UK allocates £10m to new ID scheme

UK allocates £10m to new ID scheme

Summary: The government's single sign-on identity scheme will get £10m from the £650m cybersecurity budget, according to Cabinet Office minister Francis Maude


The UK government has announced funds to 'lubricate' its trusted identity scheme, in which citizens authenticate themselves across multiple public services.

Francis Maude

Cabinet Office minister Francis Maude has said the government will put £10m into its new Identity Assurance scheme. Photo credit: Cabinet Office

The 'Identity Assurance' single sign-on scheme will get £10m over two years from the government's £650m cybersecurity budget, Cabinet Office minister Francis Maude told a conference in central London on Monday.

"Last week I earmarked £10m from the cybersecurity programme to provide extra resources for this programme," said Maude, adding that the Identity Assurance programme was different to the scrapped identity cards scheme.

"We think the government can be involved, must be involved, not as the big brother in this process, in the way that got associated with the identity cards agenda, but actually as a little brother, supporting, helping, providing some backup, and some lubrication from funding," said Maude.

Private-sector role

The ID Assurance scheme will use a number of private-sector organisations to provide federated identity services.

Citizens will authenticate themselves through identity providers to a 'distributed hub', linked to public services provision. The idea is to have a single sign-on which will authenticate people across multiple services.

The technological infrastructure is crucial, but if we can't get agreement on the standards, then this will not work.

   – Francis Maude, Cabinet Office

Maude said the programme will rely on the private sector, with government accreditation for the services' privacy and security standards.

"It will be the private sector that leads the innovation, creates the value, and drives forward the agenda," said Maude. "It's absolutely essential we create the environment so that the private sector wants to play that role, and is able to do it effectively."

Businesses will have to invest time and resources, said Maude. "I don't think it's about money, actually, this is about investment in kind," he told ZDNet UK. "This is about time, expertise, being willing to come together in groups, share knowledge and work together."

He said the priority for the Identity Assurance programme was to get the necessary standards in place to enable a secure federated identity scheme. "The key to this is standards," Maude told ZDNet UK. "The technological infrastructure is crucial, but if we can't get agreement on the standards, then this will not work."

The Identity Assurance programme is split into various workstreams, including standards and certification, legal, technology, privacy and commercial.

Mike Bracken, the government's executive director of digital services, is in charge of the scheme. He took up the position in July, and has been working on ID Assurance over the past month and a half.

Bracken said that government departments needed to start thinking of the wider picture of identity assurance.

"There are some great people thinking about identity, but they are thinking about it in departmental terms," Bracken told the conference.

Get the latest technology news and analysis, blogs and reviewsdelivered directly to your inbox with ZDNet UK'snewsletters.

Topics: Government UK, Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • Never a man to understand the word NO, our Francis
  • To be asked who you are is an invasion of your privacy. But you will release this information if it enables you to get something in return. The person (actual or legal) who receives your private information has a duty of trust, to use this information only for the purpose for which it was collected, and to destroy it as soon as it is not legally required to be kept. To extend this simple principle to other forms of credential, all the way to a unique digital identifier ( which may be locally verified using a photograph, or a biometric datastring derived from an iris scan or a fingerprint) no legal change is necessary. It is the unnecessary continuing storage of information to which the recipient has no right or need, which (correctly) raises hackles, precisely because this corpus of information, collected under false pretenses, may be (ab)used for other purposes at any time in the future, unbeknown to the citizen. Establish the citizens personal ownership of his own name, identity numbers, and credentials, and records, and criminalize categorically the misuse of information collected for other purposes, and you have a data protection system which any citizen can benefit from, and not fear.