This document discusses identity assurance principles and the potential for a "YES2ID" system in the UK. It outlines 9 draft identity assurance principles from the Government Digital Service, including user control, transparency, and access to personal data. It then lists 8 approved identity assurance providers working with GDS, including Mydex. The document provides information about Mydex, describing it as a personal data store that individuals control and use to store and share identity and other personal information. It acknowledges both risks and benefits to consider but argues the principles and guidance seem sound, while individuals must maintain control. It poses the question of whether it is now safe to say "YES2ID" while keeping eyes open to implementation details and incentives.
9. 1. User Control ID assurance activities can only take
place if I consent or approve them.
2. Transparency ID assurance can only take place in
ways I understand and when I am fully informed.
3. Multiplicity - I can use and choose as many different
identifiers or ID providers as I want to.
4. Data Minimisation - My request or transaction only
uses the minimum data necessary to meet my needs.
5. Data Quality - I choose when to update my records.
from http://digital.cabinetoffice.gov.uk/2012/04/24/identityand-privacy-principles/
GDS' DRAFT ID Assurance principles 1-5
10. GDS' DRAFT ID Assurance principles 6-9
6. Service-User Access/Portability I have to be
provided with copies of all of my data on request; I can
move/remove my data whenever I want.
7. Governance/Certification I can trust the Scheme
because all the participants have to be accredited.
8. Problem Resolution - If there is a problem I know
there is an independent arbiter who can find a solution.
9. Exceptional Circs Any exception has to be
approved by Parliament and is subject to independent
scrutiny.
from http://digital.cabinetoffice.gov.uk/2012/04/24/identityand-privacy-principles/
11. Eight cross-government ID assurance providers
working with GDS
Cassidian
Digidentity
Experian
Ingeus
Mydex
PayPal
Post Office
Verizon
Guides at https://www.gov.uk/government/publications/identity-assurance-enabling-trusted-transactions
12. Mydex Data Services Community Interest
Company
● Personal data store (PDS) services free to individuals
● Trust framework for connecting to contracted legal entities
● Founded c/o the Young Foundation in 2007
● CIC = business for community benefit
○ asset locked;
○ majority profit goes to community purpose
● Live service now contracted to BBC, UK public services,
Thames Valley HA
● Full standard service available
○ to individuals
○ to developers and entrepreneurs
○ to all public services via GCloud
○ to businesses and NGOs that want to connect with individuals
13. A personal data store is a standalone encrypted
storage area controlled by the individual
www.mydex.org
14. It stores data about any aspect of an individual's life
and can be organised how they wish
www.mydex.org
Tom
It lets the individual acquire data, proofs of
claim and verifications about any aspect of
their life and identity, and share it with whom
they wish in a trusted and secure manner.
15. The data for many aspects of an individual's life can
be stored, curated and shared under their control
www.mydex.org
Relationships
Permissions
Consent
Social
Stream
Employment
Education
Contracts
Transaction
Activity
Credentials
Management
Energy Consumption
Financial Activity
Call History
Browsing History
Identity
Status / Rights
Evidence / Proofs of Claims
Usernames / Passwords
Views / opinions
Likes / dislikes
Informal Relationships / Connections
Interests
Universal Credits
Energy Tariff
Tenancy Agreement
Mobile Phone
Carer
Parent
Social Worker
Child
Partner
Address Book
Employers
Schemes Attendance
Work Experience
Job Searches
Education
Health / Social Care Records
Transactions
Evidence / Proofs of Claim
Relationships
Power of Attorney
16.
17.
18. So: is it now safe to say YES2ID?
The ID principles seem sound (but they're still in draft)
The Good Practice Guides seem fit for purpose
but don't just take my or any other IDP's word for it
We must go into this with our eyes open:
● is it convenient, is it safe, is the individual really in control?
● what are the incentives on the IDPs?
● is implementation sound from the individual's PoV?
...but it's not all risk:
What other benefits and utility will this infrastructure provide?
19. eg data givebacks from Twitter, FB, Google "data liberation"
● BBC TheSpace viewer data
● NHS, education records
BIS' Midata, Enterprise Reform Act, Midata Innovation Lab
Mydex is a digital letterbox and supports self-completing forms
● 10 years' two-way encrypted structured data for the price of
sending one single letter
● Makes user-friendly data sharing guidelines available
It's a proto-VRM platform for The Intention Economy
Beyond IDP: further implications of Mydex
20. www.mydex.org - All right reserved
Can we now say
YES2ID?
William Heath @williamheath
ORGCon2013