Assure Start Logo
Assure Start

UK Digital Identity and Attributes Trust Framework Gamma 0.4 Structure

This interactive icicle diagram represents the structure of the UK Digital Identity and Attributes Trust Framework (DIATF), illustrating its key sections and requirements. View the official GOV.UK documentation.

Note: For the best viewing experience, we recommend using a desktop device to explore this diagram.
View mode:

Loading diagram...

DIATF Structure as JSON 
                    {
  "name": "DIATF gamma 0.4",
  "children": [
    {
      "name": "5. Rules for identity service providers",
      "children": [
        {
          "name": "5.1 Creating a digital identity",
          "children": [
            {
              "name": "5.1.a Use GPG 45 methodology"
            },
            {
              "name": "5.1.b Share information with relying parties"
            },
            {
              "name": "5.1.c Map third-party components to GPG 45"
            },
            {
              "name": "5.1.d Agree confidence levels"
            }
          ]
        },
        {
          "name": "5.2 Accepting expired documents",
          "children": [
            {
              "name": "5.2.a Follow specific rules for expired documents"
            }
          ]
        }
      ]
    },
    {
      "name": "6. Rules for attribute service providers",
      "children": [
        {
          "name": "6.1 Creating attributes",
          "children": [
            {
              "name": "6.1.a Follow guidance on attribute creation"
            },
            {
              "name": "6.1.b Link attributes reliably"
            }
          ]
        },
        {
          "name": "6.2 Assessing attribute quality",
          "children": [
            {
              "name": "6.2.a Have quality assessment method"
            },
            {
              "name": "6.2.b Share quality information"
            }
          ]
        }
      ]
    },
    {
      "name": "7. Rules for holder service providers",
      "children": [
        {
          "name": "7.1 Holding identities and attributes",
          "children": [
            {
              "name": "7.1.a Store information securely"
            },
            {
              "name": "7.1.b Clear communication with relying parties"
            }
          ]
        },
        {
          "name": "7.2 Reusing verified identities",
          "children": [
            {
              "name": "7.2.a Store for repeated assertion"
            },
            {
              "name": "7.2.b Show confidence levels"
            }
          ]
        },
        {
          "name": "7.3 Managing user accounts",
          "children": [
            {
              "name": "7.3.a Account management processes"
            },
            {
              "name": "7.3.b Account closure rules"
            },
            {
              "name": "7.3.c Terms violation processes"
            },
            {
              "name": "7.3.d Reverify inactive identities"
            }
          ]
        }
      ]
    },
    {
      "name": "8. Rules for orchestration providers",
      "children": [
        {
          "name": "Follow rules in Part 3"
        }
      ]
    },
    {
      "name": "9. Rules for component providers",
      "children": [
        {
          "name": "9.1 GPG Components",
          "children": [
            {
              "name": "9.1.1.a Follow identity provider rules"
            },
            {
              "name": "9.1.1.b Share failure information"
            },
            {
              "name": "9.1.2.a Demonstrate GPG 44 mapping"
            },
            {
              "name": "9.1.2.b Share quality information"
            }
          ]
        }
      ]
    },
    {
      "name": "10. Rules for all providers",
      "children": [
        {
          "name": "10.1 Inclusivity",
          "children": [
            {
              "name": "10.1.a Make service inclusive"
            },
            {
              "name": "10.1.b Comply with Equality Act"
            }
          ]
        },
        {
          "name": "10.2 Accessibility",
          "children": [
            {
              "name": "10.2.a Follow accessibility requirements"
            },
            {
              "name": "10.2.b Welsh language compliance"
            },
            {
              "name": "10.2.c Ensure service accessibility"
            }
          ]
        }
      ]
    },
    {
      "name": "11. Operational requirements",
      "children": [
        {
          "name": "11.1 Business probity",
          "children": [
            {
              "name": "11.1.a Maintain framework reputation"
            },
            {
              "name": "11.1.b Accurate certification status"
            },
            {
              "name": "11.1.c Prove legitimate entity status"
            }
          ]
        },
        {
          "name": "11.3 Staff and resources",
          "children": [
            {
              "name": "11.3.a Staff competency management"
            },
            {
              "name": "11.3.b Industry standards compliance"
            },
            {
              "name": "11.3.c Senior Responsible Officer"
            }
          ]
        },
        {
          "name": "11.6 Information security",
          "children": [
            {
              "name": "11.6.a Security management system"
            },
            {
              "name": "11.6.b CIA Triad principles"
            },
            {
              "name": "11.6.c Document security controls"
            }
          ]
        }
      ]
    },
    {
      "name": "12. Service requirements",
      "children": [
        {
          "name": "12.1 Interoperability",
          "children": [
            {
              "name": "12.1.1.a Use trust framework schema"
            },
            {
              "name": "12.1.2.a Validate message integrity"
            },
            {
              "name": "12.1.3.a Provide identification info"
            }
          ]
        },
        {
          "name": "12.3 Encryption",
          "children": [
            {
              "name": "12.3.a Meet minimum requirements"
            },
            {
              "name": "12.3.b Assess implementation risks"
            },
            {
              "name": "12.3.c Industry standard controls"
            }
          ]
        },
        {
          "name": "12.7 Privacy and data protection",
          "children": [
            {
              "name": "12.7.a Follow data protection laws"
            },
            {
              "name": "12.7.e Meet key requirements"
            }
          ]
        }
      ]
    },
    {
      "name": "13. Register of services",
      "children": [
        {
          "name": "13.1 Register presence",
          "children": [
            {
              "name": "13.1.a Comply with OfDIA checks"
            },
            {
              "name": "13.1.b Follow amendment process"
            }
          ]
        },
        {
          "name": "13.2 Withdrawal and removal",
          "children": [
            {
              "name": "13.2.a Follow withdrawal process"
            },
            {
              "name": "13.2.b Understand removal conditions"
            },
            {
              "name": "13.2.c Provider removal rules"
            }
          ]
        }
      ]
    }
  ]
}