The government has published a consultation on its plans for the creation of a digital identity and attributes trust framework. This is a project that replaces the government Verify scheme which had the ambition to provide every UK citizen with a single login to government services.
The new approach is intended to harness the power of multiple providers in the private sector to generate digital identities while ensuring that these are interoperable. A scheme which you may join initially in order to open a new pension plan could remove the need for further identity check when it comes to buying a house.
For this to be possible, there will need to be an agreed set of common standards, which DCMS set out in an innovative “alpha” proposal and has been consulting on extensively. That covers the level of proof required to create an identity, how to correct errors and who is liable for them and a range of other technical matters.
To participate in this new network, providers will need to be certified by approved auditors, known as conformity assessment bodies (CABs) who are, in turn, authorised by the UK Accreditation Service. This ties the certification process neatly into national and international structures that provide effective assurance processes for any number of other purposes already.
There will also be a further layer of approved schemes which will set sector-specific rules as well as adopting the federated baseline requirements.
Age verification falls under the “and attributes” aspect of the project, as age – or age-range – can be defined as an element of identity. It is, perhaps, unique in the fact that the essence of age verification is the ability to prove your age without the need to share your full identity, but it still has a lot in common with more mainstream identity schemes, particularly around the creation of an AV record in the first place.
The age assurance sector already operates to its own standard, BSI PAS 1296:2018, and will seek to meet the common requirements of the Trust Framework so it is part of the wider network being created. This will allow it to benefit from the trust mark that will be awarded to schemes and providers who pass audits and gain certification from a new regulator.
The headline focus of the consultation is to select that regulator, and while they are undoubtedly already busy, the team at the Information Commissioner’s Office would be well suited to guaranteeing privacy, accuracy and security for such a critical plank of our digital economy.
The consultation is open until September 13th 2021