Vlog: What the UK Government Digital Identity and Attributes Trust Framework Certification Means for 1Kosmos

Hi, Rob MacDonald here, vice president of product marketing at 1Kosmos, and welcome to our vlog.

Today, I’ve got Huzefa with us, our co-founder and COO. How you doing today, Huzefa?

Very good, Robert. Very good to see you. It’s been a while.

It has been a while. I guess the unfortunate thing of working remotely, we don’t get to see each other more often. But, welcome.

Today, we want to talk a little bit about one of our latest announcements. So we just announced a new certification by the Kantara Initiative and it’s for the UK Digital Identity and Attributes Trust Framework. So for those of you that know the acronym, that’s UK D-I-A-T-F. I know you had a lot to do with that so why don’t you tell me a little bit about what that framework, the UK Digital Identity and Attributes Trust Framework is all about?

No, absolutely. So the UK Digital Identity Attribute Trust Framework came into existence a few years back and it was a standard that has been designed by the UK government, primarily designed that’s just not for corporations, but for regular citizens where any time if you want to hire somebody, if you’re renting an individual or any kind of a background service they’re providing, which requires a user to be proofed, how do you do it based on standards?

Okay, right.

This is a very good development in general because traditionally we’ve all been used to the NIST standard here in the United States. I know it’s been more widely being adopted as well.

Now local governments are creating their own standard for identity proofing. Yeah. So we saw that, we said, you know, our friends at Kantara were the ones who were reviewing and approving vendors who wanted to sign up for the standards. So we went through that process and came through it.

Awesome. So are there specific specifications that we’re certified to against that framework?

Yes. So there are specifications around how you would proof an individual, what are the different levels that would go with respect to it. And we have subscribed to a level which will require a user to scan one of their digital documents, take a live selfie, and prove that cryptographically that we have a secure credential for a specific user.

Okay, cool.

And since UK, how do you make sure that you are keeping the data very secure on our end as well?

Great. Fair enough. So what does that certification in general say about our platform?

This is something that we have looked at it just from the inception of the company. Don’t just build technologies, but do it based on standards as well.

I believe our first certification that we signed up for was for the NIST 800-63-3. We are very much into the weeds of the revision four, which is coming out, too. We saw the UK standard that was developed and then we signed up for it. And I don’t want to peel the curtain a lot, but we are involved in a lot of new standards that are coming across the globe as well, right?

So at 1Kosmos, we want to prove that who the individual is behind the device. To do that, you have to effectively proof a user and you have to do that based on standards as well.

Fair enough. So we continue to add a lot of certifications to our list. We’ve got a whole webpage dedicated to it on our website. We’ve got corporate certifications like ISO and SOC 2. We’ve got product certifications like NIST, FIDO, and iBeta. What does this certification mean to us as an organization?

Yeah, we love certifications. We have a lot of time to go through the certifications.

I mean that’s important, right? It’s important because have different geographies, you want to make sure that those users understand that what we are providing, that this particular technology has been vetted, vetted by their local government based on their standards as well. So I think it’s extremely important, specifically in this case for the UK market, that we are providing a digital identity platform that has been proofed, verified and not just a set of capabilities that are available for them to use.

Fair enough. And that kind of leads into my next question. It is probably more important than the last, but what do these certifications mean to our partners? What does it mean to our customers and even future partners and customers of 1Kosmos?

Yeah. So anybody, so I’m talking specifically with respect to the UK certification that we have, right? If you are an entity in UK, especially if you are in the public service area, and if you have citizens that need to be proofed or even if you’re in the private sector and you are looking to hire individuals and you want to do that based on a company that is subscribing to these standards, a company that can prove those individual users and securely have them provide access to whatever service that they would like, they can sign up with us.

And what we would then allow to do is these individuals have been proved, have been verified based on this particular standard, this is a result of what the proofing is, we would then provide it to that particular service as well.

Cool. So what is it about our platform that enables us to meet these seemingly pretty stringent guidelines in your opinion?

I would say that our platform has been very, very modular, right? So anybody who’s new to this particular podcast, we provide a set of different capabilities, identity proofing, using that particular identity to give secure access to a variety of different systems by using user’s biometrics. And the third aspect of it is to create a digital identity wallet, which will allow a user to be in control of their identity and share their attributes to whatever service that they would like.

What this has allowed us to do is that every specific capability, we have pretty modular where if there are certain standards, if there are certain capabilities that we need to prescribe to, it’s fairly easy for us to make that available as well.

Cool. Okay. So thank you for all that, by the way.

What’s next for 1Kosmos? I mean, like I said earlier, we kind of touched on it briefly, some of the other certifications we have, but what’s next in line for us?

More certifications.

Continue to update the website, Rob, okay.

We’re going through FedRAMP right now. Hopefully we will go through that process fairly soon.

I alluded to this earlier, but there are more government-based standards that are coming up and we are looking to prescribe to that. We are looking to get certified against them as well, not just in US and North America or in UK, but we’re talking about Asia and other parts of Europe as well. So just stay tuned, right? These are developments that are happening and we’ll be looking forward to announce them soon.

Awesome. Listen, Huzefa, thank you for taking the time to talk to us about the certification today. This is pretty awesome news and I look forward to talking to you about the next one.

Wonderful. Good catching up with you as well, Rob. Thanks.

Talk to you again.