Access and Identity Management (AIM)

Last updated: 
1 week 1 day ago
Group Manager
Members of the research and education community within the United Kingdom regularly make use of various types of online services, including web-based e-resources, wireless network access, and cloud-based applications. Many of these services require authentication of a user's identity, and many additionally require the release of attributes relating to that identity for authorisation purposes. Access and Identity management technologies and services aim to fulfil this need for robust authentication and authorisation technologies. Jisc either runs or is heavily involved with many major services offered to the UK R&E community in this space such as eduroam, the UK federation, Moonshot, and the Janet Certificate Service. This group exists for those interested in AIM and trust and identity services to discuss the latest developments, keep track of goings-on, and participate in discussions about what the community needs in this area and what Jisc should be offering. (Note that for eduroam, Moonshot, and the Janet Certificate Service specific discussions, these technologies have their own groups on this site). To learn more about Jisc's AIM services, you can see the slides and video of an overview given at Networkshop42.
Log in to request membershipHide group description

Group administrators:

Recent members:

UK Gov publishes Draft Identity Assurance Principles

9 September 2013 at 7:42am

GDS, the Government Digital Service, yesterday published an open consultation on the nine draft Identity Assurance Principles developed by the Identity Assurance Programme's Privacy and Consumer Advisory Group.  The full list and commentary on the context of the Principles can be found at https://www.gov.uk/government/consultations/draft-identity-assurance-principles/privacy-and-consumer-advisory-group-draft-identity-assurance-principles, but in summary, they are:

1. The User Control Principle: Identity assurance activities can only take place if I consent or approve them.

2. The Transparency Principle: Identity assurance can only take place in ways I understand and when I am fully informed.

3. The Multiplicity Principle: I can use and choose as many different identifiers or identity providers as I want to.

4. The Data Minimisation Principle: My request or transaction only uses the minimum data that is necessary to meet my needs.

5. The Data Quality Principle: I choose when to update my records.

6. The Service-User Access and Portability Principle: I have to be provided with copies of all of my data on request; I can move/remove my data whenever I want.

7. The Governance/Certification Principle: I can trust the Scheme because all the participants have to be accredited.

8. The Problem Resolution Principle: If there is a problem I know there is an independent arbiter who can find a solution.

9. The Exceptional Circumstances Principle: Any exception has to be approved by Parliament and is subject to independent scrutiny.

Given the recent furore over PRISM I expect most comments and feedback will relate to number 9...

Mike Bracken has blogged about the principles at http://digital.cabinetoffice.gov.uk/2012/04/24/identityand-privacy-principles/ and one of the comments raises a question that sprung to my mind when I read them - how do these relate to Kim Cameron's Laws of Identity? - possibly something for another article.

Another related blog worth reading is Toby Stephen's at http://www.computerweekly.com/blogs/the-data-trust-blog/2013/06/government-digital-service-pub.html. Toby sits on the  Identity Assurance Programme Privacy and Consumer Advisory Group so has been involved in the development of these principles.

  • Twitter logo
  • LinkedIn logo
  • Google+ logo
  • Reddit logo
  • StumbleUpon logo
gov.uk