Skip to main content

https://gds.blog.gov.uk/2013/09/03/identity-assurance-first-delivery-contracts-signed/

Identity Assurance: First delivery contracts signed

Posted by: , Posted on: - Categories: GDS team, GOV.UK One Login

Today we are happy to announce an exciting new phase in the Identity Assurance Programme as we develop user-focused identity services for exemplar transactions as part of the transformation of government digital services.  Five of the Identity Providers on the cross-government identity assurance framework (Digidentity, Experian, Mydex, The Post Office, and Verizon) have now signed contracts to deliver our first live services.

The identity assurance service will enable people to assert their identity online safely and securely, and allow government to be confident that users of online services are who they say they are.

We are pleased that these suppliers have chosen to invest in this phase of the programme and work with government to create this new market.  We will now be working closely with those that have signed, who represent the range of types of providers needed to make online identity provision a success.

The number and nature of organisations engaging with the Identity Assurance Programme is growing. Helping industries understand and develop identity assurance is an important part of what we do - and we’re doing it transparently via the Open Identity Exchange (OIX) forum.  Working together in this way is proving to be mutually beneficial for government, for identity providers and for the people who will be using the service once it’s live.

Our contracted suppliers are working closely with us and the government departments in an agile way to develop the service and help us understand and meet future needs.  Inevitably, new features and capabilities will be required as the service matures and we’ll add these into our next phases.

This is a rapidly developing marketplace, and Cabinet Office is pleased to continue to support and manage this for all of government to provide a better, faster and safer way for users to access government transactional services.

We’ll be posting news of our first Beta services soon.

Sharing and comments

Share this page

16 comments

  1. Comment by June Cynthia Woods posted on

    When and how will I be able to verify my identity with the Gov. Verify Service. I have registered my interest in the Transfer of some of my tax allowance to my husband. I have received an email from Janet Hughes which states --"you will need a valid passport or a current UK photo card driving licence. I have neither of these. Also I do not have a mortgage, so even if I could get into the Sevice to Verify my existence, how do I do it without a passport or driving licence. The only thing I have from the requirements is a credit card. I am English and resided in England since 20/06/1946.

    • Replies to June Cynthia Woods>

      Comment by Carrie Barclay posted on

      Hi June, thank you for your comment.

      At the moment you can only use GOV.UK Verify if you have a valid UK passport or photocard driving licence. GOV.UK Verify is in beta, which means it’s being constantly improved and developed. This includes adding more ways for people to prove their identity using documents other than UK passports and driving licences.

      If GOV.UK Verify isn’t able to verify your identity at this stage, then a HMRC advisor will be able to verify your identity and take your application by telephone.

  2. Comment by James Billett posted on

    This is a move toward cleaning the Internet without censorship.

  3. Comment by Jon F posted on

    Hi, are there plans for this programme to engage with local authorities to provide an authentication capability for local government transactions and, if so, whereabouts in the roadmap can we expect this to appear?

    • Replies to Jon F>

      Comment by Janet Hughes posted on

      Hi Jon - for now, we're concentrating on providing identity assurance for users of central government services. We think there will be demand for identity assurance for local authority services, and the way we're setting up the service means that will be technically and commercially possible, but we aren't actively working on any plans for this at this stage. We do work with the LGA and SOCITM to keep local authorities informed about what we're doing, and some of the projects we're involved in through the Open Identity Exchange include local authorities - see http://openidentityexchange.org/projects/idap-alpha-projects for more information about that.

  4. Comment by Dave posted on

    Hi

    Is this something which Local Government can link into when it's considers DbyD?

  5. Comment by David Child posted on

    Hopefully this will be a unique identifier to ensure duplications are not possible I suggest the following would be required:-

    Date of birth / full names at birth /.sex at birth / Location of birth /.mother’s full name at her birth / mother’s date of birth.

    I think this would cover all eventualities except with multiple births of the same sex on the same day that were given exactly the same names!

    I recognise that some special cases such as birth mother not know would have to be dealt with but this is not insurmountable and of course the careful control of issuing the identity number is critical.

  6. Comment by cat posted on

    Hi,
    Does anyone know how identity providers such as PayPal etc. will verify people with high levels of assurance (3 & 4). I would expect that people have to show up at some office and show their passports and such.

    ???

  7. Comment by cloudstarer posted on

    As the NSA & GCHQ between them have systematically cracked or subverted a majority of internet encryption systems used by such entities as banks & credit card companies, inserting 'backdoors' to allow third party access on the more secure, harder to crack encryption systems .. presumably the idea of presenting a warrant never occurred to them.

    These same encryption systems are also used by Digidentity, Experian, Mydex, The Post Office, and Verizon.

    So none of these companies can be sure that the person they are dealing with electronically is the person they think it is.

    It could be an NSA or GCHQ operative or it could be some less savoury character who has found the backdoor, this is the problem with backdoors, you can never be sure who is using them.

    So no one can trust electronic transactions any more and any discussion of on-line identity assurance is moot until that trust has been re-established.

    Trust in the security of electronic communication needs to be re established as a matter of urgency.

    Then we can discuss whether or not we trust the government to manage our identity in light of the abuse of trust they allowed to be inflicted on us by the security services.

  8. Comment by C.M.THOMSON posted on

    Seems bizarre that contracts have been signed while the draft identity assurance principles are still out for consultation. Have the providers undertaken to conform to those principles in there (as yet unknown) final form, or has the Government promised them that it will ensure that anything these providers don't like is excluded from the final form of the principles? I suspect the latter is far more likely to be the case than the former, which means that privacy and informed consent and minimisation and all the other good things we hoped to see will not be happening after all. Or do the contracts cover only the exemplars (pilot projects?) and are these exemplars similar to the Universal Credit pathfinder stuff which has just been effectively slammed by the NAO (of course that project will continue to waste money and reduce the scope of deliverables, rather than being chopped and rethought from scratch)?

  9. Comment by Alan Tench posted on

    Another multi-billion pound government IT project which is nothing more than a solution looking for a problem. If this results in what I would consider unnecessary personal data having to be provided, I won't be using ANY online government services. Tenchy.

    • Replies to Alan Tench>

      Comment by William at Mydex posted on

      LOL Tenchy - if this was a multibillion pound gig there'd be a riot of people outside trying to buy shares in Mydex. Times have changed; HMG is more SME-friendly and a lot more parsimonious. And all of us (apart from some BigCo CEOs) are fine with that. I dont know any serious player who'd expect to get silly money from GDS. Just look at how much GCloud achieves for how little.

      Re the personal data question check out and respond to the privacy principles consultation (link above)

    • Replies to Alan Tench>

      Comment by Tax Payer posted on

      Well said. The programme is a joke pretty much like Universal Credit was which is paid for that money you loose every single month in your pay packet. I know people who worked on the IDA project and millions were lost whilst DWP "security experts supported by security consultants" wrote endless amounts of papers without ever actually delivering anything or taking responsibilities (they don’t make decisions, took them nearly 2 years to agree what the opening page looked like). It’s a disgrace and with the current batch leading this, of course supported by those strategy paper “DWP security experts”, it won’t happen. The tax payer would be devastated and distressed to know how their money is thrown on a fire and burnt.

  10. Comment by Jeffrey Peel (@JeffreyPeel) posted on

    I think this is a very positive step forward - without the ID element sorted digital by default is rendered much, much more difficult.

  11. Comment by William at Mydex posted on

    Thanks Steve. We're pleased to be part of it and we look forward to making it a success. Let's add a plug for the importance of GDS' ID privacy principles and the consultation you've got under way.