Today, the GOV.UK OneLogin has appeared on the UK’s register of certified digital identity providers.
Alison McDowell of the Kantara Initiative took to LinkedIn posting: “This should give users confidence that the service they use to sign in to many central government services follows the same rules and standards as all the other services that have been certified against the UK digital identity and attributes trust framework”.
In October 2024, 50 services were using One Login for authentication and identity-proving.
The revised trust framework – “gamma” – states a more comprehensive range of criteria which identity providers will have to be certified against.
The Office for Digital Identities and Attributes published a new version of the UK Digital Identity and Attributes Trust Framework in November 2024, a pre-release which meant firms could not get certified then until 2025. This gave CABs (Conformity Assessment Bodies) time to prepare for the new rules and be accredited.
The 0.4 trust framework has five main improved points, including that services can certify as two new roles – the Holder Service Provider and Component Service Provider.
Most importantly, the framework has upgraded in terms of providing more protection and support for users, introducing a “variety of security measures, improved inclusion monitoring processes, and refined mechanisms to help users control how their data will be shared”.
The government’s One Login service, which was designed for efficient digital onboarding into the UK’s public services, has officially made it onto the register.
Good news for users of One Login!
