The UK government has published a trust framework policy paper that lays out draft rules for how service providers, businesses and other organisations will be able to implement the use of digital identities.
The proposals included in the ‘UK Digital Identity and Attributes Trust Framework’ cover “the principles, policies, procedures and standards governing the use of digital identity to allow for the sharing of information to check people’s identities or personal details, such as a user’s address or age, in a trusted and consistent way. This will enable interoperability and increase public confidence,” the UK’s Department for Digital, Culture, Media and Sport (DCMS) explains.
The document also incorporates specific standards and requirements for organisations that provide or use digital identity services, including data management policy, industry standards and best practice for information security and encryption, user communication, recovery processes and secure authentication.
“The framework will also help promote the use of ‘vouching’, where trusted people within the community such as doctors or teachers ‘vouch for’ or confirm a person’s identity, as a useful alternative for those without traditional documents, such as passports and driving licences,” the DCMS says, noting that “once finalised” the framework “is expected to be brought into law”.
“Products that help digitally to verify a person’s identity are becoming increasingly important as more areas of our work and home lives move online,” UK cabinet office minister Julia Lopez adds.
“Creating a common trust framework will give greater clarity and certainty to organisations who want to work in this field about what is expected of them.
“More importantly, however, it will help to deepen users’ trust and confidence in digital identities and the standards we expect in the safeguarding of their personal data and privacy.”
DCMS is inviting public comment on the framework, which can be downloaded in full here.