At work and at home we rely on secure and efficient online services. Many of those services don’t need to know who we are (at all, let alone with any degree of assurance) to provide us with what we need. Some do, and as internet security concerns increase, that set is increasing.

Applying for a driving licensing; submitting tax returns; interacting with healthcare providers across the country, and across the private and public sector; opening a bank account; collating and retrieving pension information from multiple providers….These are just a few examples of services that can only be delivered with assurance that I actually am — online — who I claim to be.

This is a good thing. We live in a digital world: and we get frustrated when services we want to use can’t be delivered the way we need, when we need them. Built correctly, online services that are convenient, efficient and secure provide better levels of customer and consumer responsiveness and service; and can free up valuable resources to focus on the digitally disenfranchised.

The marketplace for digital services like these is accelerating; so too is the already vibrant market for high-quality, secure and interoperable digital identity services to support them. Public and private digital identity service providers, along with security software and infrastructure vendors, are keen to innovate rapidly to help meet this demand.

For these supply chains of digital identity services to develop as they must, suppliers need to minimize cost and risk whilst ensuring excellent interoperability and best-practice security and privacy. The market already benefits from well-established technical standards; there is, rightly, innovation happening here too, in particular in support of network-connected devices that bring new ways for consumers and customers to interact with service providers. A number of technical certification testing programs exist – more are needed; more will doubtless appear.

There is also, though, an opportunity to provide greater visibility and availability of formally or informally certified services which can be used during the development and testing of new offerings. A public registry of such ‘test’ services would allow providers to build on infrastructure which already complies with security, privacy and technical best practices, and so would accelerate the delivery and adoption of new online tools.

Based on input from a wide range of suppliers and business customers across the UK and beyond, the white paper published today sets out in more detail the rationale for such a registry of services; and, by expanding some existing and well-understood processes and rules, suggests a mechanism that would allow this registry rapidly to be established; and quickly and collaboratively to evolve to suit the requirements of all participants.

Open innovation and the accountability that comes with public self-certification benefits everyone in the ecosystem in terms of procurement, intellectual property rights protection, efficient investment, and the promotion of and adherence to security and privacy best practices. A test infrastructure process and registry will, I believe, help suppliers more rapidly deliver services that bring together the best of convenience and security.

Andi Hindle
Hindle Consulting Limited