How to score attributes
Updated 2 August 2021
As an attribute provider (also known as an ‘attribute service provider’) in the UK digital identity and attributes trust framework, you’ll usually score the attributes you create. This will make it easier for you to share them.
You do not need to score attributes you create if:
- you’re not going to share them
- you have another way to show how reliable and secure they are
- the organisation you’re sharing them with does not need them
When you assign the scores, you will:
- check if the attribute is in the right format
- show how reliable the attribute is
- show how you’ve bound the attribute
- show how you’ve matched the attribute
Most organisations will use an automated system to record these scores.
About scoring
The UK digital identity and attributes trust framework uses scoring to let people compare attributes quickly and easily.
Because the trust framework is based on outcomes, not approaches, there are several ways to meet its requirements. This means the metadata organisations use will not always be consistent. For example, you can use various standards when you check if an attribute could have been tampered with.
Relying parties and other attribute consumers cannot be expected to know all the standards and technologies that attribute providers can use. Using a scoring system means that attribute consumers can be confident the attributes they get will meet their needs.
The exact scoring requirements for attributes will depend on how they’re going to be used. For example, an online shop might:
- accept low-scoring attributes when they add someone to their mailing list
- need higher scoring attributes to sell an age-restricted item
How scoring works
Give the attribute one score for each of the checks in this guidance.
Some attributes will meet the requirements of more than one score in a check. When that happens, choose the highest score that applies.
The only time you might need to add any of the scores together is when you show how you’ve bound an attribute.
Recording scores
Record the scores in the attribute’s metadata. Use a separate field for each score.
Scores do not replace any other entries in the metadata.
Minimum scores and other requirements
Whoever you’re sharing your attributes with should tell you the minimum scores that they will accept.
They can also set other requirements for the attributes you’ve created, along with any existing attributes from other providers that you used. For example, they could ask you to make sure they were last updated within the past 3 months.
Check if the attribute is in the right format
Some attributes will need to fit a standard format or have other limits. For example, someone’s date of birth cannot be 23/101/1980 or 32/10/1980.
Attributes with a standard format include:
- UK postcodes
- mobile phone numbers
- unique identifiers (such as account numbers) from some organisations
Separate guidance on standard formats will be available in the future.
Attributes can be inconsistent for several reasons. Someone might have:
- made a mistake
- deliberately given a false attribute, for example by saying their phone number is 00000 000 000
- had a reason for using an unexpected format, for example if their preferred title was not shown as an option in a form
There’s no score for this check.
If an attribute is not in the format you expect, try to find out why it’s inconsistent or ask for another version. If you cannot do that and decide not to use or share the attribute, you do not have to continue scoring it.
Show how reliable the attribute is
To measure how reliable the attribute is, you’ll use checks to show:
Check the accuracy of the attribute
This score shows how confident you are that an attribute is correct.
Confirming the attribute with other sources
One way to increase your confidence in an attribute is to check it with an authoritative source. You can do this by asking them to confirm the details in the attribute they hold are the same as in yours.
You can also do this by seeing evidence of the attribute they hold.
Example A library asks people to prove their home address before they join. One way someone can do this is by showing a utility bill that includes their address.
Before you accept any evidence, you must do an extra step to check the evidence is genuine or valid. This will give you a ‘validity score’ between 1 and 4.
A higher validity score will give you a higher confidence score for the attribute.
Score 0
Give the attribute a score of 0 if it’s a ‘self-asserted’ attribute. This means it’s been given to you by the person or organisation it belongs to and has not been checked with any other source.
Example A nationwide restaurant chain offers people a free dessert on their birthday. To get a voucher for a dessert, you submit a form on their website and tell them when your birthday is. They do not ask for evidence or check the date with any other sources.
You should also give the attribute a score of 0 if you’ve seen 1 or more pieces of evidence and could not give any of them a validity score.
Score 1
Give the attribute a score of 1 if you’ve seen 1 piece of evidence with a validity score of 1.
Score 2
Give the attribute a score of 2 if you’ve either:
- confirmed the attribute with 1 authoritative source
- seen 1 piece of evidence with a validity score of 2
- seen 2 or more pieces of evidence with a validity score of 1
You should also give the attribute a score of 2 if it’s contact details that you’ve confirmed yourself.
Example A dating app sends users an authentication email before it will let them set up a profile. The email asks them to click on an activation link, which proves they have access to the email address they provided.
This means people are less likely to create a profile using the wrong email address by accident. It also makes it harder to sign someone else’s email address up for a service they might not want.
Score 3
Give the attribute a score of 3 if you’ve either:
- confirmed it with 2 or more authoritative sources
- seen 1 or more pieces of evidence with a validity score of 3
- seen 2 or more pieces of evidence with a validity score of 2
Score 4
Give the attribute a score of 4 if you either:
- are the authoritative source
- have seen 1 or more pieces of evidence with a validity score of 4
Check if the attribute could have been tampered with
This score shows how confident you are that nobody has made unauthorised changes to the attribute or its metadata.
This score covers the time since you created or collected the attribute.
If you have evidence that an attribute has been tampered with at any time, stop scoring it and do not share it.
Score 1
Give the attribute a score of 1 if it’s been stored or shared in a way that cannot guarantee its integrity has been protected. For example, give it a score of 1 if it’s ever been:
- stored in a spreadsheet without password protection or version history
- sent using an insecure internet connection
- kept in an unlocked cupboard or desk drawer
Score 2
Give the attribute a score of 2 if you have collected, stored and shared it in a way that protects its integrity.
For example, you can give the attribute a score of 2 if you or your organisation follow the National Cyber Security Centre’s 10 steps to cyber security.
Score 3
Give the attribute a score of 3 if you’ve always collected, stored and shared it in a way that meets recognised standards or principles for managing information security risk. For example, give it a score of 3 if your organisation follows ISO/IEC 27001.
Show how you’ve bound the attribute
You usually need to bind an attribute to a person or organisation before you share or use it.
Check the bonds you’ve created
This score shows how you bound the attribute. It will depend on:
- what you used as an ‘identifying attribute’
- how well you bound it to the person or organisation that it’s about
You can choose if you want to check the claimed identity or use an authenticator as part of the binding process. If you do not do either, you can only give the bond a score of 0 or 1.
You might have used 2 or more processes to bind the attribute. If you did, score each process and combine the scores. Record the total as the score for this check.
Score 0
The bond will get a score of 0 if you have not checked that the attribute relates to the person or organisation.
Give the bond a score of 0 if you tried to bind the attribute without a unique identifying attribute, even if you used information that’s unique in your dataset.
Example Someone’s hair colour would get a score of 0 because a lot of people will have the same attribute. Even if a make-up artist only has one customer with red hair, using ‘red hair’ as the only identifying attribute in their records would get a score of 0.
You should also give the bond a score of 0 if the identifying attribute can easily be transferred between people.
Example Someone who has an access all areas (AAA) pass for a concert can go into any part of the venue, including backstage. AAA passes for some venues come on a lanyard, rather than a sticker or wristband, and they do not include photos. This means that someone who’s named on one could give it to someone else.
A score of 0 means it would be easy for someone to ‘match’ the attribute if they are not bound to it. You will not usually share attributes with a binding score of 0.
Score 1
The bond will get a score of 1 if there’s some connection between the person or organisation and the identifying attribute.
Give the bond a score of 1 if any of the following are true:
- you used a unique reference number as the identifying attribute
- it involves a low quality authenticator
- you have low confidence in the identity you’re binding the attribute to
- the identity you’re binding the attribute to was created based on evidence that scores 1 for validation
A score of 1 means it would be reasonably easy for someone to be bound to the attribute even if it does not relate to them.
Score 2
The bond will get a score of 2 if there’s a medium strength connection between the person or organisation and the identifying attribute.
Give the bond a score of 2 if any of the following are true:
- it involves a medium quality authenticator
- you have medium confidence in the identity you’re binding the attribute to
- the identity you’re binding the attribute to was created based on evidence that scores 2 for validation
Score 3
The bond will get a score of 3 if there’s a strong connection between the person or organisation and the identifying attribute.
Give the bond a score of 3 if any of the following are true:
- it involves a high quality authenticator
- you have high confidence in the identity you’re binding the attribute to
- the identity you’re binding the attribute to was created based on evidence that scores 3 for validation
Score 4
The bond will get a score of 4 if there’s a very strong connection between the person or organisation and the identifying attribute.
Give the bond a score of 4 if either:
- you have very high confidence in the identity you’re binding the attribute to
- the identity you’re binding the attribute to was created based on evidence that scores 4 for validation
Combining scores
If you used more than one binding process, add the score for each bind together.
Example If you created an attribute that has a unique reference number (score 1) and checked the identity of the person to medium confidence (score 2), you’d get an overall score of 3.
Show how you’ve matched the attribute
You might need to match an attribute to a person or organisation before you share or use it. These checks show how confident you are that you’ve matched an existing attribute to the correct person or organisation.
Example A relying party asks you to send them the insurance policy for Gemma Taylor. Because you hold attributes for several people named ‘Gemma Taylor’, you’ll use matching to make sure you send the right one.
Confirming the attribute belongs to the person or organisation
One way to increase your confidence in a match is to check the person or organisation who’s being matched is the same as the one being described in the attribute.
You can do this by asking them to do a ‘verification check’ based on the information in the attribute. This will give you a ‘verification score’ between 1 and 4.
Example The ticket machine at a train station asks people to type in the booking reference number they were given when they bought a ticket online. They will need to type this into a free text field before they can collect their ticket.
A higher verification score will give you a higher matching score for the attribute.
Check the matching you’ve done
You can choose if you want to check the claimed identity or use an authenticator as part of the matching process. If you do not do either, you can only give the match a score of 0 or 1.
Score 0
Give the match a score of 0 if there’s no connection between the person or organisation and the attribute.
Score 1
The match will get a score of 1 if there’s a connection between the person or organisation and the attribute.
Give the match a score of 1 if you matched the person or organisation to the attribute using either:
- a unique reference number
- a low quality authenticator
You can also give the match a score of 1 if both of the following apply:
- you have low confidence in the person or organisation’s identity
- the binding score for the attribute is at least 1 (or, if there’s no binding score, you know the person or organisation who bound the attribute had at least low confidence in the person or organisation’s identity)
A score of 1 means it would be reasonably easy for someone to match to the attribute even if it does not relate to them.
Score 2
Give the match a score of 2 if you matched the person or organisation to the attribute using either:
- a medium quality authenticator
- a verification check based on the attribute that scores 2
You can also give the match a score of 2 if both of the following apply:
- you have at least medium confidence in the person or organisation’s identity
- the binding score for the attribute is at least 1
Score 3
Give the match a score of 3 if you matched the person or organisation to the attribute using either:
- a high quality authenticator
- a verification check based on the attribute that scores 3
You can also give the match a score of 3 if both of the following apply:
- you have at least high confidence in the person or organisation’s identity
- the binding score for the attribute is at least 2
Score 4
Give the match a score of 4 if you matched the person or organisation to the attribute using a verification check based on the attribute that scores 4.
You can also give the match a score of 4 if both of the following apply:
- you have very high confidence in the person or organisation’s identity
- the binding score for the attribute is at least 3