How GOV.UK Account works
The core GOV.UK account architecture includes:
- an authentication service
- an attribute store
In the future, the architecture should also include:
- a broker
- a preferences and consent management service
- a trust framework
- a fraud protection and monitoring service
Current architecture features
The authentication service handles:
- user registration
- two-factor authentication (2FA)
- user sign-ins
- password resets and confirmation emails
The attribute store is a centralised location that holds some common data about a user that every GOV.UK service might need.
Future architecture features
The broker is a service that all other services and the user interacts with and through.
The broker also blinds services from each other and makes sure services only access the personal data that users consent to sharing.
Preferences and consent management service
The preferences and consent management service:
- allows the user to control consent over how and when their data is shared
- gives the user a security trail of when and where their data was used
The trust framework ensures and guarantees the trust of the various interacting services.
Fraud protection and monitoring service
The fraud protection and monitoring service proactively identifies malicious or fraudulent behaviour and alerts developers and security professionals.
For more information on the GOV.UK Account architecture, see the:
- technical architecture behind a GOV.UK account blog
- GOV.UK Account technical architecture repo documentation.