The UK government announced in May that credentials like the digital passport and mobile driving licence will only be accessible for use in the private sector via certified Orchestration Service Providers. What is an Orchestration Service Provider and why is it necessary?
Identity is complicated - which is why Orchestration Service Providers are so important. The aspect of identity that matters will vary from context to context, and how certain you need to be of each attribute will also vary.
Trust and Identity Orchestration
How you assure yourself of someone's identity in a transaction will vary because the risks differ. Hence the need for careful "orchestration". An Orchestration Service Provider has two fundamental jobs: enforce policies and be open and interoperable.
Policy enforcement
Users of an Orchestration Service want to be assured they're compliant with relevant regulatory policies - whether generic like GDPR, or specific to their industry. Security policies are foundational. Users may also define their own bespoke policies to apply through the service.
As an example, the UK government changed secondary legislation so that right-to-work and right-to-rent checks can be conducted digitally using certified services. Employers and landlords have no liability under the new regulations if they use a certified service.
Open and interoperable
Each person who transacts uses different technology platforms, service providers, and data sources. The Orchestration Service integrates into the services its users need, so long as they've been certified. It becomes the facilitator of an open digital market where people can reuse certified trust services, breaking down silos and reducing the need to re-establish trust repeatedly.
Government-issued credentials
Government-issued credentials are the start of this market. Certified Orchestration Service Providers will be the gateway through which they can be leveraged in private sector transactions. Orchestrating Identity is the first Orchestration Service Provider certified by Kantara under the government's Digital Identity and Attributes Trust Framework.