A new framework is defining clear roles—Identity, Attribute, and Orchestration providers—to securely verify who you are and what details describe you, aiming to simplify digital life for consumers and businesses
As digital interactions become central to commerce and daily life, the process of verifying who a person is and what details are true about them is being radically standardised under a new framework in the UK.
The UK Digital Identity and Attributes Trust Framework (DIATF) is establishing clear roles and standards for a secure and interoperable digital identity system. This governance structure is designed to move forward an efficient ecosystem that simplifies identity proofing for individuals and builds critical confidence for businesses relying on digital checks.
The framework defines three distinct service layers, clarifying how data is checked, moves, and is used: Identity Service Providers (IDSP), Attribute Service Providers (ASP), and Orchestration Service Providers (OSP).
Three Roles In Digital Verification
The IDSP acts as the gatekeeper of “who you are.“ Their primary role is to prove and verify an individual’s core identity, often relying on government IDs, biometrics, or certified identity checks. Once verification is complete, the IDSP issues a digital credential or assertion.
Attribute Service Providers (ASP)
The ASP focuses on the pieces of information that describe you, such as age, address, qualifications, or employment status. They gather, validate, and package these data elements, sharing only the specific attributes a user authorises with other providers and relying parties.
Example: A landlord needs to verify a tenant’s right to rent. The tenant consents to an ASP securely sharing only their verified address and immigration status with the landlord’s portal.
Orchestration Service Providers (OSP)
The OSP functions as the traffic controller for identity data. They coordinate the secure flow of information between IDSPs, ASPs, and the final service provider (the relying party). They manage user consent, ensure that security protocols match up, and encrypt data during transmission, enabling seamless end-to-end workflows.
Example: When a bank onboards a new customer, the OSP ensures the IDSP (confirming identity), the ASP (holding proof of address), and the bank’s own systems exchange data smoothly while strictly honouring user consent and security policies.
Building Trustworthy Ecosystem
The DIATF essentially ensures that the IDSP confirms your core identity, the ASP curates the trusted details about you, and the OSP securely wires those pieces together under the right permissions.
This structure allows for a flexible, secure framework that respects user consent while aiming to make the verification process frictionless.
To maintain the high standards required, applications for DIATF approval are assessed by approved conformity assessment bodies (CABs), currently including BSI and the Kantara Initiative, which were approved after completing a pilot assessment program.
This comprehensive approach is designed to tackle fraud and complexity simultaneously, building a verifiable layer of trust essential for the rapidly evolving digital economy.