RealMe assertion service
RealMe® assertion service provides the means for a customer to prove personal information online. At present, we offer verified identity (name, date and place of birth, gender) and verified residential address. Over time, other attributes will be included such as citizenship, visa status and key professional qualifications. The service is often referred to as RealMe verified identity as this is usually the most essential set of personal data.
Organisation benefits include:
- no need to incorporate an in-person or third party capability for verifying personal information for use online
- high strength attribute verification is guaranteed by real-time access to the authoritative source record
- provide customers with a verify once - use online many time experience
The RealMe assertion service is available to organisations in the wider government sector and to approved organisations in the private sector such as financial institutions.
If your organisation wants to maximise use of the online channel and needs strong proof of your customer's identity and other personal details before services can be provided, then the RealMe assertion service may be a good fit. See more information on the RealMe website about business use(external link) of the assertion service.
Combining RealMe login service and RealMe assertion service
There is no direct link between a RealMe login and a RealMe assertion. For most online services, the user will authenticate many times, but only verify their identity, address or other attributes once at registration or perhaps at infrequent intervals when circumstances change. In almost all online service scenarios, an assertion will take place in a managed session to protect the personal information being shared by the customer.
For private sector organisations, that are not able to use RealMe login, the website would use its internal username and password to authenticate the customer.
For government agencies, there are two likely use cases:
- Log in and assert - in the registration process, the first step for the applicant is to log in, and possibly provide some initial personal information. At the point when the agency process requires identity, address or other attributes, the user is given the choice of completing this online via RealMe assertion service or using a non-online manual process. For many agencies' online services, the registration can be completed with a low strength, username and password login. When the user chooses to use the RealMe assertion service, they need to be authenticated at moderate strength - a two-factor login involving an SMS code, Google Authenticator or token. Logging in as the first step of registration is usually the simplest approach, but the user may need to log in again to complete the assertion.
- Assert and log in - in the registration process, the first step is for the applicant to choose whether they want to verify online via RealMe assertion service or use a non-online manual process. When the user chooses to use the RealMe assertion service they are authenticated at moderate strength. This initial authentication can be seamlessly extended to the agency session so that the registering user does not have to reauthenticate. Asserting as the first step of registration can be a more complex process to implement, but may be an easier flow for the user.