The DSB proposes the following convention:
Data Holders should use a User Identifier within the CDR authentication flow that is consistent and familiar with their existing digital channel experiences.
This convention is supported by convention CDS-DC-0014: "Align CDR channel experiences to existing digital channel experiences".
The user identifier should be both consistently offered across the data holder's digital channels and familiar to existing customers.
Because the CDR authentication experience is managed and controlled within the boundary of the data holder's control, no part of their digital credential, including their user identifier, is ever shared with the ADR. This makes is safer and more secure for consumers and data holders alike.
Consistency and familiarity is important because customers can trust that the user identifier they are authenticating within the data holder's CDR channel is recognisable and expected since it is required for login and authentication services elsewhere across the data holder's digital channels. The purpose of this convention is to ensure consumers feel safe and trust that the experience they receive in the CDR is aligned to how they normally go about accessing their existing digital services.
If a data holder offers a different user identifier only for CDR purposes this would not be preferred unless there is a broader intention for the data holder to align their other digital channels to the CDR channel.