The Cabinet Office have released a new set of Good Practice Guides (GPG’s) on enabling trusted transactions via ID assurance.

Being able to prove your identity online easily, quickly and safely is recognised as a key enabler of internet use by the government, its agencies and its citizens. Providers of public services such as national and local governments, major internet companies, online retailers, banks and others are having to address business issues such as identity fraud (and the financial implications) and the administrative burden around username/password fallibility and related issues around proof of identity.

The Identity Assurance Programme is a core element of the ‘digital by default’ policy pursued by the Government Digital Service within the Cabinet Office. The Programme is facilitating the development of identity assurance schemes in the UK, by which citizens, business and devices will be able to assert identity safely and securely online in order to better access and transact with public services.

One widely accepted solution to providing identity online is the development of ‘identity assurance’ using a federated trust ‘framework’, or trust ‘ecosystem’. Basically, this requires an industry-agreed set of protocols, standards and certification under which organisations can collaborate to allow citizens to use assets they own to validate and verify their identity to ‘relying parties’.

Our preferred solution suggests the use of ‘hubs’ (technical intersections) which allow identities to be authenticated by contracted private sector organisations without an individual’s data being centrally stored or privacy being breached by unnecessary data and details of the user being openly ‘shared’ with either transacting party.

For full article and links to the GPG’s click here