Government announcements on identity are often contentious. Identity cards – digital or otherwise – have long been a hot topic in the UK (and other countries of course). But now that we have debated identity through governments formed from all the main political parties, Labour, Liberal Democrat and Conservative, perhaps we are arriving at the right answer in the form of the Data (Use and Access) Bill.

That might be disappointing for those that like to make nuanced subjects like ‘identity’ into simple ‘for or against’ matters. The reality is: identity is complicated. Which is why Orchestration Service Providers are so important.

In our previous post we explored the subject of ‘trust’ and how policies help people make decisions on whether to trust or not. ‘Identity’ is a foundational element for trust in a transaction: knowing who the person or organisation is.

But the aspect of their identity that is important will vary from context to context. And how certain you need to be of each related attribute will also vary. When you visit the doctor you might want to remember the doctor’s name and you will probably want to be very sure that the doctor is suitably qualified and licensed. For identification you might just refer to ‘the doctor’ without ever referencing their name. You may just have confidence in the doctor’s qualifications and licences because of the way in which the appointment was set up.

Trust and Identity Orchestration

How you assure yourself of the identity and attributes of a person in a transaction will vary because the risks in each transaction will be different. Hence the need for careful ‘orchestration’. Fundamentally, an Orchestration Service Provider has two jobs to do: enforce policies and be ‘open and interoperable’.

Policy enforcement

Users of an Orchestration Service will want to be assured that they are compliant with relevant regulatory policies whether those policies are generic, like GDPR, or specific to their industry or context. Security policies will be foremost; the foundational element of trust. Users may also have their own bespoke policies that they wish to define and apply through the Orchestration Service.

As an example, the UK government has changed secondary legislation so that right-to-work and right-to-rent checks can be conducted digitally using services that have been certified as meeting the appropriate digital policies. Life is now simpler for employers taking on new employees and landlords taking on new tenants: they have no liability under the new regulations if they use a certified right-to-work or right-to-rent service.

Open and interoperable

Each person who transacts will use different technology platforms, have different service providers and data sources, and have different usability needs. The Orchestration Service will need to be integrated into the services that its users need, so long as they have been certified as meeting the appropriate policies.

The Orchestration Service becomes the facilitator of an open digital market where people can reuse certified trust services. It breaks down silos and reduces the need for people to reestablish trust over and over again.

Government issued credentials

Government issued credentials are the start of this market for trustworthy data. Certified Orchestration Service Providers will be the gateway through which they can be leveraged in private sector transactions.

Orchestrating Identity is the first Orchestration Service Provider certified by Kantara under the government’s Digital Identity and Attributes Trust Framework.

In the next post we explain the potential relationship between the Trust Framework and the Smart Data economy.