Looks like, walks like, talks like...
It is nice to see UK being 10 years technologically behind Eastern Europe and 15+ behind Benelux, Scandinavia and the Baltic states.
I used the equivalent Bulgarian system for 5 years or thereabouts as it was the only means to get to my bank account (switched to a bank issued token later on as less hassle).
0. It also has (same as the similar systems in nordics, etc) acceptance outside govt and use outside govt.
1. There was no federated hub as there is no reason for a f*** federated hub. A x509 cert is more than sufficient to identify a user.
2. There were multiple possible lookup access levels to pull data on the user from the LDAP maintained by 3rd party providers depending on who you are. _NONE_ usable for impersonation as the private key was with the user and never left the crypto token.
3. It was good for access to a range of services (nearly 10 years ago) including tax and the digital signature (standard detached x509 sig) was deemed good enough for anything and everything - including title deeds and court documents.
4. Even that far back it was at least 1024 RSA if not even 2048.
5. The authentication was upon connection via https via client certs so no MiMs, no hijacking, etc.
So my congratulations to the great technological achievement of the UK govt digital service. You have now failed to be only 10 years behind Bulgaria (as their service was actually working and was not backdoored). No comment on where we stand relative to the Baltics or Scandinavia as the difference there is like the difference between a go cart and the USS Enterprise.
As far as the hub - other countries have delivered this without a backdoor, so having the backdoor in the design looks like it was intended for the exact purpose being denied for PR reasons.