Guidance

How to score attributes

Guidance for organisations certified against the UK digital identity and attributes trust framework as an 'attribute service provider'.

0.a. As an attribute service provider certified under the UK digital identity and attributes trust framework, you will usually score the attributes you create. This will make it easier for you to share them. 

0.b. You do not need to score attributes you create if: 

  • you are not going to share them; 

  • you have another way to show how reliable and secure they are; or 

  • the organisation you are sharing them with does not need them. 

0.c. When you assign the scores, you will: 

0.d. Most organisations will use an automated system to record these scores. 

1. About scoring 

1.a. The UK digital identity and attributes trust framework  uses scoring to let people compare attributes quickly and easily. 

1.b. Because the trust framework is based on outcomes, not approaches, there are several ways to meet its requirements. This means the metadata organisations use will not always be consistent. For example, you can use various standards when you check if an attribute could have been tampered with

1.c. Relying parties and other attribute consumers cannot be expected to know all the standards and technologies that attribute service providers can use. Using a scoring system means that attribute consumers can be confident the attributes they get will meet their needs. 

1.d. The exact scoring requirements for attributes will depend on how they are going to be used. For example, an online shop might: 

  • accept low-scoring attributes when they add someone to their mailing list; or 

  • need higher scoring attributes to sell an age-restricted item. 

2. How scoring works 

2.a. Give the attribute one score for each of the checks in this guidance. 

2.b. Some attributes will meet the requirements of more than one score in a check. When that happens, choose the highest score that applies. 

2.c. The only time you might need to add any of the scores together is when you show how you have bound an attribute

2.1. Recording scores 

2.1.a. Record the scores in the attribute’s metadata. Use a separate field for each score. 

2.1.b. Scores do not replace any other entries in the metadata. 

2.2. Minimum scores and other requirements 

2.2.a. Whoever you are sharing your attributes with should tell you the minimum scores that they will accept. 

2.2.b. They can also set other requirements for the attributes you have created, along with any existing attributes from other providers that you used. For example, they could ask you to make sure they were last updated within the past 3 months

3. Check if the attribute is in the right format 

3.a. Some attributes will need to fit a standard format or have other limits. For example, someone’s date of birth cannot be 23/101/1980 or 32/10/1980. 

3.b. Attributes with a standard format include: 

  • UK postcodes; 

  • mobile phone numbers; and 

  • unique identifiers (such as account numbers) from some organisations. 

3.c. Attributes can be inconsistent for several reasons. Someone might have: 

  • made a mistake; 

  • deliberately given a false attribute, for example by saying their phone number is 00000 000 000; or 

  • had a reason for using an unexpected format, for example if their preferred title was not shown as an option in a form. 

3.d. There is no score for this check. 

3.e. If an attribute is not in the format you expect, try to find out why it is inconsistent or ask for another version. If you cannot do that and decide not to use or share the attribute, you do not have to continue scoring it. 

4. Show how reliable the attribute is 

4.a. To measure how reliable the attribute is, you will use checks to show: 

4.1. Check the accuracy of the attribute 

4.1.a. This score shows how confident you are that an attribute is correct. 

4.1.1. Confirming the attribute with other sources 

4.1.1.a. One way to increase your confidence in an attribute is to check it with an authoritative source. You can do this by asking them to confirm the details in the attribute they hold are the same as in yours. 

4.1.1.b. You can also do this by seeing evidence of the attribute they hold.

Example 

A library asks people to prove their home address before they join. One way someone can do this is by showing a utility bill that includes their address. 

Before you accept any evidence, you must do an extra step to check the evidence is genuine or valid. This will give you a ‘validity score’ between 1 and 4.

4.1.1.c. A higher validity score will give you a higher confidence score for the attribute. 

4.1.2. Score 0 

4.1.2.a. Give the attribute a score of 0 if it is a ‘self-asserted’ attribute. This means it is been given to you by the person or organisation it belongs to and has not been checked with any other source.

Example 

A nationwide restaurant chain offers people a free dessert on their birthday. To get a voucher for a dessert, you submit a form on their website and tell them when your birthday is. They do not ask for evidence or check the date with any other sources.

4.1.2.b. You should also give the attribute a score of 0 if you have seen 1 or more pieces of evidence and could not give any of them a validity score. 

4.1.3. Score 1 

4.1.3.a. Give the attribute a score of 1 if you have seen 1 piece of evidence with a validity score of 1. 

4.1.4. Score 2 

4.1.4.a. Give the attribute a score of 2 if you have either: 

  • confirmed the attribute with 1 authoritative source; 

  • seen 1 piece of evidence with a validity score of 2; or 

  • seen 2 or more pieces of evidence with a validity score of 1. 

4.1.4.b. You should also give the attribute a score of 2 if it is contact details that you have confirmed yourself.

Example 

A dating app sends users an authentication email before it will let them set up a profile. The email asks them to click on an activation link, which proves they have access to the email address they provided. 

This means people are less likely to create a profile using the wrong email address by accident. It also makes it harder to sign someone else’s email address up for a service they might not want.

4.1.5. Score 3 

4.1.5.a. Give the attribute a score of 3 if you have either: 

  • confirmed it with 2 or more authoritative sources; 

  • seen 1 or more pieces of evidence with a validity score of 3; or 

  • seen 2 or more pieces of evidence with a validity score of 2. 

4.1.6. Score 4 

4.1.6.a. Give the attribute a score of 4 if you either: 

  • are the authoritative source; or 

  • have seen 1 or more pieces of evidence with a validity score of 4. 

4.2. Check if the attribute could have been tampered with 

4.2.a. This score shows how confident you are that nobody has made unauthorised changes to the attribute or its metadata. 

4.2.b. This score covers the time since you created or collected the attribute. 

4.2.c. If you have evidence that an attribute has been tampered with at any time, stop scoring it and do not share it. 

4.2.1. Score 1 

4.2.1.a. Give the attribute a score of 1 if it has been stored or shared in a way that cannot guarantee its integrity has been protected. For example, give it a score of 1 if it has ever been: 

  • stored in a spreadsheet without password protection or version history; 

  • sent using an insecure internet connection; or 

  • kept in an unlocked cupboard or desk drawer. 

4.2.2. Score 2 

4.2.2.a. Give the attribute a score of 2 if you have collected, stored and shared it in a way that protects its integrity. 

4.2.2.b. For example, you can give the attribute a score of 2 if you or your organisation follow the National Cyber Security Centre’s 10 steps to cyber security

4.2.3. Score 3 

4.2.3.a. Give the attribute a score of 3 if you have always collected, stored and shared it in a way that meets recognised standards or principles for managing information security risk. For example, give it a score of 3 if your organisation follows ISO/IEC 27001

5. Show how you have bound the attribute 

5.a. You usually need to bind an attribute to a person or organisation before you share or use it. 

5.1. Check the bonds you have created 

5.1.a. This score shows how you bound the attribute. It will depend on: 

  • what you used as an ‘identifying attribute’; and 

  • how well you bound it to the person or organisation that it is about. 

5.1.b. You can choose if you want to check the claimed identity or use an authenticator as part of the binding process. If you do not do either, you can only give the bond a score of 0 or 1. 

5.1.c. You might have used 2 or more processes to bind the attribute. If you did, score each process and combine the scores. Record the total as the score for this check. 

5.1.1. Score 0 

5.1.1.a. The bond will get a score of 0 if you have not checked that the attribute relates to the person or organisation. 

5.1.1.b. Give the bond a score of 0 if you tried to bind the attribute without a unique identifying attribute, even if you used information that is unique in your dataset.

Example 

Someone’s hair colour would get a score of 0 because a lot of people will have the same attribute. Even if a make-up artist only has one customer with red hair, using ‘red hair’ as the only identifying attribute in their records would get a score of 0.

5.1.1.c. You should also give the bond a score of 0 if the identifying attribute can easily be transferred between people.

Example 

Someone who has an access all areas (AAA) pass for a concert can go into any part of the venue, including backstage. AAA passes for some venues come on a lanyard, rather than a sticker or wristband, and they do not include photos. This means that someone who is named on one could give it to someone else.

5.1.1.d. A score of 0 means it would be easy for someone to ‘match’ the attribute if they are not bound to it. You will not usually share attributes with a binding score of 0. 

5.1.2. Score 1 

5.1.2.a. The bond will get a score of 1 if there is some connection between the person or organisation and the identifying attribute. 

5.1.2.b. Give the bond a score of 1 if any of the following are true: 

  • you used a unique reference number as the identifying attribute; 

  • it involves a low quality authenticator

  • you have low confidence in the identity you are binding the attribute to; and 

  • the identity you are binding the attribute to was created based on evidence that scores 1 for validation. 

5.1.2.c. A score of 1 means it would be reasonably easy for someone to be bound to the attribute even if it does not relate to them. 

5.1.3. Score 2 

5.1.3.a. The bond will get a score of 2 if there is a medium strength connection between the person or organisation and the identifying attribute. 

5.1.3.b. Give the bond a score of 2 if any of the following are true: 

  • it involves a medium quality authenticator

  • you have medium confidence in the identity you are binding the attribute to; and 

  • the identity you are binding the attribute to was created based on evidence that scores 2 for validation. 

5.1.4. Score 3 

5.1.4.a. The bond will get a score of 3 if there is a strong connection between the person or organisation and the identifying attribute. 

5.1.4.b. Give the bond a score of 3 if any of the following are true: 

  • it involves a high quality authenticator

  • you have high confidence in the identity you are binding the attribute to; and 

  • the identity you are binding the attribute to was created based on evidence that scores 3 for validation. 

5.1.5. Score 4 

5.1.5.a. The bond will get a score of 4 if there is a very strong connection between the person or organisation and the identifying attribute. 

5.1.5.b. Give the bond a score of 4 if either: 

  • you have very high confidence in the identity you are binding the attribute to; or 

  • the identity you are binding the attribute to was created based on evidence that scores 4 for validation. 

5.1.6. Combining scores 

5.1.6.a. If you used more than one binding process, add the score for each bind together.

Example 

If you created an attribute that has a unique reference number (score 1) and checked the identity of the person to medium confidence (score 2), you would get an overall score of 3.

6. Show how you have matched the attribute 

6.a. You might need to match an attribute to a person or organisation before you share or use it. These checks show how confident you are that you have matched an existing attribute to the correct person or organisation.

Example 

A relying party asks you to send them the insurance policy for Gemma Taylor. Because you hold attributes for several people named ‘Gemma Taylor’, you will use matching to make sure you send the right one.

6.1. Confirming the attribute belongs to the person or organisation 

6.1.a. One way to increase your confidence in a match is to check the person or organisation who is being matched is the same as the one being described in the attribute. 

6.1.b. You can do this by asking them to do a ‘verification check’ based on the information in the attribute. This will give you a ‘verification score’ between 1 and 4.

Example 

The ticket machine at a train station asks people to type in the booking reference number they were given when they bought a ticket online. They will need to type this into a free text field before they can collect their ticket.

6.1.c. A higher verification score will give you a higher matching score for the attribute. 

6.2. Check the matching you have done 

6.2.a. You can choose if you want to check the claimed identity or use an authenticator as part of the matching process. If you do not do either, you can only give the match a score of 0 or 1. 

6.2.1. Score 0 

6.2.1.a. Give the match a score of 0 if there is no connection between the person or organisation and the attribute. 

6.2.2. Score 1 

6.2.2.a. The match will get a score of 1 if there is a connection between the person or organisation and the attribute. 

6.2.2.b. Give the match a score of 1 if you matched the person or organisation to the attribute using either: 

6.2.2.c. You can also give the match a score of 1 if both of the following apply: 

  • you have low confidence in the person or organisation’s identity; and 

  • the binding score for the attribute is at least 1 (or, if there is no binding score, you know the person or organisation who bound the attribute had at least low confidence in the person or organisation’s identity). 

6.2.2.d. A score of 1 means it would be reasonably easy for someone to match to the attribute even if it does not relate to them. 

6.2.3. Score 2 

6.2.3.a. Give the match a score of 2 if you matched the person or organisation to the attribute using either: 

6.2.3.b. You can also give the match a score of 2 if both of the following apply: 

  • you have at least medium confidence in the person or organisation’s identity; and 

  • the binding score for the attribute is at least 1. 

6.2.4. Score 3 

6.2.4.a. Give the match a score of 3 if you matched the person or organisation to the attribute using either: 

6.2.4.b. You can also give the match a score of 3 if both of the following apply: 

  • you have at least high confidence in the person or organisation’s identity; 

  • the binding score for the attribute is at least 2. 

6.2.5. Score 4 

6.2.5.a. Give the match a score of 4 if you matched the person or organisation to the attribute using a verification check based on the attribute that scores 4. 

6.2.5.b. You can also give the match a score of 4 if both of the following apply: 

  • you have very high confidence in the person or organisation’s identity; and 

  • the binding score for the attribute is at least 3.

Updates to this page

Published 25 November 2024

Sign up for emails or print this page