trusted parties in managing identity data. The framework lets users create transaction-specific or reusable digital identities. Digital identities are created using a combination of identity attributes which are pieces of information that describe something about a person or an organization. Identity attributes could be related to:

  • Physical or digital documents such as a bank statement
  • Devices such as a mobile phone
  • Health records 

Examples are mobile number, insurance number, bank account number, age, number of children, etc.

Since attributes are granular elements that make up a digital identity, the trust framework prescribes that the user should be able to assign access entitlements and privileges to chosen attributes. E.g., bank account-related attributes may be made accessible to financial institutions, whereas they may not have access to health-related attributes that only a health provider might have.

Organizations participating in the trust framework will require to take up at least one of the following roles:

  • Identity service provider: Entities that prove users’ identities through offline and online channels by using one or more data sources
  • Attribute service provider: Entities that collect, create, check or share identity attributes
  • Orchestration service provider: Entities that facilitate data sharing between all other parties
  • Relying party: Organizations that consume digital identity data to provide a product or service

The trust framework makes sure that any participant, regardless of their role, follows the prescribed rules and standards to meet the following principles

  1. Interoperability promoted through common technical specifications
  2. Data security through encryption and cryptography
  3. Quality management standards and best practices
  4. Information security and management
  5. Risk management
  6. Fraud monitoring and reporting
  7. Privacy and data protection
  8. Incident response mechanisms
  9. Records management

A governing body chosen by the UK government will oversee the trust framework. It is expected to work with other bodies and organizations to ensure that using the trust framework involves minimal complexity.

Setting a new path

Technology is not a silver bullet to solve the problem of digital identity. As is evident from this initiative, the government, industry bodies, and the participating and consuming public and private entities must be aligned on a set of standards and governance framework to ensure implementation and adoption at scale. By splitting the digital identity chain into its constituent parts, the trust framework aims to improve innovation independently in each of them. With a reliable identity verification framework in place, companies must be able to see significant benefits both in new revenue and cost reduction. The UK government has been successful in the past in implementing financial data sharing based on open banking standards and governance. The digital trust framework adopts a similar approach in operational and implementation guidelines. Once turned into a law, this framework could become the benchmark for other digital identity initiatives worldwide.

Get in touch

Keep reading

See all blogs
Fraud in the Age of AI: Meet the Shapeshifter

The COVID-19 pandemic not only changed the way we work and live, it also unleashed a wave of fraud unlike anything we've seen before.

Mary Ann Miller
July 18, 2024
Company News
Introducing Prove Link™ – Unlocking the Power of Identity for Any Business

To continue achieving our mission of accelerating trusted interactions on the internet, we’re proud to announce the introduction of the Prove developer self-service platform and the Prove LinkTM SDK. With these tools, it’s now faster and easier for any company to integrate our industry-leading identity technology into its brand operations.

July 16, 2024
Company News
Combating Deepfakes: Leveraging Phone-Centric Identity℠ Verification to Overcome Media-Based Vulnerabilities

Identity verification systems that depend on image or audio samples for digital customer onboarding are increasingly vulnerable to deepfake attacks.

Tim Brown
July 5, 2024