Policy paper

How to create and share attributes

Updated 2 August 2021

Before you can begin acting as an attribute provider (also known as an 바카라 사이트˜attribute service provider바카라 사이트™) in the UK digital identity and attributes trust framework, you바카라 사이트™ll need to prepare the attributes that are involved. This makes it possible for the organisations that consume attributes to compare, trust and use them.

You바카라 사이트™ll usually need to:

You can then share the attribute.

Create an attribute

Exactly how you create attributes will depend on what you바카라 사이트™re trying to do, or what your organisation does.

For example, a new attribute would be created when you:

• open a bank account
• open an email account
• count how many people work for your business
• assign VIP status to a customer

Using existing attributes to create new attributes

Creating a new attribute can also involve other attributes that already exist. Some of these might come from other attribute providers.

Example A credit reference agency gives people credit ratings based on their financial history. Each credit rating is an attribute that the agency creates.

When Joshua asks for his credit rating, the agency starts by collecting attributes from other attribute providers (like Joshua바카라 사이트™s bank and credit card provider). The attributes they collect include things like Joshua바카라 사이트™s overdraft limit.

The agency then combines all the information that it collects about Joshua and uses it to work out his credit rating.

Collected attributes can be combined or used alone.

Storing attributes

Your organisation must have a records management policy, which will tell you how to manage attributes you create and store. This should include:

• which attributes to keep
• your reason for storing the attributes
• how long you can keep the attributes for

You should have access to the policy for your organisation. If you do not know where to find it or have any questions about its contents, talk to your organisation바카라 사이트™s records manager.

Bind an attribute to a person or organisation

Attributes describe something about a person or organisation. As a result, attribute providers and consumers need to be able to tell who each attribute relates to.

You바카라 사이트™ll use a process called 바카라 사이트˜binding바카라 사이트™ to record this.

How it works

Binding links an attribute to the appropriate person or organisation.

It uses an 바카라 사이트˜identifying attribute바카라 사이트™ to make the connection. An identifying attribute, or 바카라 사이트˜identifier바카라 사이트™, is a unique attribute or combination of attributes that can be used to identify a person or organisation.

Example When someone starts a new job they바카라 사이트™re given a unique employee number, which is an identifying attribute. This links the person with their job title (another attribute).

The HR department uses the identifying attribute to link the employee바카라 사이트™s other attributes to the employee. Their other attributes include their salary and how many hours they work a week.

For example, one office has 2 employees named Daniel Jones. When the HR department gets a phone call from one of them, the HR representative asks for their employee number. This helps them know which Daniel Jones they바카라 사이트™re talking to.

If you do not bind your attributes, other organisations will not be able to tell who they belong to. This will make them harder to use and less valuable.

Binding and matching

After an attribute has been bound, you can 바카라 사이트˜match바카라 사이트™ it to the person or organisation it바카라 사이트™s bound to.

To match an existing attribute, you바카라 사이트™ll need to know the identifying attribute that was used in the original binding. Checking the identifying attributes against your records should tell you which person or organisation the attribute relates to.

How to bind an attribute

You can bind an attribute by recording the attribute and identifying attribute together. Do this once you바카라 사이트™ve:

• checked the identity or authenticator of the person or organisation involved
• decided which identifying attribute to use

Exactly how you record the attribute and identifying attribute will depend on the system you use.

You can bind an attribute when it바카라 사이트™s created or wait until later, as long as you bind it before you share it.

Who to bind to

When you bind an attribute, you connect it with either:

• the person or organisation who gave you the information
• the person or organisation that it relates to

These will usually be the same individual, but not always. For example, someone might:

• have to show their parents바카라 사이트™ income when they apply for a student loan
• book a train ticket for a friend who does not have a computer
• file a tax return on behalf of a client
• use a subcontractor to help them with some work
• be impersonating someone else

Checking the claimed identity

When you bind an attribute to a person or organisation, you바카라 사이트™ll need either their identity or an authenticator.

Check a person바카라 사이트™s identity or authenticator

To check a person바카라 사이트™s identity, use the separate guidance on how to prove and verify someone바카라 사이트™s identity.

You can use an authenticator instead if either:

• you바카라 사이트™ve already proved their identity
• they have a digital identity you can accept

You might decide not to check the claimed identity or ask for an authenticator.

This can affect your ability to share the attribute.

Checking the person바카라 사이트™s identity or authenticator will give you one of the following levels of confidence in the identity:

• low confidence
• medium confidence
• high confidence
• very high confidence

If you did not check the claimed identity, or cannot meet the requirements of the low confidence profile, you must say you have 바카라 사이트˜no confidence바카라 사이트™ in the identity.

Record your level of confidence in the attribute바카라 사이트™s metadata.

Check an organisation바카라 사이트™s identity

First, check the identity of the person who claims to represent the organisation.

Once you바카라 사이트™ve checked their identity, you must:

• make sure the organisation exists
• check the claimed identity바카라 사이트™s relationship with the organisation

Record the results of these checks in the attribute바카라 사이트™s metadata.

If you cannot confirm that the organisation exists and that the claimed identity represents it, you should not bind the attribute to them.

Choosing an identifying attribute

You can choose to either:

Create an identifying attribute

You can create a new identifying attribute if you바카라 사이트™d like to. For example, every company that registers with Companies House is given a new identifying attribute when they get a company registration number.

There are no restrictions on the identifying attributes you create. Other organisations will be less likely to trust them if you do not produce them in a reliable way (for example, if it바카라 사이트™s possible for you to accidentally issue the same registration number more than once).

Use existing information as an identifying attribute

You can use various types of existing information as identifying attributes. This includes information that you ask for during the binding process or already have from authentication.

If the attribute is about a person, you can use information about them.

Example Gurinder wants to change her mobile phone provider and get a new number. She decides to get a mobile phone contract with the company that provides her broadband at home.

When the company creates a new mobile number, they can bind it to Gurinder using her existing customer number. The customer number is the identifying attribute in this case.

If the attribute is about an organisation, you can use information about it.

Example An import and export business needs to link a company to a . They can do this by using the organisation바카라 사이트™s Companies House number. They will need to make sure the number in the Companies House register matches the number in the DUNS register.

You can also use someone바카라 사이트™s physical appearance as an identifying attribute. This means they physically match a photo you hold or a photo from a piece of evidence that you trust.

Example Someone working in a pub needs to check a customer바카라 사이트™s age before they sell them an alcoholic drink. They need to link the customer바카라 사이트™s age or date of birth to the person who바카라 사이트™s trying to buy a drink. They can do this by checking the photo on a piece of evidence (such as a proof of age card) looks like the customer.

If you and the person both have access to appropriate technology, you can use someone바카라 사이트™s biometric information as an identifying attribute.

Example A Eurostar customer can use an app to scan their passport. The app will send their name and the image of their face to Eurostar, and Eurostar will issue a ticket in their name.

Before the passenger gets on the train, their face will be scanned and compared to the attribute on file using facial recognition technology. Eurostar uses their biometric information as an identifying attribute so they can be sure it바카라 사이트™s the named passenger who바카라 사이트™s travelling.

Responding to attribute confirmation checks

In some cases you will not need to provide all the information that an attribute contains.

This usually happens when someone asks you to do a confirmation check on an attribute you hold.

Example An online lottery ticket seller needs to know that a new customer, Jack, is old enough to buy a ticket. The minimum age limit for the lottery is 18. Jack바카라 사이트™s date of birth is the attribute.

An attribute provider can send the seller a 바카라 사이트˜yes바카라 사이트™ or 바카라 사이트˜no바카라 사이트™ response that shows if Jack is aged 18 or over. The lottery ticket seller does not see their full date of birth or any other information.

If Jack is older than 18, the lottery ticket seller will let them create an online account to buy a ticket. They바카라 사이트™ll also store the information about Jack바카라 사이트™s age as an attribute.

Because they do not know Jack바카라 사이트™s date of birth, the attribute the lottery ticket seller stores will be 바카라 사이트˜over the age of 18바카라 사이트™. They should treat the new attribute like any other attribute - for example, they can use it to create a new attribute.

Before you respond to an attribute confirmation check, you must follow the guidance on how to share attributes.

Share an attribute

Before you share any attribute, you must check:

Check when an attribute was last updated

You must include the date when an attribute was last checked or updated in its metadata.

Relying parties are more likely to use attributes that are:

• up to date
• valid (not expired or revoked)

Relying parties can decide how recently an attribute must have been checked before they will accept it.

Attributes that can be updated

Some attributes, like a person바카라 사이트™s date of birth or National Insurance number, will almost always stay the same throughout their life. Others, like someone바카라 사이트™s home address or passport number, might change several times.

For attributes that are likely to change, up-to-date versions are usually more useful and valuable than older ones. Relying parties can also choose to consume less valuable attributes, which might be out of date, and check them themselves.

Check if an attribute has been updated

To check if an attribute has been updated, you can ask:

• the person or organisation the attribute relates to
• another attribute provider who has updated the attribute more recently
• the 바카라 사이트˜authoritative source바카라 사이트™ - see how to recognise an authoritative source

Keeping attributes you hold up to date

You will not usually be told when an attribute you hold is updated.

If you need the attributes you share to be as up to date as possible, you바카라 사이트™ll have to set up a system to monitor them. The Information Commissioner바카라 사이트™s Office (ICO) has several .

How you monitor changes will depend on your organisation바카라 사이트™s needs and on industry-specific requirements, like the 바카라 사이트˜know your customer바카라 사이트™ (KYC) requirements for banks and other financial services.

If other attribute providers share information with you, you might be able to use it to update the attributes you hold.

Example Employers have to send a Real Time Information (RTI) update to HM Revenue and Customs (HMRC) every month. This includes payroll information and some employees바카라 사이트™ addresses and postcodes.

If an employee바카라 사이트™s postcode in the RTI does not match HMRC바카라 사이트™s records, HMRC can change the employee바카라 사이트™s address in their system.

You can also ask people and organisations to tell you about any changes directly. This is often used for changes to contact details.

Example The Driver Vehicle and Licensing Agency (DVLA) holds the addresses of UK driving licence holders. DVLA asks licence holders to contact DVLA if they move house and cannot pick up post from their old address.

If someone moves and does not tell DVLA about the change, they can be:

• charged for late payment if they miss a parking or speeding ticket
• fined up to £1,000

Attributes that expire

Some attributes 바카라 사이트˜expire바카라 사이트™. This means they stop being valid after a set time.

Example A gym offers a year바카라 사이트™s membership for the fixed price of £450.

Ahmed signed up for the membership on 31 August 2019, which gave him the attribute 바카라 사이트˜gym member바카라 사이트™. A year later, on 30 August 2020, the attribute expired. As a result his membership card will no longer open the gym door.

Check if an attribute has expired

An attribute will not be valid if its expiry date has passed.

The expiry date can be found:

• on a related physical document (like a driving licence or security pass), if there is one
• as part of a digital record, for example in the metadata

Sharing expired attributes

Expired attributes can be used for several things, such as 바카라 사이트˜knowledge-based verification바카라 사이트™ (KBV) challenges. If you share expired attributes, it must be obvious that they바카라 사이트™ve expired.

Attributes that are documents, such as passports or photocard driving licences, should not be used for their original purpose once they expire. This means you cannot use them to prove someone바카라 사이트™s right to travel or drive. Relying parties might choose to accept them as evidence to prove and verify someone바카라 사이트™s identity.

Attributes that can be revoked

Many attributes can be 바카라 사이트˜revoked바카라 사이트™ (cancelled).

This often happens when a physical item, like a bank card or passport, is lost or stolen. The attribute (in this case, the unique reference number on the card or passport) is revoked to stop the item being used for fraudulent purposes.

It also happens for many other reasons. For example, an organisation might revoke:

• a customer바카라 사이트™s 바카라 사이트˜VIP바카라 사이트™ status if they spend less than an agreed amount in a year
• someone바카라 사이트™s driving licence if they build up 12 or more penalty points in 3 years
• an employee바카라 사이트™s security clearance when they leave the company

If an attribute can be revoked, it can be revoked at any time. This means a consumer might ask you to check if the attribute is still valid when they request it.

Example Felicity is going to visit Glasgow and is flying from London Heathrow airport. As well as checking her identity, airport staff at the security gate will check she has the right to fly to her destination.

In this case, they simply need to check that her name is not on any 바카라 사이트˜no-fly바카라 사이트™ lists. For other destinations, like the USA, they바카라 사이트™d also need to check that she has the right visa or other permissions.

Check if an attribute has been revoked

Ask an authoritative source to find out if an attribute has been revoked.

Show the quality of an attribute

In some cases the recipient will also need details about the quality or security of an attribute before they can use it. For example, a financial service might have specific requirements.

Check you can share an attribute

You must meet data protection requirements when you share attributes. This means you must have a 바카라 사이트˜바카라 사이트™ for sharing them.

Getting consent

In many cases you must check that the right person or organisation has given their consent for you to share their attribute. Exactly who this is and how they give consent will depend on what the attribute is and how you바카라 사이트™re using it.

You should not collect or share any attributes without a clear purpose. This is true even if you have consent.

When someone gives you their consent, you might need to check their identity or authenticator before you can accept it. This will make it harder for someone to accidentally or intentionally get information about someone else.

Implicit consent

In some cases you can share attributes about someone without that person giving their explicit consent. You바카라 사이트™ll need to have 바카라 사이트˜implicit consent바카라 사이트™ to do this.

This usually happens when they바카라 사이트™ve asked you to do something and you need to share their attributes to do it.

Example A mortgage broker has to share details about their customers바카라 사이트™ income. They do not need to record each customer바카라 사이트™s consent, because they cannot get quotes from mortgage providers without sharing the information.

You might still need to check someone바카라 사이트™s identity or authenticator before you can accept their implicit consent.

When you do not need to check for consent

You do not need to check for consent in certain other situations, including when:

• you바카라 사이트™re being asked to share attributes as part of a legal investigation
• sharing attributes could save someone바카라 사이트™s life

The ICO has a list of , which has more information about when you can share attributes and other data without consent.

Check the person or organisation requesting the attribute has the right to see it

Once you know you can share an attribute, check that the person or organisation that바카라 사이트™s asking for it has the right to see it.

If you already have appropriate consent to share an attribute with a specific person or organisation, you do not need to ask for it again.

Example Amal goes to a high street store to buy a new mobile phone. He decides to get insurance for it through the store바카라 사이트™s recommended third-party provider.

When Amal gives his details, he consents to the salesperson sharing them with a particular insurance provider. This does not mean the salesperson can give Amal바카라 사이트™s details to another insurance provider or a marketing company.

In most cases, the person or organisation the attributes are about should decide who can and cannot see their attributes. But in some cases they can be overruled.

Example Rebecca works in an independent bookshop. The owner, Niall, gives everyone who works in the bookshop a £50 note as a Christmas bonus. Rebecca would prefer it if Niall did not report her bonus to HMRC.

A Christmas bonus in cash counts as earnings, so Niall must report it to HMRC and deduct tax in the usual way. He does not need Rebecca바카라 사이트™s consent to do this because he바카라 사이트™s required to do it by law.

You might face unexpected situations where it바카라 사이트™s not clear if you should share an attribute with the person or organisation that바카라 사이트™s requesting it.

To make this clearer, you can ask:

• the person or organisation the attribute relates to
• a security, privacy or legal expert in your organisation

If you cannot get clear approval, do not share the attribute. Make sure that everyone who can access the attributes you hold understands this.

Example Chris is an administrator at a primary school. A parent who does not have day-to-day care of their child contacts the school and asks for their child바카라 사이트™s home address.

The parent is not listed as a contact in the pupil바카라 사이트™s record. But they claim they need the address because there바카라 사이트™s been an emergency.

Chris needs to establish that:

• there바카라 사이트™s a genuine emergency that can only be solved by sharing the address
• sharing the address would not have any negative consequences, for example the parent using it to harass their former partner

Check how reliable and secure an attribute is

You must check how reliable and secure the attributes you create are. One way to do this is using scoring.

Use the separate guidance on how to score attributes to do this.

Checking attributes from other providers

If you use attributes from other providers to create your attributes, you might need to do additional scoring to check the attributes you바카라 사이트™re using are reliable and secure.

You might want to score the attributes you collected if they either:

• did not come with scores
• came from the person or organisation that the attribute is about
• came from another attribute provider that바카라 사이트™s not part of the UK digital identity and attributes trust framework

Use the separate guidance on how to score attributes to do this.

How to share the attribute

Exactly how you share attributes is usually something you바카라 사이트™ll consider when you build your service.

Separate guidance on building a service will be available in the future.