Step 1: Initial Identity Proofing

A citizen selects an application (e.g. a web-based form) offered by a certified identity provider (IDP), and enters the data requested by the IDP to prove their identity.

The IDP completes a due diligence process on the data entered by the citizen, confirms the citizen’s legal identity and creates an account for the citizen based on the digital identity being used (e.g. their email address).

The IDP prompts the citizen to set up their credentials (e.g. such as a password, secret or key) to govern access to the account. The IDP uses its chosen Metadata Service Provider (MSP) to write to the Fact Table, ‘pointing’ to the digital identity so that its service is discoverable by other applications.

Step 2: Accessing a Public Service

The citizen starts an application offered by government e-services (e.g. to file tax, apply for a driving license, etc.). The government application relies on certified IDPs to authenticate users and identify citizens.

The application uses its chosen MSP (which may be different to MSP used by the IDP) to read from the Fact Table that the digital identity being used by the citizen also has a proven legal identity, and therefore prompts the citizen to use the IDP service to authenticate themselves.

The government e-service relies on the due diligence already undertaken by the IDP and opens an account for the citizen, calling its MSP to write to the Fact Table the availability of attributes (e.g. tax code, driver's license, etc.) which it has authored as a result.

Step 3: Data Sharing Between Public Services

The citizen, having authenticated themselves using an IDP, is prompted by a second government e-service application to confirm information about themselves, required to determine if the citizen qualifies for a particular entitlement.

The information includes data or attributes that were authored by the first government e-service, so the second government application prompts the citizen to give consent for those attributes to be referenced, and uses its MSP to call for confirmation of them from the other government e-service providers.

An audit trail of the activity is recorded by the MSP on the Fact Table.

Step 4: Switching Bank Accounts

The same citizen begins the process to switch their primary bank account, and is asked to complete a lengthy account opening form by the website that she is using. Early in this process, the website requests her permission for the bank (which operates as its own MSP) to search the Fact Table for recent activity.

The citizen (now acting as a consumer of banking services) consents, and is presented with the option to use data already held by both the IDP and the two government applications to complete 75% of the form. Again, she gives her consent, checks the details are still correct and then quickly completes the remainder of the account opening form.

The bank opens a new bank account for the consumer, and also offers her a 'personal information management service' (PIMS) which acts as an agent by giving her control over her own data.

Step 5: Online Merchant

The consumer goes to an online retailer's website and selects some goods for purchase. The retailer uses a third party payment provider (TPP) to take payment. The TPP calls its chosen MSP to search the Fact Table to identify the consumer's primary bank, and prompts her to authenticate herself to the bank to confirm payment.

The bank retailer also requests access to 3 sets of information about the consumer: delivery details (such as address, options if out, etc.); account details (so that the retailer can register her as a customer) and marketing preferences (to allow the retailer to market to her).

The bank therefore prompts the consumer to use the PIMS application to give consent for the data to be accessed. The consumer gives her consent, and is able to complete her purchase quickly and easily.

Step 6: Change of Email Address

The consumer changes their primary email address, and notifies the bank using its PIMS application. The bank registers the change of email address. All the MSPs that are providing a 'watch' service notify their clients that there has been a change. Those clients (such as the online merchant) initiate their own workflow to confirm the change with the consumer.