OIX has today submitted it's member response to the ALPHA UK digital identity and attributes trust framework
OIX sees the ALPHA as a good step towards defining how Digital ID can work successfully to support the UK economy.
Our response is intended to improve the framework and make sure it’s pitched at the right level: not too detailed, but not too light. It must be “just right” to ensure trust and security are achieved whilst allowing private sector adoption and innovation. In summary, OIX calls for the government to consider:
- Identify Proofing (GPG45) to be more clearly positioned as guidance, not rules. Move to a joint drafting team with private sector input. The profiles defined then become start points for sector Scheme overlays and comparison points to assist interoperability.
- Define binding processes for Attributes so relying parties can better understand how an attribute has become associated with a user. But a scoring methodology for attributes is not necessary.
- Identity Service Providers that specialise in Inclusion should be encouraged. Inclusion success is then measured as a whole across the ecosystem.
- Introduce Interoperability rules that ensure users can use an ID of their choice across multiple sectors.
- Simplify Operational, Security and Legal rules: create lists of supported standards and regulation, then simply refer to these from the trust framework.
- Create a new specialist identity Governance Body as a private-public collaboration to ensure private sector suitability and innovation.
The ALPHA acknowledges that it does not yet cover the detail required in some key framework areas, such as Accreditation, Liability, Trustmark, Interoperability and Governance. As the framework evolves OIX is keen to collaborate and co-create in these areas to ensure Digital ID in the UK is a success.
We welcome the consultative approach government is taking in the definition of the UK Trust Framework. OIX would like to see this go further and move immediately to co-creation. UK government should create the seeds of the required governance body for Digital ID as a public-private co-creation team to complete the UK Trust Framework. This will help ensure it is embraced by the private sector and becomes a success for the UK.
OIX's full reponse can be found here: https://openidentityexchange.org/networks/87/item.html?id=444