Digital Identity prototypes set scene for Scotland’s Credential Ecosystem

Digital Identity technologies will provide the keystone foundation for Scotland’s entire digital economy.

The simplest application to explain it’s core value is ‘Single Sign On’, meaning that you only need to provide your username and password once to access all the different services you use, rather than having to repeat the logon process each and every time.

For the bigger picture consider the pervasive role ‘identity documents’ play across our economy, for example showing your passport to travel, proving your age to buy alcohol or the requirement to validate your identity when opening a bank account by providing utility bills.

The digitized form of these identity documents are known as ‘Verifiable Credentials‘ and the emerging Identity Ecosystem the network of relationships between organizations so that they can replicate the various exchanges that call upon them, such as proving your age.

This ecosystem would form the entirety of Scotland’s digital economy, from it’s core building blocks such as the Community Pharmacy Prescribing application that utilizes Azure Active Directory to authenticate users and digitally sign the prescriptions, through to creating a lifetime record of data for every citizen from birth.

The early work to build this ecosystem is underway, with a number of prototype projects advancing different aspects:

Yoti

Announced on their web site and documented in their case study Yoti signed a deal with the Improvement Service to help transform local and regional services, and give Scottish residents an easier and safer way of proving their age and entitlement to access a wide range of services, rewards and discounts.

Paypers reports on and defines the scenario: To sign-up to the app, citizens take a selfie on their smartphone which is matched to a scanned ID document. This information is then transformed into their unique digital identity, secured by 256-bit encryption.

The app will have a variety of uses for citizens and officials, from displaying date of birth for the purchase of age-restricted products to displaying eligibility and entitlements when applying for public services. Moreover, it will give users greater control over their data, enabling them to provide only the information required for each situation and always with the user’s consent.

Mydex

UKAuthority reports that the Scottish Digital Identity team and Digital Health and Social Care Institute have recently completed a trial with Mydex, to test the use of a strong authentication credential (registration/login) to enable re-use across services and also establishing a citizen controlled attribute store that is also re-usable across services, with appropriate user consent to simplify access to services and reducing tedious things like form filling.

As they describe on their blog one of the early tests focused on using attributes from the Young Scot National Entitlement Card, held in an attribute store, for opening a bank account online or registering with a college or university.

The project is documented in detail in this Mydex report.

Condatis

As they describe on their web site Condatis undertook an Proof of Concept project for the Scottish Government, where service providers, such as Social Security Scotland, need to have confidence in the identity of the citizen accessing their services balanced with a seamless and productive user experience.

Condatis identified six types of user journey for consideration as part of the POC, including two where a citizen initially uses a social media identity (Facebook, Google, Microsoft) to access digital government services. For the POC, the social media digital identities would be uplifted to establish a higher level of assurance by using a manual Vouching service, whereby the citizen elects to attend a physical location to present physical identity evidence.

Condatis’ PoC actually demonstrated the following use-cases:

• User signs-in to North Lanarkshire demonstration application with their myaccount identity.
• User signs-in to North Lanarkshire demonstration application with their Post Office identity.
• User signs-in to Social Security demonstration application with their myaccount identity.
• User signs-in to Condatis third party test harness with their myaccount identity.
• User sign-in to Condatis third party test harness with their Post Office identity.

This tweet from the OIX illustrates the basic building blocks of these authentication processes, and the Condatis POC is documented in detail in this white paper.