The Government’s One Login scheme is no longer listed in the official register of DIATF service providers.
One Login was designed for identity verification and authentication to online central government services, but Computer Weekly.com last month exposed alleged cybersecurity and data privacy flaws identified by an ex-employee who worked in information security at the Government Digital Service.
One Login was certified against the standards of the DIATF by the Kantara Initiative earlier this year, among mainly private identity service providers. This caused some “consternation in the (private sector) DIATF-community”, says Richard Oliphant, as many “believe that One Login should be confined to government use cases and not compete with DIATF-certified identity providers in the private sector” after it has been announced that One Login will be used for verification to access the UK’s proposed digital wallet.
“They fear a taxpayer-funded monopoly by One Login which would stifle innovation, competition and economic growth”.
Read here about the alleged flaws with One Login
Computer Weekly has also revealed that one contractor on One Login has pulled out of meeting the DIATF requirements by choosing not to keep up-to-date with the certification. As a result, the public One Login system failed to retain a place on the register and the allegations around privacy have since surfaced. Suppliers of digital identity systems have a pressure to seek this certification and ensure compliance across the private sector.
