arrow icon

The UK Digital Identity and Attributes Trust Framework – Could This Be the Holy Grail of Digital Identity?

Post by:
April 6, 2021
Post by:
No items found.
April 6, 2021
The UK Digital Identity and Attributes Trust Framework – Could This Be the Holy Grail of Digital Identity?

In February 2021, the UK government unveiled a policy paper on a 'trust framework' for digital identity. Aimed at building trust between transacting parties, whether individuals or enterprises, the UK Digital Identity and Attributes Trust Framework details the principles, policies, and standards that must be followed by organizations providing or using digital identity services. Establishing trust and transparency between transacting parties is critical to the growth and evolution of the digital economy. The proposed framework expects to streamline the fragmented and proprietary digital identity landscape into a foundational digital identity infrastructure, promoting interoperability between service providers and letting people confidently identify themselves.

As products and services across industries increasingly go digital, the need to prove one’s identity becomes crucial to access them safely. Opening a bank account requires verifying identity. The gaming industry for long has battled with challenges of age verification. The health industry has identified the need for identity verification to drive its mission to increase access to health services in many countries. Usage of physical evidence and face-to-face verification continues to be the dominant form of identification in many industries. However, producing physical identity evidence may not always be possible. It can also make digital processes inefficient. This is especially true in the case of social distancing necessitated by COVID-19. Additionally, the fragmentation that exists in the digital identity landscape across public and private solutions puts a question mark on their trustworthiness to protect identity data. 

How Does the Trust Framework Work?

The proposed UK Digital Identity and Attributes Trust Framework attempts to address these concerns. The trust framework is a set of rules, standards, and a governance structure that all organizations involved in creating, using, and managing digital identities agree to follow. The framework does not mandate the development of digital identities. Instead, it aims to ensure that exchanging them is safe and secure. By conforming to common standards, all participating organizations become certified entities, making them trusted parties in managing identity data. The framework lets users create transaction-specific or reusable digital identities. Digital identities are created using a combination of identity attributes which are pieces of information that describe something about a person or an organization. Identity attributes could be related to:

  • Physical or digital documents such as a bank statement
  • Devices such as a mobile phone
  • Health records 

Examples are mobile number, insurance number, bank account number, age, number of children, etc.

Since attributes are granular elements that make up a digital identity, the trust framework prescribes that the user should be able to assign access entitlements and privileges to chosen attributes. E.g., bank account-related attributes may be made accessible to financial institutions, whereas they may not have access to health-related attributes that only a health provider might have.

Organizations participating in the trust framework will require to take up at least one of the following roles:

  • Identity service provider: Entities that prove users’ identities through offline and online channels by using one or more data sources
  • Attribute service provider: Entities that collect, create, check or share identity attributes
  • Orchestration service provider: Entities that facilitate data sharing between all other parties
  • Relying party: Organizations that consume digital identity data to provide a product or service

The trust framework makes sure that any participant, regardless of their role, follows the prescribed rules and standards to meet the following principles

  1. Interoperability promoted through common technical specifications
  2. Data security through encryption and cryptography
  3. Quality management standards and best practices
  4. Information security and management
  5. Risk management
  6. Fraud monitoring and reporting
  7. Privacy and data protection
  8. Incident response mechanisms
  9. Records management

A governing body chosen by the UK government will oversee the trust framework. It is expected to work with other bodies and organizations to ensure that using the trust framework involves minimal complexity.

Setting a new path

Technology is not a silver bullet to solve the problem of digital identity. As is evident from this initiative, the government, industry bodies, and the participating and consuming public and private entities must be aligned on a set of standards and governance framework to ensure implementation and adoption at scale. By splitting the digital identity chain into its constituent parts, the trust framework aims to improve innovation independently in each of them. With a reliable identity verification framework in place, companies must be able to see significant benefits both in new revenue and cost reduction. The UK government has been successful in the past in implementing financial data sharing based on open banking standards and governance. The digital trust framework adopts a similar approach in operational and implementation guidelines. Once turned into a law, this framework could become the benchmark for other digital identity initiatives worldwide.

Get in touch

Create secure frictionless customer experiences using modern identity solutions

Join over 1,000 businesses that rely on Prove across multiple industries, including banking, FinTech, healthcare, insurance, and e-commerce. Contact us today.

Prove: the world’s most accurate identity verification and authentication platform

Trusted by 1,000+ leading companies to reduce fraud and improve consumer experiences. Contact us today to learn how you can frictionlessly secure your digital consumer journey — from onboarding to ongoing transactions.

Keep Reading...Read our latest white-paper on this subject!

Tap the button below to read our latest white-paper on the subject as industry leaders.

Accelerate your onboarding

Contact us to learn how leading companies are using Prove Pre-Fill to modernize the account creation process by shaving off clicks and keystrokes that kill conversion.

Create frictionless customer experiences

Get in touch to find out how we can help you identify your customers at every stage of their journey and offer them seamless and secure experiences.

Schedule a demo

Let our expert team guide you through our identity verification and authentication solutions. Select a date and time that works for you.

Schedule a demo

Find out how we can help you deliver seamless and secure customer experiences that comply with PSD2/SCA. Select a date and time that works for you.

Interested in more information about Prove Pre-Fill?

Download the Report

Download Aite-Novarica Group’s full report about Prove Pre-Fill, including a product overview, customer results, and how the product works.

Interested in more information about MFA?

Download the guide now to learn how you can improve security, cut down on fraud, and create the best possible customer experience.