In 2012 the Cabinet Office joined the Board of the newly formed Open Identity Exchange. It recognized the two traditional means of delivering government policy – procurement and regulation – would not be effective to GOV.UK Verify’s goal: a market of user centric digital identity services. Instead, working through OIXUK HMG chose to engage practically with market participants to shape the requirements for open standards-based identity services.
Since that time the technology enabling identity services has rapidly evolved. So too has the importance of open identity standards across government departments, across industry sectors and international borders has increased. Despite the disruption at the political level and the increased security and privacy concerns, the UK’s remains a global leader. That leadership has demonstrated the painstaking work of developing interoperable standards.
A recent opinion issued by the Cooperation Network states that GOV.UK Verify meets the necessary requirements under eIDAS (for levels low and substantial). This demonstrates GOV.UK Verify’s interoperability with other digital identity schemes that are/will be used under eIDAS framework. This lays the foundation for interoperability across borders. Pragmatists understand that eIDAS regulation and compliance with those standards are the ‘only thing in town’ at the moment and are being considered broadly, beyond EU boundaries. The opinion of the EU Member States on GOV.UK Verify can be found here:
Representatives of the Cabinet Office Identity Assurance Program are active in other global initiatives as well. Another example of international interoperability can be seen in the ongoing UK, US and CAN collaboration on the iGOV profile of OpenID Connect. The OpenID Foundation membership has approved the following International Government Assurance Profile (iGov) specifications as OpenID Implementer’s Drafts. This profile enables fit for purpose flexibly for security, privacy and ease of use requirements of the public and private sector applications. Representing nine leading UK banks, the Open Banking Implementation Entity is building UK open banking standards and certification programs with PSD2 interoperability in mind as well as similar regulatory initiatives in Australia and ASIA PAC.
Interoperability has its limits. The importance of providing for the security, privacy and mobility of customer and citizen data remains paramount. The work of Open Identity Exchange members like GDS continues to help guide the development of innovative identity services across the public and private sectors. Interoperability can be see in the standards, schemes and signals that are the signs of a healthy ecosystem.
AUTHOR: Don Thibeau
Don Thibeau Open Identity Exchange and OpenID Foundation