A critical element in any functioning ecosystem is trust – whether that be the trust that needs to be established between multiple organisations in order for them to send, receive and utilise data, or the trust needed for an individual to choose to share their data with an organisation and for it to be used on their behalf. This is particularly true in the digital identity ecosystem, where the transmission and use of potentially sensitive personal data lies at the heart of any identity transaction.
The research firstly asks what we really mean by the concept of trust in this context and explores the symbiotic relationship between trust and interoperability.
The report then identifies the many and varied mechanisms that can be used to generate, enhance and communicate trust – whether that be via certification or accreditation, the use of trustmarks, or via a range of other means. The application of these mechanisms may be more appropriate in some contexts than others. This is driven by a number of factors, including the level of risk, the degree of existing regulatory oversight, and whether the transaction in question is business to business, or more consumer focused; and these factors are explored in detail.
Based on what we know of the shape of the emerging UK market, the report then asks whether we may need an independent third-party organisation to operate the trust mechanisms that will be needed across the ecosystem. Given that there appears to be little appetite for a single national federated identity scheme, we are likely to be faced with a multi-scheme ecosystem, and that begins to challenge established concepts of trust mechanisms being solely embedded at scheme level.
The report concludes by outlining the compelling need for an overarching, stakeholder-led industry body, and its potential role, and presents 3 key recommendations for government, industry and the identity ecosystem as a whole to consider.