Computer weekly has learned that a key technology supplier to one login chose to allow its certificate to lapse, and as a result, one login haveen removed from also be also
ALL Suppliers of Digital Identity Systems in the UK are expected to comply with the digital identity and attributes Trust Framework (Diatf) If their software is to be used for any public services.
For example, companies that wish to provide identification verification for services such as right to work, Right to Rent to Rent or The Disclosure and Barring Service for Vetting Individuals, MUT CONFORM SITF. More than 50 online government services Alredy use one login, and further services are planned that will expand the scope of diatf registration. Currently, more than 50 products have received recovery against the framework.
The government digital service (GDS) Achieved Diatf Approval for One Login in December 2024, ahead of the announcment by Technology Secretary Peter Kyle in January T. Identity Verification for the Forthcoming Gov.uk walletWhich will store digital versions of official documents such as driving licenses.
Kyle's announsement caused Shockwaves Among existing diatf suppliersWhoch Saw the Government Entering the Commercial Sector and Potentially Competing with their products.
However, the use of one login must be called ITO Question While Its Diatf Certification has been lapsed. The system uses technology from Supplier iProov As part of the biometric authentication process for users proving their identity. Last Month, IPROOV FAILED to Renew Its Diatf Compliance, so the one login registration automatically expired.
A government spokesperson said: “As we continue to update the beta trust framework, providers are required to Recertify themeselves to show them meet our requirements – where this does the does NOS NOS NOS NOS NOS NOS NOS NOS NOT HAPPEN Choose not to, they are removed from the list. “
How is the government's flagship Digital Identity System Failing to Meet Standards So Badly?
Tim Clement-Jones, Liberal Democrats
The Data (Use and Access) Bill Currently Going through Parliament will introduce the enabling Legislation Required for One Login to Move from “Beta” Status to a Status to a Stutory Service. However, the system has been in use Since 2022 and Alredy has six Million Users.
A spokesperson for iproov said: “iproov holds a number of certificates, bot in the uk and internationally, which we regularly review against Against Customer Requirements. Following a standard review, Trust Register [DIATF] Certification was allowed to lapse. We will look to receive in line with customer requirements. “
The loss of one login's certification follows a series of revivals about security and data protection Concerns Around the system.
GDS said the concerns was “outdated” and Arose “when the Technology was in its infancy in 2023”, despite one login being used used at that time to support live services. “We have worked to address all these concerns as evident by multiple external independent assessments.
The one login development team is also sums to fully implement the government's Secure by design Practices, Although GDS Says The System “Meets these Principles”.
But the fact that one login has been shown to have had serial cyber security and data protection issues, followed by a lack of full compliance with ncsc guidelines, and nov losing weTSITS DITSITS DITSING DITSING DITSING Raises significant questions about the use of one login for Critical Digital Public Services.
Peer Tim Clement-Jones, The Liberal Democrat Digital Spokesman, Said: “How is the government's flagship Digital Identity System Failing to Meet Standards So Badly, Given T. Is Expected to Shortly Form Ann essential part of our immigration Controls? We need answers and quickly. “
According to the Government Cyber Security StandardALL Critical IT Systems must Conform with CAF and Secure By Design Principles, What Diatf Certification is Mandata for Digital Identified Systems Linked to Public Services.
