using gov.uk verify for local authority multi service ... · photo driving licence 75% 52% credit...
TRANSCRIPT
USINGGOV.UKVERIFYFORLOCALAUTHORITYMULTISERVICEPORTALS
(ALPHAPROJECT)
WHITEPAPER
IanLitton
November2018
EXECUTIVE SUMMARY 1
INTRODUCTION 2
PROJECT DESIGN 5
WORK STREAM 1 - INFORMATION GOVERNANCE 5
WORK STREAM 2 - BUSINESS CASE 8
WORK STREAM 3 - INDUSTRY CONSULTATION 13
CONCLUSIONS AND RECOMMENDATIONS 17
APPENDIX A - PROJECT PARTICIPANTS 19
APPENDIX B - INITIAL USER INTERFACE DESIGNS 20
APPENDIX C - DRAFT TECHNICAL DESIGN 38
APPENDIX D - ORGANISATIONS ATTENDING CONSULTATION EVENTS 42
APPENDIX E - GLOSSARY OF TERMS 43
1
EXECUTIVESUMMARY
“ThisprojectisexcitingforPostOfficeinbeingabletodemonstratetheuseofVerify.Supportingmorecustomersbydiversifyingtherangeofdatasourcesavailabletomeethighgovernmentstandardsofidentityassurance.Itisimportanttomakeprovingidentityeasierforthosewiththincreditfiles,whilstretainingrobustandappropriatecheckstopreventidentityfraud.Doingthiswillsimplifyhowcustomerstransactdigitallywithlocalauthoritiesandhousingassociations,improvingtheprocessforeveryone.”PostOffice
Federatedidentityisapowerfulmechanismforincreasingcustomerconvenience,enhancingorganisationalefficiencyandtransformingthewayonlineservicesaredelivered.
IntheUKthereiscurrentlyonlyonefederatedidentitysolutionthatoffershighlyassuredcustomeridentitiesbackedupbyclear,agreedstandards.ThatsolutionisGOV.UKVerify.
TheGOV.UKVerifyregistrationisdesignedasafullyonlineprocess.Althoughthisoffersundeniablebenefits,thereisasignificantcohortofthin-filecustomerswhomaynothaveany,orasufficientdigitalfootprintincommerciallyavailabledatasourcestomeetthegovernmentstandardforGOV.UKVerifyregistration.
ThisAlphaproject,buildingonanOIXDiscoveryproject1,demonstrateshowtheuseofdatacollectedbylocalauthorities(LAs),madeavailabletoidentityproviders(IDPs),couldhelpotherwisethin-filecustomersregisterforaGOV.UKVerifyidentity.
WedemonstratethatLAshavesufficientlyrobustinformationgovernanceprocessesinplacetobeabletoprovidequalitydatatoIDPsforidentityproofingandverificationundertheVerifyscheme,andthatthisdatawouldbesufficienttohelpthemajorityofthin-filecustomersachieveaVerifyaccountatlevelofassurance2(LOA2).
WeshowthatthereisastrongbusinesscaseforLAstoadoptGOV.UKVerify,andthatthereisalsoabusinesscaseforIDPstouseLAdataintheidentityproofingandverificationprocess.
BasedonconsultationsconductedwithLAsandITsupplierstotheLAmarket,werecommendhowVerifyshoulddevelopinordertobetterservetheLAmarket.Wehavealsodevelopedanexamplecustomerjourney,basedonthoseconsultations,andproducedahigh-leveltechnicalsolution.1Seehttps://oixuk.org/wp-content/uploads/2017/02/Micro-Sources-of-Data-Final-.pdf
2
WeconcludethatLAdataprovidesavaluableandpracticalsolutiontomakingGOV.UKVerifyavailabletothewidestrangeofpotentialcustomers,andthataBetaprojectshouldbesetuptodemonstratethisinpractice,andtostimulatetheLAmarketforGOV.UKVerify.Therecentlysignedcontractsbetweengovernmentand5IDPspresenttheperfectopportunitytoachievethis,asthechangesbroadentheuseofVerifyandidentitystandardsbeyondpublicsector,akeyaspectforasuccessfulidentityassurancescheme,inawaythatalsobettermeetstheneedsofLAs.
INTRODUCTION
ThisWhitePaperdescribeshowdatacollectedlocally,bylocalauthorities(LAs),housingassociations(HAs)andsimilarorganisations,couldbeusedtoextendthereachofGOV.UKVerify.Inparticularthispaperaddressestheneedsof“thin-file”customerswhomaynothaveany,orsufficientdigitalfootprintincommerciallyavailabledatasourcestomeetthegovernmentstandardforidentityproofingandverificationasimplementedbyGOV.UKVerify.Thesepeopleareoftentheheaviestusersofpublicserviceswhowouldbenefitmostfromtransactingonline.LAscouldachievesignificantsavingsifthiscohortwereabletotransactdigitally.
Thethin-filecohortisasignificantprobleminthecontextofGOV.UKVerify.ThreeofthekeysourcesofdataavailabletoVerifyIDPsareUKpassports,UKdrivinglicences,andcreditreferencedata.Thefollowingtablehighlightsthepenetrationofpassports,drivinglicencesandcreditcardsforthegeneralpopulationcomparedtothoseonJobseeker’sAllowance(JSA):
GeneralPopulation JSA
Passport 80% 64%
PhotoDrivingLicence 75% 52%
CreditCard 56% 31%
Table1.Penetrationofpassports,drivinglicencesandcreditcardsforthegeneralpopulationcomparedtothoseonJobseeker’sAllowance(JSA)
PeopleonJSAaresignificantlylesslikelytohavethesekeypiecesofevidence.
3
Asaresult,therearekeycohortsofcitizenswhoareunabletosuccessfullyregisterwithaGOV.UKVerifyIDP.Thesecitizensaretypicallythepeoplewhoaretheheaviestusersofpublicservices,forwhomthebenefitsoftransactingonlinewouldbethegreatest.
ThisproblemhasbeenhighlightedrecentlyinrelationtoUniversalCredit.Only38%ofUniversalCreditclaimantswhoattempttouseGOV.UKVerifymanagetoregistersuccessfully2.Thiscomesatacosttoo.TheDepartmentforWorkandPensions(DWP)estimatesthatthemanualidentitychecksthatwillbenecessaryasaresultoflowregistrationrateswillreducetheirpotentialsavingsfromtheroll-outofGOV.UKVerifyby£40mover10years.
Toaddressthis“hardtoverify”or“thin-file”cohort,itisessentialtomakeawiderrangeofdatasources,coveringdifferenttypesofdata,availabletotheGOV.UKVerifyIDPs.ThisWhitePaperdemonstratesthatLAsareavaluableandpracticalsourceofsuchdata.Italsodemonstratesthatthereisacompellingbusinesscaseforlocalauthoritiesandotherorganisationstoadoptafederatedcitizenidentitysolutiontomeettheirstrategicobjectivesofdeliveringservicesmoreeffectively,efficiently,andcheaplythroughonlinechannels.
Federatedidentityisapowerfulmechanismforincreasingcustomerconvenience,enhancingorganisationalefficiencyandtransformingthewayonlineservicesaredelivered.Builttoagreed,interoperablestandards,afederatedidentitysystemcandeliverarangeofbenefits:
● acustomercentricidentitythatcangiveaccesstoawiderangeofservicesacrossthepublicandprivatesectors;
● sharedtrust,facilitatingaccesstoawiderangeofattributesforarelyingpartytoestablishcustomerentitlementandeligibility,withcustomerpermission;
● increasedsecurityandreducedlevelsoffraud;● financialsavingsfororganisationsandtheircustomers;● increasedconvenienceandreducedtransactionfrictionfororganisationsand
customers.
Withoutafederatedcitizenidentitysolutiondeliveringhighlevelsofassuranceandtrust,itisimpossibletoachievefullendtoenddigitaltransformationofhigherriskservicesandofmorecomplexservicesthatrequireeligibilitychecks.Eligibility
2SeetheNAOreportonRollingOutUniversalCredit,section3.21:https://www.nao.org.uk/wp-content/uploads/2018/06/Rolling-out-Universal-Credit.pdf.SeealsotheNovember2017minutesofthePrivacyandConsumerAdvisoryGroupmeeting,item3.Evenwithsupport,only1in5peoplewereabletoverifytheiridentityinatrialcarriedoutinCroydon.
4
checking,usingattributeexchange,requiresasharedtrustanchorforidentity,whichafederatedsystemprovides.
IntheUKthereiscurrentlyonlyonefederatedidentityschemethatiscapableofdeliveringthenecessaryhighleveloftrust,basedonanagreedsetofstandards,thatcandeliverallofthebenefitsoutlinedabove.ThatschemeisGOV.UKVerify.
ItisanexcitingtimeintheevolutionofGOV.UKVerify.InMay2018theGovernmentDigitalService(GDS)announcedtheirintentiontosupporttherolloutofhigh-levelgovernmentstandardsforidentityproofingandverificationintotheprivatesectorandtocontinuetosupportdevelopmentofanidentitymarketintheUKthatleadstothecreationofubiquitousdigitalidentity.InOctober20185IDPsenteredintonewcontractswithGovernmenttoenablethisdevelopment.ThisprovidesanidealopportunitytoextendthereachofGOV.UKVerify,butalsotoexplorehowGOV.UKVerifymightevolvetobettermeetthemarketneedsforfederatedidentity.ThisWhitePaperfeedsintothatdebate.
ThehypothesiswesetouttoinvestigateinthisprojectisthatlocalauthoritytransactiondatacouldbeusedbyIDPstoraisethelevelofassuranceofathin-filecustomer’sdigitalidentity,andenablenearlyalllocalauthoritycustomerstotakeadvantageofGOV.UKVerify.
Theprojectobjectiveswereto:
1. developanexampleservice,deliveredthroughtheEtiveDigitalLogBook(DLB),incorporatingGOV.UKVerify;
2. demonstratehowdataintheDLBcould,withtheuser’sconsent,bepassedtoanIDPinordertoelevatethelevelofassuranceassociatedwiththatuser’sGOV.UKVerifyidentity;
3. designatechnicalarchitecturethatenablestheabove;
4. addressthedatagovernanceissuesraisedinthepreviousEtiveOIXDiscoveryProject3andtoconfirmthat:
a. theprocessesandproceduresusedbythelocalauthoritiestoon-boardtheircustomersaresufficientlyrobusttoprovidereliableidentityevidencetoIDPs;
b. theevidenceavailablemeetstherequirementssetoutintheGovernment’sGoodPracticeGuidesforidentityproofingandverification;
3https://oixuk.org/wp-content/uploads/2017/02/Micro-Sources-of-Data-Final-.pdf
5
c. theevidenceavailableusefullycoverstheevidencecategoriescurrentlylackingforthehardtoreachclientgroupinquestion;
5. prepareabusinesscasetodemonstratethevaluethatlocalauthoritiesandotherrelyingpartiescouldderivefromtheircustomershavingaGOV.UKVerifyaccount,andthevalueIDPscouldderivefromaccesstoLAdata;
6. communicatetheprojectfindingstoLAsandtheirITsupplierstohelpspeeduptheunderstandingandadoptionofGOV.UKVerify.
PROJECTDESIGN
Therewere3mainprojectstreams:
1. InformationGovernance-assessingthequalityoflocalprocessesanddata,andhowwelltheymeasureuptotherequirementsofGoodPracticeGuide454;
2. BusinessCase-thebenefitsofadoptingGOV.UKVerifyasafederatedcitizenidentitysolutionforLAservices;
3. IndustryConsultation-raisingsupplierandlocalauthorityawarenessandunderstandingofGOV.UKVerify,andgainingfeedbackfromthesector.
Eachoftheseworkstreamsisdescribedinthesectionsbelow.
Wealsomodelledanexamplecustomerjourney,anddraftedatechnicalsolution.
InthecourseofthisprojectitbecameclearthattomeettheneedsofLAsandHAs,GOV.UKVerifyneedstoevolve.WehighlighthowGOV.UKVerifyneedstochangetobecomeamorecompletesolution.
Weconcludewithrecommendationsfornextsteps.
Arangeofstakeholderswereinvolvedintheworkstreams,includingLAsandrepresentativebodies,IDPs,ahubprovider,ITsupplierstotheLAmarket,andGDS.TheparticipantsandtherolestheyperformedintheprojectarelistedinAppendixA
WORKSTREAM1-INFORMATIONGOVERNANCE
AnearlierOIXDiscoveryprojectdescribedhowLAdatacouldbeusedbyGOV.UKVerifyIDPstoimproveregistrationratesforthin-filecustomers.TheAlphaprojectestablishedthatthedatacollectionprocessesinourparticipatingLAswererobustandwouldmeet
4Seehttps://www.gov.uk/government/publications/identity-proofing-and-verification-of-an-individual
6
thestandardssetoutintheGovernment’sGoodPracticeGuide45fordatasourcesusedforidentityproofingandverification.
INFORMATIONGOVERNANCEAPPROACH
AninformationcomplianceauditwasconductedwiththeLondonBoroughsofTowerHamlets(LBTH)andHackney(LBH)toreviewhowtheycarryoutidentityproofingandverificationatpresentinthecontextofapplicationstotheirsocialhousingregisters,andhowthismatchesuptotherequirementsofGoodPracticeGuide45-“Identityproofingandverificationofanindividual”.
Eachcouncil’swrittenprocedureswerereviewed.Wealsoobservedhowtheprocedureswereimplementedintheonestopshopsandback-officeoperationsdealingwithsocialhousingapplications.Fromthisengagementwiththecouncilswedevelopedideasonhowaself-certificationprocessmightworkforlocalsourcesofdata.
Anindustryconsultationeventoninformationgovernancewasheldinrelationtoidentityproofingandverification.FromthisaninformationcompliancereportwasproducedandreviewedbyGDSandtwooftheprojectIdPs.ThefullinformationcompliancereportisavailableontheOIXwebsite5.
INFORMATIONGOVERNANCEFINDINGS
ThekeyfindingsfromtheInformationGovernanceworkarethat:
1. theprocessesdocumentedandobservedarecapableofprovidingacomprehensivedatasourceforGOV.UKVerifyIDPs;
2. thereissufficientevidenceagainsttheIdentityProofingandVerification(IPV)elementsA,BandC,and,forsomeapplicants,IPV-E,tohelpachieveanLOA2Identity6;
3. theprocessesundertakencapturedatainamannerconsistentwitharatingof“strong”forthepurposesofusebyanIDPtocreateanLOA2identity,withtheadditionoftheIDP’saccesstoIPV-Drequiredmaterial,suchasDeaths,NationalChangeofAddressregister(NCOA),PoliticallyExposedPersonsregister(PEPS,SanctionsandFraud;
5https://oixuk.org/blog/2018/11/23/using-gov-uk-verify-for-local-authority-multi-service-portals-alpha-project/
6IPV-Arelatestothestrengthoftheidentityevidencepresented;IPV-Brelatestothevalidationoftheidentityevidence-isitgenuine?IPV-Crelatestotheverificationoftheidentityevidence-doesitbelongtothepersonwhoclaimsit?IPV-Drelatestocounterfraudmeasuresassociatedwiththeidentity.IPV-Erelatestoactivityhistoryassociatedwiththeidentity.
7
4. thedatabeingcollectedbytheLondonBoroughsofTowerHamletsandHackney,andtheprocessesinvolvedincapturingthatdata,areofsufficientqualitytobeusedintheidentityproofingandverificationundertakenbyIdentityProviderswithintheGOV.UKVerifyscheme.
AkeyfindingofthisprojectstreamisthattheLAsobservedmeetthenecessarydataandprocessstandardsrequiredtosupportGOV.UKVerifyidentityproofingandverification.Theseobservationsrelatetosocialhousingtransactions,butitislikelythatotherlocalauthorityprocesses,forexamplefinancialassessmentsforsocialcare,wouldalsoprovidedataofhighvalueintheidentityproofingandverificationprocess,althoughinlowervolumes.
Aself-certificationprocesscouldbedevelopedtohelpLAsassessiftheymeetthenecessarystandardstoprovidedataintotheGOV.UKVerifyidentityproofingandverificationprocess.Thisself-certificationschemewouldcoverthefollowingareas:
Writtenprocedures DoestheorganisationhaveformalwrittenproceduresforIDverification?Howarethesesignedoff?Whatisthereviewprocess?
Stafftraining Whattrainingdostaffreceiveinidentityproofingandverification,indocumentchecking,andinanti-fraudprocedures?Isregularrefreshertrainingdelivered?
Documentsacceptedasproofofidentityandeligibility
DoestherangeofdocumentsthatmustbepresentedmatchtherequirementofGPG45?
Policyonoriginaldocuments Whichdocumentsmustbepresentedintheiroriginalformat;whenarecopies/printsfromtheinternetaccepted?
Useofscanningdevices Arescanningdevicesusedtodetectfraudulentdocuments?Ifso,inwhatcircumstances?
Counterfraudmeasures Whatcounterfraudmeasuresaredeployede.g.creditrecordagencychecks,othercross
8
checks?
Qualityassuranceprocesses Dosupervisorscarryoutcross-checksandspotcheckstoensureprocessesarebeingfollowedcorrectly?
Facetofacechecks Arefacetofacecheckscarriedouttolinkindividualstoasserteddocuments(passports,drivinglicencesetc)?
Crosschecking Whatcross-checksaremadebetweendifferentdocumenttypese.g.benefitpaymentsintothebankaccountmatchthebenefitawardsnotice?
Relevantaccreditations Forexample,thelevelachievedagainsttheInformationGovernanceToolkit/DataSecurityandProtectionToolkit
Table2.Potentialelementsofaself-certificationprocessformicro-sourcesofidentitydata
TheseideaswouldbedevelopedfurtherinasubsequentBetaproject,butrelatedindustrysectorsalreadyhaveexperienceofself-certification(e.g.theOpenIDCertificationProgram,theOIXnetRegistry,andtScheme)fromwhichwecanlearnlessonsintermsoflegal,technical,andregistrationapproaches.
ItislikelythattheprovisionofLAdataintotheVerifyidentityproofingandverificationprocesswouldbecoveredbycontractualarrangementswiththeIDPs,toensurethenecessaryinformationgovernancestandardswereinforceattheLA.
Insummary,theAlphaprojectconfirmsthatlocallycollecteddataissuitabletobeusedintheGOV.UKVerifyidentityproofingandverificationprocess.
WORKSTREAM2-BUSINESSCASE
ThecoreofthisAlphaprojectisexploringhowlocallyhelddatacanhelpthin-fileusersverifythemselvesthroughGOV.UKVerifyIDPs.Itisimportanttotakeastepback,though,andexplorewhyhighlyassuredonlineidentitymakesbusinesssense.Whatisinitforlocalauthorities,theirpartnersandtheircustomers?WhatisinitforIDPs?WhatadditionalbenefitdoestheEtiveDigitalLogBookconfer?Inshort,whatisthebusinesscaseforusingafederatedapproachtoidentity,andapersonaldatastore?
9
Thebusinesscaseisexplainedinmoredetailinaseparatebusinesscasedocument,alsoavailableontheOIXwebsite7.Inthefollowingsectionswedescribeouroverallapproachandhighlightthemainfindings.
BUSINESSCASEAPPROACH
Toproduceabusinesscase,weworkedwithtwolocalauthoritypartners,theLondonBoroughsofTowerHamletsandHackney,withtheGreaterLondonAuthority(GLA),thePostOffice,andGDS.WealsorananindustryconsultationeventtogatherinputfromLAsuppliers.
Thebusinesscasecoversthefollowingareas:
1. indicativeoverallbenefits.Wehavebeenabletoreferencepreviousresearchcarriedoutaspartofthe#VerifyLocalpilotsrunbyGDSwithadozenlocalauthorities.ThisresearchhasbeenbuiltintoaLocalVerifyBenefitsCalculatortool8thatembedssomegenericmetrics,andcanbeconfiguredbylocalauthoritiestogiveanindicationofthescaleofbenefittheymightderivefromGOV.UKVerify.ThistoolisdescribedinmoredetailintheseparateBusinessCasedocument,buttheheadlinefiguresreferencedinthenextsectionrelatetoanexamplemetropolitancouncilwith275,000residents,deliveringthefullsetoflocalgovernmentservices;
2. socialhousing.WehaveexploredsocialhousingtransactionsinmoredetailanddemonstratethatthebenefitsidentifiedintheLocalVerifyBenefitsCalculatorarelikelytobeconservative.Socialhousingisoneofthemorecomplexservices,requiringmorerigorousidentityandeligibilitychecks;
3. federatedidentity.Weexploretheparticularbenefitsthataccruefromadoptingafederatedsolutiontoidentity,withparticularreferencetopopulationchurninmetropolitanareas,multi-agencyworking,andvulnerablegroupssuchasthehomeless;
4. fraud.Werefertoexistinggovernmentandindustryresearchtoindicatetheamountoffraud-relatedcostourexamplemetropolitancouncilwith275,000residentsmightavoid;
5. systemsintegration.Throughourindustryconsultationwehavebeguntounderstandtheintegrationcoststhatcouldbereducedifthesectorasawholeweretoadoptacommonapproachtofederatedidentity;
7https://oixuk.org/blog/2018/11/23/using-gov-uk-verify-for-local-authority-multi-service-portals-alpha-project/
8https://oixuk.org/blog/2018/11/23/using-gov-uk-verify-for-local-authority-multi-service-portals-alpha-project/
10
6. valueoflocaldata.Byprovidingvalidatedandverifieddataintotheidentityproofingandverificationprocess,localauthoritiesandhousingassociationswouldbecomeactivepartnersinidentityproofingandverification,ratherthanpassiverecipientsofidentities.Thisdatawouldhavevalue,andcouldoffsetthecosttotherelyingpartiesofidentityproofingandverification.WehavealsoidentifiedhowthisdatacouldhelptheGOV.UKVerifyIDPsdeliverhighlyassuredidentitiestothin-filecustomerswhodonothaveany,orasufficientdigitalfootprintincommerciallyavailabledatasourcestomeetthegovernmentstandardforGOV.UKVerifyregistration
7. personaldatastores.Weexploretheadditionalbenefitsthatcanaccruefromincludingapersonaldatastore,suchastheEtiveDigitalLogBook,aspartofafederatedidentitysolution.
THENEEDFORANECOSYSTEMSAPPROACH
Assuredonlineidentityisaprerequisitefordeliveringhigherriskservicesonline,i.e.servicesthatdeliverbenefitsincashorkind,orthatsharesensitivepersonalinformationwithusers.
Fullydigitalend-to-endservicetransformationreliesonmorethanjustanassuredonlineidentity.For81localauthorityservicesproofofeligibilityisalsorequired.Establishingeligibilitywithoutrecoursetoexpensive,slowandinconvenientpaperprocessesrequiresanadditional,butlinked,ecosystem-theattributeexchangeecosystem.AttributeexchangeisdescribedinmoredetailintheseparateBusinessCasepaper9.
Thepotentialcostsavingsthatcouldbemadebyadoptingattributeexchangearebuiltintothebusinesscase,andtotheLocalVerifyBenefitsCalculator.ThebenefitofGOV.UKVerifywillbemagnifiedwhentheidentityecosystemispairedwithanattributeexchangeecosystem.AttributeexchangehelpsdeliveracompellingbusinesscaseforadoptingGOV.UKVerifyinthefirstplace10.
9https://oixuk.org/blog/2018/11/23/using-gov-uk-verify-for-local-authority-multi-service-portals-alpha-project/
10TheroletobeplayedbyattributeexchangehasrecentlybeenemphasisedbytheChiefDigitalOfficeratMHCLG.Seehttp://www.ukauthority.com/data4good/entry/8228/mhclg-digital-chief-points-to-attribute-exchange-potential
11
BUSINESSCASERESULTS
TheheadlinefiguresgivenbelowaredescribedinmoredetailintheseparateBusinessCasedocument11.
Anexamplemetropolitancouncilwith275,000residents,deliveringthefullrangeoflocalgovernmentservicescouldsave£16.78moverafive-yearperiodbytransformingtheirserviceswithGOV.UKVerifyandattributeexchange.Thisfigureismadeupof:
A. £4.45midentityassurancesavingsB. £2.50meligibilitycheckingsavingsC. £9.83mservicedeliverysavings
Year-on-yearsavingsafterthe5-yearimplementationperiod,fortheexamplecouncil,couldamountto£4.435m.
Thegenericmetricsusedinthemodelthatgeneratethesesavingsfiguresyieldanestimatedcostpercaseforsocialhousingtransactionsis£10.87.However,researchwithonelocalauthorityshowedtheircoststobecloserto£350percase.Althoughweneedtovalidatethissocialhousingfigurebycomparisonwithotherlocalauthorities,itdoesindicatethatthebenefitsfiguresyieldedbytheLocalVerifyBenefitsCalculatorarelikelytobeconservativeratherthanoptimistic.
Weestimatethattheexamplemetropolitancouncilof275,000residentscouldalsoavoidfraudlossesof£4.7moverthe5-yearimplementationperiodbyadoptingGOV.UKVerify.
Acommonapproachtofederatedidentity,basedonGOV.UKVerify,couldsavebetween£412kand£1.24mperannuminLondonalonebyavoidingtheneedtore-registercitizenseverytimetheymove.ThisisbasedonpopulationchurnfiguresforLondon.In2016317,000peopleovertheageof18movedfromoneLondonboroughtoanother.Thebenefitstobederivedfromadoptingafederatedapproachtoidentityforthe“hardtoverify”wouldbeproportionallygreater,giventheadditionaleffortrequiredtoregisterthiscohortinthefirstplace.Similarbenefits,albeitsmallerinvolume,arelikelytoaccrueinanymetropolitanarea.
Accesstoafederatedidentityisofparticularvaluetovulnerablegroups,suchasthehomelessandvictimsofdomesticabuse,whoaremorelikelytoloseorbeseparatedfromtheiridentitydocumentsortohavethemstolen.Replacementdocumentscanbe
11https://oixuk.org/blog/2018/11/23/using-gov-uk-verify-for-local-authority-multi-service-portals-alpha-project/
12
expensive,andthecostofreplacementoftenfallstothethirdsector.Examplereplacementcostsare:
A.Birthcertificate£9.50
B.EUpassports/IDcards£21.60to£104.60
C.ReplacementBiometricResidencePermit£56
D.ConfirmationofIndefiniteLeavetoRemain£237
Whilereplacementdocumentsarebeingsoughtthesevulnerableusersarealsounabletoaccesstheservicestheyneed.
Atop-5suppliertolocalauthoritiesestimatedthatalackofstandardsforidentityacrosslocalauthoritysystemscouldleadtosystemsintegrationcostsof£50mforlocalauthoritysuppliers,foridentitiesatLOA1.AdditionalcostwouldbeincurredforLOA2accounts.StandardisingonGOV.UKVerifywouldreducethiscost,andintegrationtime,byprovidingacommoninterfaceandapproach.
Localorganisationswhoareactivelyengagedinhelpingcustomersprovewhotheyareshouldbenefitfromreducedidentityproofingandverificationchargesinrecognitionofthevaluetheyareaddingtotheprocess.Wehavenotattemptedtoquantifythepotentialsavings,ortosuggestparticularcommercialmodelsinthisproject,butrecognisethisisoneofthekeytopicsthatwillhavetobeaddressed.
Apartfromactingasastoreofvaluableidentityevidence,apersonaldatastorecanstoreothercredentialsandevidencethattheusercanchoosetosharewithdifferentserviceproviders,astheneedarises.Citizenscansharetheirdatawithchosenorganisations,foralimitedperiodoftime,andforspecificpurposes.Thiscanbeparticularlyusefulforuserswhoarehighlymobile,orwhohavetodealwithmultipleagenciesinordertogetajobdone.Itcanbeinvaluableforvulnerablegroups,suchasthehomelessandvictimsofdomesticabuse,whoaremorelikelytoloseidentitydocuments,havethemstolen,orbeseparatedfromthem.TheseparateBusinessCasedocumentdiscussessomepotentialusecases.
Apersonaldatastorealsoallowsidentityproofingandverificationtobecomeaprocessovertime,ratherthanapointintimepass/failexercise.Asmoreidentity-relatedinformationiscollectedinapersonaldatastore,theopportunityfortheusertoreachahigherlevelofassurancethroughtheirIDPincreases.
ForIDPs,therearebenefitsinbeingabletosuccessfullyofferhighlyassuredidentityservicestoawiderrangeofcustomers,includingcurrentlythin-filecustomers.ResearchcarriedoutinTowerHamletsinrelationtotheirWorkPathservice(aservicethathelpslocalresidentsfindandstayinwork),indicatethat98%ofthatcohortwould
13
havesufficientlystrongevidencetoachieveanLOA2identityverification.89%ofthecohort(including19%fromoverseas)wouldhavestrongphoto-id,allowingforstrongIDverification.63%ofthecohortarelikelytohavesufficientactivityhistorytoachieveLOA2.TheDLBwouldprovidetheresttheopportunitytobuildupactivityhistoryovertime.OpeninguptheLAmarketingeneraltoGOV.UKVerifyhasthepotentialtosignificantlyextendthereachofGOV.UKVerifytomanymorecustomers,whichwouldprovideIDPswithasignificantmarketopportunity.
Theevidencewehaveassembleddemonstratesthatlocalauthoritiesandotherorganisationscouldderivesignificantbenefits,quantitativeandqualitative,byadoptingGOV.UKVerify.
WORKSTREAM3-INDUSTRYCONSULTATION
AspartoftheprojectweengagedwithITsupplierstotheLAsector.Thiswaspartlytomakesuppliersawareofthebenefitsofafederatedapproachtoidentity,toraiseawarenessofGOV.UKVerifyinparticular,andexplainthelinkbetweenfederatedidentityandattributeexchange.Combinedwiththis,wefeltitwasimportanttogettheirinputintothesolutionsbeingdeveloped,duetotheirroleasmajorsupplierstolocalauthorities.FromtheconsultationsweformulatedideasonhowGOV.UKVerifyshouldevolvetobetterservetheLAmarket.
CONSULTATIONAPPROACH
WepartneredwithtechUKtorunfourconsultationevents.Supplierstothelocalauthoritymarketwereinvitedtoattend.AlistoftheorganisationswhoattendedtheseconsultationsisshowninappendixC12.
Consultation1introducedthebenefitsofGOV.UKVerifyandgaveanoverviewoftheproject.Roundtablesessionsweresetuptocover:usinglocaldatainidentityproofingandverification;userinterfaceissues;thebusinesscaseforGOV.UKVerifyinlocalauthorities;thelocalauthoritymarketforGOV.UKVerify;andprivatesectorhubs.
Consultation2wentintomoredetailabouthowGOV.UKVerifyidentityproofingandverificationworksanddiscussedtheinformationgovernanceworkstream,andtechnicaldesign.
Consultation3dealtwithuserinterfaceanddesign.
Consultation4summarisedtheprojectfindings.
12Pleasenotethatattendancedoesnotnecessarilymeanendorsementofviewsexpressedinthepaper
14
Inputfromdelegateswasactivelysoughtinall4workshops,whichwasthenfollowedupwithone-to-onediscussionswithsomeofthesuppliers.
CONSULTATIONOUTCOMES
Theconsultationeventsprovidedusefulfeedbackonallaspectsoftheproject.SomeclearmessagesemergedfromtheengagementwithLAsandsuppliersonhowGOV.UKVerifyshouldevolve.
ThekeyfeaturesofthemodifiedGOV.UKVerifymodelweareproposingare:
1. anecosystemsapproach;2. fullfederationacrossalllevelsofassurance;3. usinglocaldataintheidentityproofingandverificationprocess;4. allowingrelyingpartiestoofferasingleIDPwhenregisteringnewusers;5. differentcommercialmodels.
ANECOSYSTEMSAPPROACH.
AnecosystemsapproachwouldcombineattributeexchangewithGOV.UKVerifyidentitiestoachievefullvaluefromdigitalidentity.Aconsistentmessagefromallthelocalauthoritiesandsupplierswehavespokentoisthatattributeexchangedeliverstherealbusinesscaseforadoptingfederatedidentity.Thereisgrowingrecognitioningovernmenttoothatattributeexchangeisessentialtofundamentallytransformthewayservicesaredeliveredonline13.Attributesneedtoflowbetweenthepublicandprivatesectors,notjustwithinthepublicsector,sotheadoptionofacommonstandardforidentityacrossthepublicandprivatesectorsisabsolutelynecessarytodeliverthelevelsoftrustrequiredfordatatofloweffectively,securely,andinlinewithcustomerpreferences.Astandards-basedapproachtoattributeexchangeisequallynecessary.
TheremaybeothertechnicalimplicationsforGOV.UKVerifyinadoptinganecosystemsapproach.Forexample,theabilitytomaintainsessionstate14foridentitysessionswouldallowattributeproviderstoconfirmthatacitizenhasloggedinattherequiredlevelofassurancetopermitthereleaseofattributes.
13Seehttp://www.ukauthority.com/data4good/entry/8228/mhclg-digital-chief-points-to-attribute-exchange-potentialandhttps://dwpdigital.blog.gov.uk/2017/09/19/helping-citizens-choose-how-their-data-can-work-for-them/
14Statefulmeansthecomputerorprogramkeepstrackofthestateofaninteractionovertime.
15
FULLFEDERATIONATALLLEVELSOFASSURANCE
Manylocalauthoritiescurrentlyoffertheircitizens“MyAccount”facilitiesatlowlevelsofassurancethatallowcustomerstologin,pre-populateonlineforms,saveforms,trackcallprogressandsoon.Thesetypesofaccountsareperfectlyadequateforlow-risktransactionswherethecustomer’sidentitydoesnotneedtobeconfirmed.SimpleloginaccountsarenotcurrentlyofferedbyGOV.UKVerify.Thisleaveslocalauthoritieswithanumberofchoices:
1. toruntheirownsimplelogin“MyAccount”inparallelwithGOV.UKVerify.Thisisnotagooduseofresourcesandcreatesanissueforcustomerswholaterwantandneedtoelevatethelevelofassuranceassociatedwiththeironlineidentity;
2. toforcecustomerstoregisterforaGOV.UKVerifyaccountatLOA1whenitisnotstrictlynecessary.Thisintroducesunnecessaryfriction,andpotentiallycost,intotheonlineprocess;
3. forLAstodeveloptheirownsolutionstoLOA1andLOA2accounts,whichiscomplex,expensive,anddefeatsthebenefitsofaplatformapproachacrossthepublicsector.LocallydevelopedLOA1andLOA2accountsarealsoveryunlikelytodeliverthelevelsoftrustrequiredtosupporttheattributeexchangeecosystem.
LocalauthoritiesneedtohavethechoicetofullyoutsourcetheircitizenidentitysolutiontoGOV.UKVerifyIDPs,andforthosesolutionstocoverthefullrangeoflevelsofassurance.Citizenscanbegiventheoptiontoelevatethelevelofassuranceassociatedwiththeironlineidentityastheneedarises.Aswehaveshownininitialuserinterfacedesigns(seeappendixB),thereisalsotheoptiontoengineeracustomerjourneysothatthecustomercangetonwiththejobinhandwithminimumfrictionbycreatingasimplelogin,andthenincreasetheassuranceassociatedwiththeironlineidentityatthepointintheprocesswhenitisrequired.
USINGLOCALDATAINTHEIDENTITYPROOFINGANDVERIFICATIONPROCESS
Additionaldatasourcescanbe,andhavebeen,broughtonstreaminthepasttohelptheGOV.UKVerifyIDPsimprovetheiridentityproofingandverificationprocesses.Thisprojecthasdemonstratedtheenormouspotentialofallowinglocalauthoritydatatobeaddedtothelistofavailabledatasources.Theface-to-faceprocessesalreadyinplaceinlocalauthorities,andthecross-checkstheycarryouttoensureapplicantsareentitledtokeyservices,makethisdataparticularlyvaluableinenablingpeople,whoarecurrentlyhardtoverify,togetanidentityaccountwithaGOV.UKVerifyIDP.Webelievethattheoutcomesfromthisprojectdemonstratethatlocalauthoritydata,properlyaccredited,shouldbecomepartoftheGOV.UKVerifyidentityproofingandverificationprocessescarriedoutbyIDPs.
16
Ofcourse,thereisdatainotherpartsofgovernment,andintheprivatesector,thatcouldbeequallyvaluableinimprovingthesuccessrateofGOV.UKVerifyregistrations.DWPandHMRCdata,forexample,couldalsohelpthecurrentlyhardtoverifyachieveaGOV.UKVerifyaccount.Wewouldstronglyrecommendresearchintothefeasibilityofbringingadditionaldataintotheidentityproofingandverificationprocess.
CONTRACTINGWITHASINGLEIDP
AllowingrelyingpartiestoofferasingleIDPwhenregisteringnewusersforaGOV.UKVerifyIDwouldremovesignificantcomplexityfromtheuserjourney.HavingtochooseanIDPfromthe5onofferisoneofthemoredifficultaspectsoftheGOV.UKVerifyuserjourney.OfferingasingleIDPhasavaluableroletoplayinreducingfrictionintheregistrationprocess.
OfferingasingleIDPwouldalsogiverelyingpartiestheopportunitytonegotiatefavourablecommercialtermswiththeirchosenIDP.Thesecommercialtermscouldincluderecompensetotherelyingpartyforprovidingdataintotheidentityproofingandverificationprocess.Userchoicecanstillprevailinthisenvironment,ascustomerscouldreuseVerifyIDsalreadyregisteredwithanotherIDPinthecontextoftransactionswithotherrelyingparties.Indeed,theopportunitiestodosowillonlyincreaseasGOV.UKVerifyisrolledoutacrosstheprivatesector.
DIFFERENTCOMMERCIALMODELS
GOV.UKVerifyoffersasinglecommercialmodelforrelyingparties.RelyingpartiesarechargedafixedfeewhentheyinitiallyregisteroneoftheircustomersforaGOV.UKVerifyaccount,orwhenacustomerwithapre-existingGOV.UKVerifyaccountfirstusesthatIDtotransactwiththerelyingparty.ThismodelallowstheCabinetOfficetorecouptheIDPchargeovertimewithoutloadingthefullcostonthefirstrelyingpartytoregisteracustomerforaGOV.UKVerifyidentity.
Thedevelopmentofubiquitousdigitalidentitythatmeetsagreedstandardsandcanbeusedacrosspublicandprivatesector,willleadtoarangeofcommercialmodels.Forexample,amuchlower“per-authentication”chargemightbeofferedinplaceoftheexisting,relativelyhigh“per-registration/firstuse”charge.ConsortiaofhubprovidersandIDPscouldchoosetocommoditiseidentityonthebasisthatrealvalueliesinadditionalattributes,deliveredthroughtheattributeexchangeecosystem.Itismucheasierforarelyingpartytocalculatereturnoninvestmentforattributeprovisionthanitisforidentityonitsown.
17
Itisimportantthatthiscommercialdiversityisallowedtodevelop,asdifferentmarketsectorsarelikelytobenefitfromdifferentcommercialmodels,andcompetitionwilldrivedownprices.Itisequallyimportantthatlocalauthoritiesareabletochoosefromtheseprivatesectormodelsshouldtheywishto.
Enablingthisevolutionwouldstimulatethemarketforfederatedidentityandachievethevolumesnecessarytoallowthemarkettothrive.TherearewidereconomicbenefitstobederivedfromallowingGOV.UKVerifytoachieveitsfullpotential.Wehavemodelledtheseforlocalgovernmentinthelogicchainbelow,butthesameprinciplesapplytothecentralgovernmentandtheprivatesector.
Diagram6.Logicchainofeconomicbenefits
CONCLUSIONSANDRECOMMENDATIONS
ThisprojecthasdemonstratedthatlocalauthoritiescollectandmanagedatathatwouldhavehighvalueintheGOV.UKVerifyidentityproofingandverificationprocess,particularlyforthin-filecustomerswhowouldnototherwisepasstheGOV.UKVerifyregistrationprocess.
18
ThebusinesscasedemonstratesthatlocalauthoritiescouldderivesubstantialvaluefromimplementingGOV.UKVerifyandanassociatedattributeexchangeecosystem,andthatIDPswouldalsobenefitfromusingdatacollectedbyLAs,andopeninguptheLAmarketforidentityservices.
WehavemodelledaworkabletechnicalsolutiontomakinglocaldataavailabletoGOV.UKVerifyidentityproviders,andstartedtheprocessofdesigningauserinterfacethatcouldsuccessfullyweavetogetherlocalauthoritytransactionswithastreamlinedGOV.UKVerifyregistrationprocess.
Wehavedeveloped,validatedandcommunicatedourfindingsthroughaseriesofindustryconsultationevents.
Projectrecommendationsarethat:
A. aBetaprojectisconductedtotestanddeveloptheoutputsfromtheAlphaprojectwithawiderrangeoflocalauthoritiesandlocalauthoritycustomers;
B. theBetaprojectisusedto:○ implementalivetechnicalinfrastructurebasedonthemodeldeveloped
inAlpha;
○ demonstrate,inpractice,theuseoflocalauthoritydatatohelpthehardtoverifyregisterforaGOV.UKVerifyaccounttoLOAn,withtheuser’sconsent;
○ demonstratetrustelevationovertime,fromsimpleloginstoLOA2,usingdatacollectedintheDLB;
○ demonstratetheviabilityofself-certificationoflocaldatasources;
○ carryoutuserexperienceresearchtovalidateanddeveloptheuserinterfaceoutputsfromtheAlphaproject;
○ testtheenhancedfunctionalityforGOV.UKVerifyrecommendedinthisdocument;
○ workwithDWPtodemonstratehowactivelocalauthorityinvolvementinidentityproofingandverificationwoulddeliverbenefitsintheUniversalCreditapplicationprocess.
19
APPENDIXA-PROJECTPARTICIPANTS
Digidentity GOV.UKVerifyIdentityProviderInvolvedintechnicaldesignandtechnicalintegration
Etive ProjectsponsorandsupplieroftheDigitalLogBook(DLB).Involvedintechnicaldesign,technicalintegration,userinterfacedesign,andindustryconsultation.
PeteGale,IDResearch AdviceonlessonslearntfromGOV.UKVerify
GBGroup GOV.UKVerifyIdentityProvider.Involvedintechnicaldesign,informationgovernance,anduserinterfacedesign
GovernmentDigitalService Projectassurance
GreaterLondonAuthority Involvedinbusinesscasedevelopment
IanImesonConsultingLtd Involvedintechnicaldesign,technicalintegration,informationgovernance,userinterfacedesignandindustryconsultation
IanLitton,PositiveAttributesLtd Projectcoordinator.Involvedintechnicaldesign,technicalintegration,informationgovernance,userinterfacedesign,industryconsultationandauthoringprojectblogsandpapers.
LondonBoroughofHackney Relyingparty.Involvedininformation
20
governanceandbusinesscasedevelopment
LondonBoroughofTowerHamlets Relyingparty.Involvedininformationgovernanceandbusinesscasedevelopment
Mvine Hubprovider.Involvedintechnicaldesign,technicalintegration,anduserinterfacedesign.
PostOffice GOV.UKVerifyIdentityProvider.Involvedintechnicaldesign,technicalintegration,informationgovernance,anduserinterfacedesign
techUK Involvedinorganising,coordinating,andhostingindustryconsultationevents.
APPENDIXB-INITIALUSERINTERFACEDESIGNS
Aspartoftheprojectwehavedevelopedanexamplesetofscreenstoillustratehowtheuserjourneyforthin-filecustomerscouldbesimplified.Keyfeaturesofthecustomerjourneyare:
1. upfrontcommunicationwithusersaboutthejourneytheyareembarkingon,andhowGOV.UKVerifywillfigureinthatjourney.SometestingofthisapproachhasalreadybeendoneinthecontextoftheWarwickshireCountyCouncilBlueBadgeprivatebetaproject15.ItisalsoacommonservicepatternfortheEtiveDigitalLogBook,withuserstypicallyhavingafacetofaceinterviewaspartofthesocialhousingprocess,duringwhichtheDigitalLogBookisintroduced;
15Formoreinformationonthisprivatebetaprojectseehttps://dwpdigital.blog.gov.uk/2017/09/19/helping-citizens-choose-how-their-data-can-work-for-them/
21
2. useofasingleIDPratherthanofferingtheuserachoiceofIDPs.ThisreducestheconceptualcomplexityofVerifyforitsusers.Userchoicecanstillprevailinthisenvironment.Ausercoulduseapre-existingdigitalIDfromadifferentcertifiedIDPwiththerelyingparty,andtheycouldstillregisterwithmorethanonecertifiedIDPindifferentcontextsandusedifferentaccountswithdifferentrelyingparties.WebelievethiswouldmaintainthePrivacyandConsumerAdvisoryGroup(PCAG)requirementformultiplicity16;
3. creationofasimpleloginaccountwiththeIDP.OuruserjourneystartswiththecreationofasimpleloginaccountbytheIDP.Theuserisabletocreateasecureaccount,protectedbytwo-factorauthentication,withtheminimumamountoffriction,sotheycangetonwiththejobinhand;
4. useoflocallysourceddata.Oncetheuserhascompletedthejobinhand,thetransactioninformationthathasbeenenteredandvalidatedbythelocalauthoritycanbepassedtotheIDP,withtheuser’sconsent,toelevatethelevelofassuranceassociatedwiththeiraccount.
EXAMPLESCREENS
Thejourneywouldstartwithanexplanatoryemail(notshownhere),explainingtheroleoftheDigitalLogBookinthesocialhousingapplication,andtheuseofGOV.UKVerifyforidentityproofingandverification.TheemailwouldcontainalinktosetupaDigitalLogBook(orlogin,iftheuseralreadyhasone).Thiswouldlinktothescreenbelow.
16Seehttps://www.gov.uk/government/publications/govuk-verify-identity-assurance-principles/identity-assurance-principles
22
Wewillfollowtheroutetakenbyauserwhoissettingupanewdigitallogbook.
Thefirststepisfortheusertosetupasimplelogin.Thiscanbedonewithminimumfriction,allowingtheusertogetonwiththejobofcompletingtheirsocialhousingapplication.Thepre-registrationapproachmodelledheredoesnotgivetheuserachoiceofIDP,butdirectsthemstraighttotherelyingparty’schosenIDP,thePostOfficeinthiscase.Thisisdesignedtofurtherreducefriction,andremovesomeofthecognitivedissonanceassociatedwiththeconceptoffederatedidentity.
Userexperienceresearchwillbeneededtotesthowwellthisapproachworks,andtoidentifyhowtohandlebrandingaroundGOV.UKVerifyandtheIDP.
23
24
Twofactorauthenticationreducesthepossibilityofanotheruserhijackingasimplelogin,animportantconsiderationgiventhattheuserwillbegiventheoptiontoelevatethelevelofassuranceassociatewiththeirIDatalaterdate.
25
26
Theusercannowloginwiththeirnewsimplelogin.Theywillreceivethesecondfactorchallengeintheprocess(notshown).
27
28
Theuserisshownatypicaldialogueforwhenafederatedidentityisbeingusedtoaccessaparticularapplication(theDigitalLogBookinthiscase).
29
Aspartoftheset-upprocessoftheDigitalLogBook,theuserisaskedtosignuptotheconditionsofuseandtheprivacypolicy.
30
Theusercannowstarttheirsocialhousingapplication.Intheprocesstheywillself-assertalotofinformation,anduploadaseriesofdocuments,thatwilllaterbeusedtohelpthemelevatethelevelofassuranceassociatedwiththeirPostOfficeGOV.UKVerifyaccount.Alloftheinformationonthefollowingscreensisrequiredtoassessiftheapplicantiseligibletobeaddedtothesocialhousingregister.
31
32
DocumentscanbeuploadedandstoredintheDLB.
33
34
Theuserisgivenasummaryofthedocumentsuploaded,andisabletosharethesewiththecouncilforasetperiodoftime.Theycanchoosenottodothis,andtosharetheoriginaldocuments,butcurrentusageoftheDigitalLogBookindicatesthatmostuserswillshareelectronicallyasitismoreconvenientandspeedsuptheapplicationprocess.
Iftheapplicantmeetstheeligibilityrequirements,thecouncilswehaveworkedwithrequirethemtoattendafacetofaceinterviewsothatoriginaldocumentscanbe
35
checked,andaphotographoftheapplicantcanbetakenandaddedtothecasefile.Thisisimportanttoensurethatthepersonwholatercomestoviewapropertyisthesamepersonwhooriginallyapplied.
ThecaseworkerwouldlogontotheDigitalLogBook,viewtherecordsalreadysharedbytheDLBuser,andconfirmthattheyhavecheckedtheoriginaldocuments.Theywouldalsorecordif,forexample,theyhadusedapprovedscanningsolutionstocheckforfraudulentdocuments.ThiswouldincreasethevalueofthedatatotheIDPs.FacetofacecheckscouldpotentiallysupportLOA3identities.
Thecouncilcouldrequestanextensiontothesharingaccessdateifrequired.
WhentheusernextlogsontotheirDLBtheywillbeofferedtheopportunitytoincreasethestrengthoftheirGOV.UKVerifyaccount.Thedialoguebelowshowstheuserthattheiraccountiscurrentlylowstrength(i.e.asimplelogin).Theincentiveforincreasingthestrengthoftheiraccountisaccesstoawiderrangeofonlineservices.
36
TheuserisredirectedtothePostOffice.InthebackgroundthePostOfficewillreceiveaSAMLmessagecontainingtherelevantdatafromtheDLB,plusassociatedmetadata.ThiscanbecombinedwiththeIDP’snormalsourcesofdatainanattempttobringtheuser’saccountuptoLOA1orLOA2.
OneoptionisfortheIDPtoredisplaythedatasourcesthatarebeingsharedfromtheDLBandtogivetheuserthechoiceatthatpointofdecidingiftheywanttosharetherelevantdocumentswiththeIDP
37
TheIDPwouldconfirmthesuccessofthetrustelevationbeforehandingbacktotheDLB:
38
APPENDIXC-DRAFTTECHNICALDESIGN
HIGHLEVELARCHITECTURE
Theoverallarchitectureisrepresentedinthefollowingdiagram:
Diagram1.Highlevelarchitecture
TheDigitalLogBooksitsinfrontofacouncil’sbackofficesystemsandpresentsasingleintegrationpointtotheGOV.UKVerifyhub.Thelinksbetweentheback-officesystemsandtheDigitalLogBookcanbeimplementedinanumberofdifferentways,dependingonthecouncil’spreferencesandthecapabilitiesoftheirback-officesystems.
39
AmetadataschemawoulddescribethelocaldatainawaythatwouldallowtheIDPstoquantifyitsvalueintheidentityproofingandverificationprocess.Theexampleschemabelowincludesdataitemsrelatingtosocialhousingtransactions,buttheschemacouldbeextendedtocoverdifferenttransactionsandothersourcesofdata.
Diagram2.Metadatascheme
Themetadataitemsaredescribedinmoredetailinthefollowingtable.
Dataitem Thedatabeingpresented
Datacategory(ID,ActivityHistory,KnowledgeBasedVerification)
DescribesthetypeofdatarepresentedandwhichIdentityVerificationcategoryitsitswithin.
Datedatarecorded Thedatewhenthedataitemwasfirstrecorded
Currency(lastupdated) Thedatewhenthedataitemwaslastupdated
40
Self-assertedorverified? Hasthedatabeenverifiedbyacouncilofficer
Methodofverification E.gscanningtechnologyused,manualcheck.Weneedtodevelopapicklistforthisitem.
MandatoryorOptional Willthisdataitemalwaysbepresent,oronlysometimes?
ActivityHistorydefinition Istheactivityhistoryinquestionofhigh,mediumorlowvalue.Thiswillbebasedonanagreedcategorisation.Forexample,ahistoryofautomatedpaymentswouldbeoflowvalue.
User'slevelofassurancewhendatawasrecorded(LoAx)
Thiswillindicateifthedata(particularlyifself-asserted)wasboundtoamoreorlesshighlyassuredidentity
Cross-checkedagainst... Hasthisdataitembeencrossedcheckedinanyway?E.g.hastheamountonanawardnoticefromtheDWPbeencross-checkedagainstpaymentsintotheindividual’sbankaccount?
Table3.Descriptionofmetadataitems.
TheexistingGOV.UKVerifySAMLprofilewouldbeextendedtopresenttheDLBdatatotheIDPsviaahub.ThefollowingschematicmapstheSAMLcallsinthecustomerjourney:
41
Diagram3.SchematicofSAMLcalls
Intheproposedmodelitispossibleforauser,overtime,toelevatethelevelofassurance(LOA)associatedwiththeirGOV.UKVerifyaccountastheyassemblemoreidentity-relateddataintheirDLB.Theycouldprogressfromasimplelogin,toLOA1andthenLOA2.
42
APPENDIXD-ORGANISATIONSATTENDINGCONSULTATIONEVENTS17
ACAMS GoodPeople PersonCentredSoftware
Agilisys GOSS PostOffice
IanImesonConsultingLtd LondonBoroughofHackneyCouncil
RoyalBoroughofKensington&Chelsea
Barclays HousingAssociationsCharitableTrust
RoryMacDonald
Barking&Dagenham Idemia Sitekit
Capita IEG4 LondonBoroughofSuttonCouncil
Civica iStandUK TataConsultancyServices
ConsultHyperion Jadu ThePireanGroupofCompanies
DWP LondonBoroughofKingston
TISA
Etive LondonBoroughofWalthamForest
LondonBoroughofTowerHamlets
Evernym LocalGovernmentAssociation
Yoti
GBG MvineLimited zInet
GDS NHSDigital
GreaterLondonAuthority NorthgatePublicServices
17Pleasenotethatattendancedoesnotnecessarilymeanendorsementofviewsexpressedinthepaper
43
APPENDIXE-GLOSSARYOFTERMS
Attribute Acharacteristicofapersonorathing
AttributeExchange Amechanismthatallowsarelyingpartytorequestinformationaboutadatasubjectfromanattributeprovider,online,andinreal-time,withthedatasubject’sexplicitpermission.Theattributeexchangeecosystemisgovernedbyatrustframeworkthatcoverstechnical,legalandcommercialaspectsoftheecosystem.Typicallybuiltusingopenstandardsprotocolsandspecifications,suchasoAuth2andUserManagedAccess(UMA).
AttributeProvider Anorganisationthatcanprovideattributesaboutapersonorathingthroughtheattributeexchangeecosystem
FederatedIdentity Acommonsetofpolicies,practicesandprotocolstomanageidentityandtrustacrossorganisations.
GeneralDataProtectionRegulation(GDPR) AEuropeanregulationondataprotectionandprivacythatreplacedthe1995DataProtectionDirective(andtheUKDataProtectionAct1998)onMay25th2018.
LevelofAssurance Theleveloftrustthatcanbeputinadigitalidentity,basedonthelevelofconfidencethatthepersoninpossessionofthedigitalidentityiswhotheysaytheyare.TheUKgovernmenthasdefinedthelevelsofassurance,andmappedthemto
44
internationalstandards,intheirGoodPracticeGuide4518
PersonalDataStore(PDS) Asecuredatarepositorythatisownedandmanagedbyanindividualuser,evenifitisinitiallyissuedtotheindividualbyanorganisation.ThePDSprovidestheuserwithtoolstocontrolwhotheysharetheirdatawith,inwhatcircumstances,andforwhatpurposes.
RelyingParty Aserviceprovider,organisation,orsystemthatconsumesandreliesonthedigitalidentitiesprovidedbyanidentityprovider
Simplelogin Anunverifieduseraccount,setuptoallowtheusertoauthenticate,butwithoutprovidinganyproofofidentity.
18https://www.gov.uk/government/publications/identity-proofing-and-verification-of-an-individual