Cabinet Office joins the Open Identity Exchange

On Tuesday, 12th June, Mike Bracken announced that the Cabinet Office will be joining the Open Identity Exchange (OIX). The Identity Assurance Programme team explain how this will enhance a process of collaboration and inform ongoing, small-scale, alpha projects.

Recently we blogged about the Cabinet Office Identity Assurance Programme (IDAP) team’s visit to the White House where the IDA team also met up again with the Open Identity Exchange (OIX) for a day of workshops and discussions exploring how we could collaborate with OIX to achieve our goals.

A meeting in London was held on Tuesday this week to formalise our commitment to OIX and share how we plan to work with OIX going forward.

The Open Identity Exchange (OIX) gathered around 50 organisations together to hear how OIX works and how the UK Government plans to structure a dialogue with interested parties on this subject.  We also described how we will use OIX to communicate progress on a series of practical alpha projects.

Like the range of problems that it is trying to address, OIX is international. Established in the US and responding to the White House strategy (National Strategy for Trusted Identities in Cyberspace), it encourages collaborative working across geographical, political and organisational boundaries, in order to respond to a fast moving and complex set of problems.

To participate in OIX, or its related activities, interested organisations do not have to pay (though there is a membership framework should organisations wish to join). Instead it asks participants to sign up to principles, for example around intellectual property. OIX is about openness and interoperability and the principles reflect this.

So why has the UK Government joined?

HMG has made a commitment that new digital transactions from central Government Departments such as DWP’s Universal Credit will adopt a federated model for identity registration and credential authentication to prevent ‘login fatigue’ – having too many usernames and passwords. This approach will require close collaboration with industry and this is what OIX can help encourage.

The Cabinet Office Identity Assurance Programme (IDAP) will use OIX in two ways, firstly to create a UK Working Group through which organisations can participate in the development of the initiative. Secondly, it will engage with partners about ongoing small scale alpha projects that experiment with solutions to real world problems. These projects will allow us to ‘learn from the journey’ and allow us to focus discussion around tangible problems.

Joining OIX is big step forward on the IDA mission. We will use this blog (and other channels) to communicate the evolving structure but also the progress we’re making. If you’d like to get involved, the Contact Us button is at the top of the page.


  1. Re “will adopt a federated model for identity registration and credential authentication to prevent ‘login fatigue’” – who will have access to this?

      1. Will Local Authorities be able to make use of the identity registration/credential authentication within their own systems (eg Parking, Libraries, etc)?

  2. Steve Wreyford’s post on OIX is the latest on the ID assurance blog and is dated 14 June 2012, three months ago.

    Has there been no activity on identity assurance since then?

    Surely there must have been some, GDS are due to announce by the end of September – 85 hours time – which bidders have been approved to provide identity assurance services as per the 1 March 2012 notice in OJEU.

    When will we be told who the winners are?

    1. Thanks for your comment, David.

      Firstly, please don’t take our lack of posts as evidence of inaction. We’ve actually been incredibly busy over the summer and are expecting a bumper crop of posts in October, to share what we’ve been up to. So, watch this space.

      Secondly, DWP are still working to resolve final contractual issues. The outcome will only be made public when final contracts are signed.


      1. Furthermore, this notification will come from DWP, not Cabinet Office or GDS, as it is their framework.

      2. Dear Mr Wreyford

        Thank you for your reply.

        I don’t mistake the absence of posts for inactivity – as I said, surely there must have been some activity in view of the importance of Universal Credit.

        You say that “DWP are still working to resolve final contractual issues”. Ex-Guardian man Mike Bracken made it clear on 1 March 2012 that Identity Assurance belongs to the Cabinet Office and not DWP: “… this approach ensures that, ultimately, HMG-wide Identity Assurance is supplied across central departments via a common procurement portal (to HMG agreed standards) and governed by the Cabinet Office”. Presumably GDS are involved in those “final contractual issues” just as much as if not more than DWP*.

        The absence of posts does create a vacuum, though, which draws in all sorts of flotsam …

        The Department for Business Innovation and Skills (BIS) midata initiative, for example. Why are GDS using BIS to try to legislate for Personal Data Stores/Inventories (PDSs/PDIs) instead of doing it themselves?

        And GOV.UK – why waste a lot of time and money re-writing central government websites? Is it to provide consistent hooks for PDS-based identity assurance in all government communications over the web?

        A PDS is a dynamic dematerialised ID card, isn’t it. The public won’t “wear it”. Neither will the banks if the Cabinet Office try to insert PDSs into the nation’s payment systems.

        If Google and/or Facebook turn out to be on the list of GDS-approved suppliers of identity assurance services, then DWP and everyone else will have wasted their time negotiating any contractual issues, final or otherwise. Again, the public won’t wear it.

        And the GOV.UK team will have wasted their time.

        And BIS will have wasted their credibility …

        Goodness, just look at all that dust, you never can tell what the vacuum’s going to draw up, can you. The sooner GDS can tell an expectant public what you’ve come up with identity assurancewise, the better.


        * While writing this reply of mine, your second reply popped up, trying to push responsibility back on to DWP. Too late, Mr Wreyford. The Cabinet Office burnt their bridges when they made DWP withdraw their December 2011 OJEU notice. You know that. If Universal Credit fails for lack of identity assurance, that will be the Cabinet Office’s fault now and not DWP’s.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s