Analysis: The DCMS document steers clear of suggesting any future solution for digital identities in public services
The government is resetting its approach to digital identities, but it is still some way off being clear on what it intends for the way they are created and used in public services.
There are plenty of sensitivities around the issue, given the apparent demise of GOV.UK Verify, a cornerstone project for the Government Digital Service (GDS) which, despite a surge in sign-ups for universal credit applications during the pandemic lockdown, is now on life support. Its take-up has been disappointing, funding is scheduled to be cut off in the autumn, and the number of identity providers has steadily declined to just two.
Last week’s publication by the Department of Digital, Culture, Media and Sport (DCMS) of its digital identities and trust framework – as an alpha prototype that is now open for consultation – was a notable step. It addresses the wider issue of digital identities, how they will be developed and used in public and private services, and sets out rules for others to follow rather than providing any ready-made solutions.
It is notable that this follows a precedent set some years ago for IT systems in the NHS, when it abandoned the centralised choice of solutions in favour of a standards based approach that enables organisations to make their own choices. The DCMS framework is based on a similar principle of setting the rules and then letting the industry create solutions which client organisations can choose.
But it is not the full picture for the public sector. The Cabinet Office retains responsibility for the business of government and the framework refers to GDS continuing to work with other departments to develop a new secure system for people to prove their identities when accessing online government services.
This follows an indication by the minister in charge, Julia Lopez MP, that it is aiming to develop a single sign-on for online central government services.
Although there is an ultimate goal of using digital identities flexibly between different sectors of the economy, it seems the plan is for that to happen after a new government system is in place.
There are further questions about the willingness of other departments to pick up any solution from GDS. They were clearly underwhelmed by Verify, HM Revenue and Customs has kept up its commitment to the Government Gateway, and the Department for Work and Pensions is working on a Dynamic Trust Hub as a basis for verifying identities.
This makes the prospect of something that will be used by the wider public sector seem more remote.
GDS has a digital identities workstream but it has kept pretty quiet over the past couple of years, other than the minister in charge, Julia Lopez MP, saying is aiming to develop a single sign-on for online central government services.
The framework document also leaves the question of whether government bodies will be required to use whatever comes from GDS. It could be that it ultimately emerges as one among a number of options.
Against this, it has to be said that there is plenty of detail in the document on what is expected of different groups – identity service providers, attribute service providers, orchestration service providers and relying parties – and on the areas that are still be addressed – such as limitations on liability, digital identity and data portability, and how delegated authority can work.
Its publication is a big step in the reset of how the public sector should use digital identities; but it is not a definitive one.
Image from iStock, Lazy Bear