The Department for Digital, Culture, Media and Sport (DCMS) has published a beta version of its digital identities and trust framework.
It involves a series of changes from the alpha version published in January 2021, based on feedback from over 250 organisations and aimed at fostering the development of an ecosystem of trusted digital identity products in the UK.
A key change has been the creation of sub-roles for the three broad type roles that providers could play – identity, attribute and orchestration service – under the alpha version. These make distinctions on issues such as whether a service is re-usable, if it requires an account, whether it deals with identity, attributes or both, and whether it comes from a service such as a personal data store or app.
Other changes include a new requirement that any biometric technologies used will be tested according to an industry standard; more detail on monitoring and reporting on fraud; a plan to offer an overarching data schema to support a consistent, technology agnostic transfer of data; requirements for framework participants to provide information on their supply chains; and a user agreement aimed at providing a balance between users’ trust and removing unnecessary friction.
In addition, the Good Practice Guide 45 for identity proofing and verification has been updated with additional detail on document inspection training and examples of fraud databases that can be used in identity checking.
The document adds that a data protection impact assessment of the framework will be published “in due course”.
Sandboxes and live testing
Writing in the new version’s foreword, DCMS Minister of State Julia Lopez MP indicates that sandboxes and live market testing will be used to ensure the framework is fit for purpose.
“Testing during the beta phase will also allow industry to show consumers how trustworthy digital identity and attribute products can benefit them by offering simple and secure ways for people to prove things about themselves,” she says. “Further information on beta testing will be published in due course.
“Just as it would not have been possible to publish the beta version of the trust framework without the active and constructive input of all interested parties, working with them will be fundamental to our approach as we move towards live publication, once legislation has come into force.”
The policy development lead official for the programme, George Muskat, told last week’s Think Digital Identity for Government conference that it is not yet possible to say when the framework will go live. It depends on legislation for which the timetable is hard to predict due to a busy agenda for Parliament, and DCMS prefers to keep an open timeline on the beta testing to ensure everything works effectively in the live version.
He added that there are four priority areas for further policy development within the beta testing, the first being around the user agreement to ensure transparency and ensure the public understands the requirements on the use of their data.
Second is to ensure that certifiers meet key principles, third to assess the risk from uncertified providers, and fourth on fraud management.