UCD is still new, so not many questions have been asked yet. We need more! Please submit them via the contact form.
In anticipation, we give below answers to some of the questions that may be asked.
You can filter the questions to see only those relevant to your starting point. There are also some definitions to help explain any unfamiliar terms.
UCD will be compatible with all relevant government regulation.
At the time of writing – in May 2024 – the Department of Science, Innovation and Technology is nearing publication of the first official version of UKDIATF. The actual publication date is likely to coincide with the enactment of the Data Protection and Digital Information (DPDI) Bill, now expected early in the life of the next Parliament (assming that the new government does not wish to make significant changes.).
Despite their names, DPDI and UKDIATF are focused on the proofing of digital identity, and its use by individuals to interact with service providers. As yet, government has not thought through the implications of enabling an individual to use a digital wallet for many different kinds of personal data, not just identity but also qualifications, student-status, blue-badges, credit-worthiness, etc.
UCDx plans to participate in the development process to regulate such multi-application wallets, and will ensure compliance witht the resulting reqirements. UCD is likely to be become a ‘scheme’ under a future version of UKDIATF.
The word ‘control’ in UCD implies that the user plays an active part in the process of transferring data from one party to another, and thus can stop the transfer by declining to play that part. For example, an individual controls whether to take a bank note from their wallet and hand it over to a merchant. Similarly, using a wallet, a user will control whether to share data. Control is different to Consent, defined elsewhere.
‘Consent’ means simply that an individual agrees that data can be transferred between parties but plays no other part in the process. In payment systems, for example, an individual consents to a merchant taking payment by direct debit (by completing a direct debit mandate). Consent is best understood by contrast with ‘Control’, defined elsewhere in this FAQ.
No. The costs of running the UCD infrastructure will be paid by the service providers who choose to interact with you via your digital wallet. And they will be happy to pay in return for a better experience for their customers, lower costs, and easier compliance with data protection legislation.
Yes and no. SSI is a term used by some companies to describe software that enables (i) organisations to issue one or more ‘verified credentials’ to an individual; and (ii) the individual to control who should see such credentials.
Here the term ‘verified credential’ means much the same as what UCDx calls ‘trustworthy personal data’: both terms refer to personal data which the individual controls, in the sense of deciding who gets to see it, but cannot change. And both terms are general, and can refer to any kind of data, whether legal identity, or a qualification, or simply a statement that someone is over a certain age.
UCD differs from SSI in that it is aspires to be a complete proposal, putting forward not just clever software but also an organisational model, business model, funding model, governance model, and application route map, starting in UK education.
An attribute is simply a piece of data about – or belonging to – an individual, such as age, hair colour, legal identity, height, qualifications, vouchers, money, a visa for travel etc.
Attributes can be more or less closely tied to a particular identity. For example, a travel visa is generally tied to an identity, as shown in a passport. But a voucher can be anonymous, ‘belonging’ to whoever happens to have possession of it. And money, pure and simple, is always anonymous.
Attributes can be issued directly by a service provider qualified to do so. Examples include: a qualification issued by a learning provider; a credit score by a credit bureau; a ticket by an airline, and a legal identity by a government. Such attributes can usefully be called ‘authoritative’.
Attributes can also be checked by some other trustworthy party, other than the issuer. In this case, they can usefully be termed ‘verified’ attributes. Americans often use the word ‘claim’ instead of attribute. The word ‘credential’ can also be used.
Yes.
Although UCD has been developed as a concept largely by PIB-d Ltd, it has long been apparent that – in order to win the necessary trust – the project has to be led by a public-interest body. This realisation led to the creation, in 2020, of UCDx as a community interest company, using funding provided by InnovateUK.
John Harrison, one of the founders of PIB-d Ltd, serves on the board of UCDx and provides necessary expertise. But he has declared his interest in PIB-d to the board, and – should PIB-d ever seek to win work from UCDx – will be recused from the associated decisions.
We may (or may not) join soon.
TrustoverIP (https://trustoverip.org/) is a grouping of organizations formed in 2020 to develop a ‘full-stack’ of standards – not just technology but also governance – for internet scale digital trust.
UCD, in contrast, is a coherent set of business, technical, organization and governance models, together with a route to scale, for developing infrastructure for User Control of Data (including identity), starting in the UK education and finance sectors.
As such, UCD can be thought of a defined and focused expedition into new territory, whereas TOIP is a collective agreement between organizations that there is a lot of exploratory work to be done, and that it is better to carry out the work collectively. UCD may well draw upon some of the work carried out by TOIP.
Yes.
OIX (https://openidentityexchange.org) is a forum in which public and private sector organisations gather to discuss issues related to digital identity and personal data exchange. From time to time OIX members collaborate on a new schemes, i.e. new ways to makes tangible progress in the field.
UCDx is a member of OIX, and the UCD proposal is – in the eyes of OIX – a new ‘scheme’.
Ideally, organisations participating in UCD should be able to purchase software components from a deep market of suppliers, all offering standards-compliant code. Everynm is one early supplier in the market, and seems to be committed to interoperability; others are emerging and have a similar commitment to interop. Inrupt and Dataswift are further software developers active in the field, but UCDx knows less about them as yet.
Retail banking has remained much the same for a long time. Even web banking is just a new front-end for traditional back-office systems. UCD may be the driver of change.
We envisage that banks will soon begin to offer digital wallets, integrated into web banking applications, and enabling individuals to control the flow of personal data from the same interface that they use to control the flow of money. The first attributes will be proof of qualifications, and proof of identity. Use by the education sector should provide a route to scale.
The key to the involvement of the banks is – of course – the business and funding models. We have clear ideas about these, and are working to develop them further. Please contact us to discuss.
OneLogin is a system provided by the Government Digital Service as a successor to gov.uk Verify. It comprises a single-sign-on facility, coupled with a ‘back-office’ identity-proofing-provider. An individual can use OneLogin to interact with multiple government departments; if necessary they will be asked to proof their identity – by showing a passport or driving licence, and having their credit record checked – so that the result can be stored within the OneLogin system, and shown to a department when required.
UCD could, in principal be, compatible with OneLogin. An individual would choose a wallet provider from a managed market, use it to authenticate to OneLogin, go through the identity-proofing process, and then receive back from government proof of identity for storage in their wallet, and subsequent sharing with other service providers – in the private or public sectors – as required.
Seen this way, Government becomes the ‘attribute authority’ for legal identity, much as – say – a university is the authority for the issue of a degree certificate. This is as it should be, and would reduce significantly the need for commercial identity-proofing providers. There is, of course, a need to devise a suitable business model for such a managed market. We think there are a number of feasible options for such a model.
No. See answer to ‘Will my wallet provider (or others) have access to my data ?’ above.
No. Government departments like to maintain large databases of personal data, in part at least to enable statistical research as to what policy measures prove effective. Examples include – in education – the National Pupil Data Base (NPDB) and the Learning Records Service.
But these databases are assembled without really asking the individuals involved whether they agree. Further, they are often incomplete. For example, LRS mainly contains qualification data from secondary and further education in England: many universities do not contribute data, and the approach is not used at all in Scotland. (We are not sure about the situation in Wales or Northern Ireland.)
UCD could enable individuals to pull down data from LRS and combine it with qualification data from other sources. Then, if they are asked nicely, they may well agree to let an external party view their data for research purposes, provided their anonymity is protected. An explicit link to a research agency could even be installed by default, provided that the individual has the right to delete it.
In summary then, UCD will not prevent statistical research, since databases – such as LRS – will likely remain in place. Rather UCD has the potential to enhance such research by actually asking the individual, digitally, for permission to access all data relevant to a given enquiry, not just the sub-set captured in a centralized database.
UCD aims to be ubiquitous, a bit like a payment system, and so used by individuals to maintain online relationships with organisations across the public and private sectors, and with other individuals.
Thus, even though UCD is clearly infrastructure, design and implementation cannot be led by government. Why ? Because government’s remit is limited to individual-public_sector online relationships: it does not extend to online relationships between individuals and between individuals and private sector organisations.
And yet, UCD cannot be built without support from government, because it is government, in one guise or another, that controls significant chunks of our personal data (e.g. qualification records), and so offers a route to critical mass.
UCDx is working to secure the UK government’s support.
UCD can only developed as a collaboration between the UK‘s public and private sectors. It’s for this reason that the original development company, PIB-d Ltd, was set up as a joint-venture, half owned by (parts of) the education sector and half privately. But PIB-d was premature.
Now UCDx has been set up – as a community interest company – to make the case for UCD and act as a future governance body. But the fact remains that creating the infrastructure still requires collaboration and support from across the UK’s public and private sectors. The stronger the support from the public sector, initially education, the easier it will be for the private sector to raise the necessary finance.
gov.uk Verify was a scheme to enable individuals to prove their legal identity online to government. Government could easily have chosen to award a single large contract to just one identity provider, and then presented the result under the gov.uk brand. However, it chose instead to award contracts to several Identity Providers (IdPs, initially seven), and allow individuals to choose between them, based on brand strength and other factors.
The fact that individuals could choose an IdP from a managed market was a step towards the idea that it was the individual commissioning the IdP to act as their agent. But this was never really the case: the IdPs were always commissioned, and paid for, by government. And it is government which has decided to end the Verify scheme (probably sometime in 2022) and so terminate the provision of services by IdPs to individuals.
UCD is different. An individual will choose a wallet provider from a managed market, probably at the invitation of a learning provider, just as individuals chose a Verify IdP at the invitation of government. But, in contrast to Verify:
UCD can – over time – provide a range of necessary online applications which government needs, but cannot easily provide itself because of the need for such applications to be used not only in the individual to government relationship, but also between individual., and between an individual and a private sector service provder. These applications include:
The technology required for UCD is now mostly in place, and can be regarded as a variant of recent work on “self-sovereign identity”, led by various standards bodies, and certain software companies.
What UCD contributes are coherent business, funding, and governance models – together with a credible route to scale – required for the implementation of these technologies at scale in the UK.
No. At the moment, when an awarding body (such as a university, or an exam board, or a trade body) issues a paper qualification to an individual, say ABC, they are stating only that the individual known to them as ABC has earned a particular qualification
Even though awarding bodies may ask for proof of ABC’s identity at the time of registration, it is not their role to vouch for that identity to others, and they would not carry liability insurance for doing so.
Rather, vouching for an individual’s identity to others is the role of a specialist service provider, an ‘identity proofing provider’ or IdPP. Such organisations look at many factors to determine whether a claimed identity is genuine: evidence of interaction with an awarding body may be one such factor, but is far from sufficient. In the longer term, it is likely that government will the principal IdPP, online as in the physical world.
Since UCD wallet providers will be private or third-sector organisations, all competing for custom from individuals, there is a possibility that one or more could either fail commercially, or simply decide to exit the wallet market.
Should this happen, the company in question will be obliged – under its contractual agreements with UCDx – to allow all its customers to port their accounts to a different wallet provider of their own choosing, or in the final resort, transfer any remaining customers to a default provider selected by UCDx.
No. UCD can be piloted within a single secondary school, FE college and university. In each case, the learning provider will invite learners to choose a wallet provider from a managed market (i.e. at least two providers), and then use their wallet to interact with both the learning provider and with fellow learners.
Assuming these pilots prove successful, other learning providers will follow; and the new approach will grow to ubiquity, eventually being used for transitions between learning providers, and into employment, as well as internally.
Eventually.
In UCD terms, UCAS is almost a Decision Support Service (see page re organizational model), helping learners choose between, and apply to, universities. If the UCD pilots succeed, setting the infrastructure en route to scale, it will make sense – at some point – for UCAS to consider integration. The task will be complex, but it will be a sign of success, and so a good problem to have.
It could be.
LRS serves, principally, as a back-office store of qualification data from secondary and Further Education in England. This data is provided by the awarding bodies – such as OCR, and City & Guilds – who serve secondary and FE learning providers.
Learners could – using a UCD wallet – set up an online relationship with LRS at the same time as they register with a relevant learning providers, and so be able to pull down qualification data as it becomes available. Later on, they could use the same wallet to pull down qualification data directly from the learning providers – such as universities and professional/ trade bodies – that act as their own awarding bodies.
LRS is run by the Skills Funding Agency on behalf of the (Westminster) Department for Education. We are seeking DfE’s support.
Probably.
UKAMF enables an individual to use a single username and password, provided by their home institution (say a university or college), to gain access to online resources provided by others, typically a publisher. The publisher will grant or deny access based on information – attributes – released by the home institution. More info can be found at https://www.ukfederation.org.uk
UCD goes a big step further, enabling an individual to choose a wallet provider as their personal agent, i.e. as an intermediary in (potentially) all their online relationships, including that with their home institution.
Thus an individual will keep the same wallet – possibly porting it from one provider to another – throughout their educational career, and will be able to use it to share attributes from any party to any other. So UCD will be able to offer not just the functionality provided by UKAMF, but much more, starting with a portable personal achievement record, proof-of-student status, low value payment, proof of identity etc.
Conditionally. UCDx has been set up as a public-interest entity to govern the proposed UCD infrastructure, using funding provided by InnovateUK in response to a grant application submitted by PIB-d Ltd.
Jisc is a shareholder in PIB-d Ltd (www.pib-d.net), a commercial company created – as far back as 2011 – to develop UCD type infrastructure. While UCDx and PIB-d Ltd are independent of each other, PIB-d may in time bid to UCDx for a concession contract to run UCD pilots.
Jisc has indicated that (i) it believes that UCD type infrastructure is necessary; but that (ii) a UCD development project is only feasible if there is general support throughout the education sector, led by the relevant parts of government.
In consequence, it seems fair to say that Jisc’s support for UCD is conditional on winning support from government.
Three reasons:
UCD can only become infrastructure, and reach national scale, if users are given a choice between different wallet providers, and are assured of interoperability and account portabiity between them.
Initially, we expect that wallet providers will be SMEs, suitably regulated by DSIT, and presently acting as commercial identity proofing providers (IdPPs). Many of these companies know that their IdPP role may vanish if government starts to provide legal identity attributes free-of-charge to an individual’s chosen wallet provider, and so are keen to adopt the wallet provider role themselves.
Later on, we expect that at least one of the more nimble retail banks will see marketing advantage in becoming a wallet provider. And then all the others will follow, both to avoid being perceived by customers as technically backward, and to benefit from reduced customer onboarding/KYC costs.
Also the mobile network operators may offer wallets. And Big-Tech (i.e. Google, Microsoft, Facebook, Apple) could decide to participate, but would have to accept external regulation, something they have long tried to avoid.
Yes.
Just as an individual can choose to destroy a real-world wallet, and everything within it, so an individual will be able to delete their own digital wallet and any data within it.
If they do so, they will have to re-establish online relationships with every service provider by some other means. This will be difficult, but the right to delete a digital wallet is fundamental.
Not in normal use.
A wallet provider will not have the right to look inside an individual’s wallet or make any use of the data therein.
However, occasions may arise where a wallet provider, probably working on behalf of others (such as the State or a relative) needs to gain access to such data. In the case of the state, there would likely be a need for a warrant, akin to that used to obtain physical access to an individual’s home. A relative might need a power of attorney, or similar.
This area is controversial. In our view, the debate should not be about whether access of this kind should be technically possible, but rather about the safeguards – legal and technical – that should be put in place to ensure that any such third party access only happens in extreme situations, and is never abused
No.
UCD will be designed to avoid – at the infrastructure level – any unique identifiers for individuals, making it more difficult for counterparties to exchange personal data between their back offices without involvement of the individual. Instead, they will need to ask the individual, via their wallet account, to disclose the data.
Note, however, that some parties will require an individual to disclose personal data capable of being used as a unique personal identifier (such as the triad of name, date-of-birth and postcode; or an email address; or a phone number) at the point they sign-up. In this case, the individual can either comply or choose to walk away.
As many as you like.
But – just as too many bank accounts or wallets becomes a nuisance – so most people will find that it’s easier to have just one or two digital wallets. Otherwise, they may find that the data that they need to share via one wallet is only present in a different wallet.
No.
Just like signing up for a conventional account on any website, the only thing that an individual must prove to get a digital wallet is that they are human (probably by solving a captcha).
Later, when using a wallet to set up an online relationship with a service provider, it’s the service provider which determines what information the individual needs to disclose and to what degree such information needs to be trustworthy.
In some cases, the service provider – say a Further Education college or a family doctor – may request online proof of an individual’s legal identity not because such proof is necessary for the delivery of their services, but rather to help link the individual to any existing offline records that they may maintain. (Or they could make the linkage by face-to-face contact instead: a teacher can recognise a student, and just as a doctor can recognise one of their patients.).
There is a purist approach to UCD in which individuals don’t need a wallet provider, and rely instead only on software installed only on their own device. While it might be possible to make this work technically, there are two main reasons why we think there is a need to involve wallet providers
The first is that software is never intrinsically trustworthy, secure or privacy-enhancing. Rather all these good things are the result of work by people and organisations, are communicated by some form of brand or trademark, and need to be paid for. Put otherwise, there is a need for infrastructure to have a coherent business model; and the best one (that we can find, anyway) relies upon service providers paying wallet providers small periodic relationship fees.
Second, humans are fallible: they forget passwords, and they forget to make backups. For most people, it makes sense having a wallet provider to help them ensure that they never lose their data, or access to it.
UCDx will maintain and enforce open standards to ensure interoperability and account portability between different wallet providers.
Whether any software components are made available open-source is a secondary issue, to which the answer is not yet clear. However, the Open Wallet Foundation was set up in 2002, as an offshoot of the Linux Foundation, to encourage the development of open-source software for wallets, and UCDx is all in favour: there is no point in developing multiple, competing, commercial versions of what should be interoperable code.
Many web browsers are now built on a common open-source core. Only the cosmetics differ. UCDx hopes that wallet software will follow the same pattern.
Perhaps. The main idea behind UCD is to give individuals control over their own data. Once they have such control, they may well choose to give a (well-regulated) AI access, seeking advice or guidance. And if they don’t like the results, they can switch to a different AI, or turn the thing off entirely.
Not necessarily. UCD can be built without block-chain – which is just one technical option and in no way a panacea. If used at all, the most likely application is for the exchange of public keys between parties.
It won’t change your life. But doing stuff on line will gradually become better.
You won’t have to manage as many usernames and passwords, or other authentication mechansims.
You will enjoy bank-grade security, & better privacy.
And life will become easier, since you will be able to do more things online more easily, all based around the simple idea of controlling, precisely, the sharing of your trsutworthy personal data between differerent service providers. Applications include:
David Alexander, the founder of Mydex CIC, describes the problems solved by user-control-of-data as reducing Friction, Effort, Risk and Cost, or “FERC”. He is not wrong.