using gov.uk verify for local authority multi service ... · photo driving licence 75% 52% credit...

USINGGOV.UKVERIFYFORLOCALAUTHORITYMULTISERVICEPORTALS

(ALPHAPROJECT)

WHITEPAPER

IanLitton

November2018

EXECUTIVE SUMMARY 1

INTRODUCTION 2

PROJECT DESIGN 5

WORK STREAM 1 - INFORMATION GOVERNANCE 5

WORK STREAM 2 - BUSINESS CASE 8

WORK STREAM 3 - INDUSTRY CONSULTATION 13

CONCLUSIONS AND RECOMMENDATIONS 17

APPENDIX A - PROJECT PARTICIPANTS 19

APPENDIX B - INITIAL USER INTERFACE DESIGNS 20

APPENDIX C - DRAFT TECHNICAL DESIGN 38

APPENDIX D - ORGANISATIONS ATTENDING CONSULTATION EVENTS 42

APPENDIX E - GLOSSARY OF TERMS 43

1

EXECUTIVESUMMARY

“ThisprojectisexcitingforPostOfficeinbeingabletodemonstratetheuseofVerify.Supportingmorecustomersbydiversifyingtherangeofdatasourcesavailabletomeethighgovernmentstandardsofidentityassurance.Itisimportanttomakeprovingidentityeasierforthosewiththincreditfiles,whilstretainingrobustandappropriatecheckstopreventidentityfraud.Doingthiswillsimplifyhowcustomerstransactdigitallywithlocalauthoritiesandhousingassociations,improvingtheprocessforeveryone.”PostOffice

Federatedidentityisapowerfulmechanismforincreasingcustomerconvenience,enhancingorganisationalefficiencyandtransformingthewayonlineservicesaredelivered.

IntheUKthereiscurrentlyonlyonefederatedidentitysolutionthatoffershighlyassuredcustomeridentitiesbackedupbyclear,agreedstandards.ThatsolutionisGOV.UKVerify.

TheGOV.UKVerifyregistrationisdesignedasafullyonlineprocess.Althoughthisoffersundeniablebenefits,thereisasignificantcohortofthin-filecustomerswhomaynothaveany,orasufficientdigitalfootprintincommerciallyavailabledatasourcestomeetthegovernmentstandardforGOV.UKVerifyregistration.

ThisAlphaproject,buildingonanOIXDiscoveryproject1,demonstrateshowtheuseofdatacollectedbylocalauthorities(LAs),madeavailabletoidentityproviders(IDPs),couldhelpotherwisethin-filecustomersregisterforaGOV.UKVerifyidentity.

WedemonstratethatLAshavesufficientlyrobustinformationgovernanceprocessesinplacetobeabletoprovidequalitydatatoIDPsforidentityproofingandverificationundertheVerifyscheme,andthatthisdatawouldbesufficienttohelpthemajorityofthin-filecustomersachieveaVerifyaccountatlevelofassurance2(LOA2).

WeshowthatthereisastrongbusinesscaseforLAstoadoptGOV.UKVerify,andthatthereisalsoabusinesscaseforIDPstouseLAdataintheidentityproofingandverificationprocess.

BasedonconsultationsconductedwithLAsandITsupplierstotheLAmarket,werecommendhowVerifyshoulddevelopinordertobetterservetheLAmarket.Wehavealsodevelopedanexamplecustomerjourney,basedonthoseconsultations,andproducedahigh-leveltechnicalsolution.1Seehttps://oixuk.org/wp-content/uploads/2017/02/Micro-Sources-of-Data-Final-.pdf

2

WeconcludethatLAdataprovidesavaluableandpracticalsolutiontomakingGOV.UKVerifyavailabletothewidestrangeofpotentialcustomers,andthataBetaprojectshouldbesetuptodemonstratethisinpractice,andtostimulatetheLAmarketforGOV.UKVerify.Therecentlysignedcontractsbetweengovernmentand5IDPspresenttheperfectopportunitytoachievethis,asthechangesbroadentheuseofVerifyandidentitystandardsbeyondpublicsector,akeyaspectforasuccessfulidentityassurancescheme,inawaythatalsobettermeetstheneedsofLAs.

INTRODUCTION

ThisWhitePaperdescribeshowdatacollectedlocally,bylocalauthorities(LAs),housingassociations(HAs)andsimilarorganisations,couldbeusedtoextendthereachofGOV.UKVerify.Inparticularthispaperaddressestheneedsof“thin-file”customerswhomaynothaveany,orsufficientdigitalfootprintincommerciallyavailabledatasourcestomeetthegovernmentstandardforidentityproofingandverificationasimplementedbyGOV.UKVerify.Thesepeopleareoftentheheaviestusersofpublicserviceswhowouldbenefitmostfromtransactingonline.LAscouldachievesignificantsavingsifthiscohortwereabletotransactdigitally.

Thethin-filecohortisasignificantprobleminthecontextofGOV.UKVerify.ThreeofthekeysourcesofdataavailabletoVerifyIDPsareUKpassports,UKdrivinglicences,andcreditreferencedata.Thefollowingtablehighlightsthepenetrationofpassports,drivinglicencesandcreditcardsforthegeneralpopulationcomparedtothoseonJobseeker’sAllowance(JSA):

GeneralPopulation JSA

Passport 80% 64%

PhotoDrivingLicence 75% 52%

CreditCard 56% 31%

Table1.Penetrationofpassports,drivinglicencesandcreditcardsforthegeneralpopulationcomparedtothoseonJobseeker’sAllowance(JSA)

PeopleonJSAaresignificantlylesslikelytohavethesekeypiecesofevidence.

3

Asaresult,therearekeycohortsofcitizenswhoareunabletosuccessfullyregisterwithaGOV.UKVerifyIDP.Thesecitizensaretypicallythepeoplewhoaretheheaviestusersofpublicservices,forwhomthebenefitsoftransactingonlinewouldbethegreatest.

ThisproblemhasbeenhighlightedrecentlyinrelationtoUniversalCredit.Only38%ofUniversalCreditclaimantswhoattempttouseGOV.UKVerifymanagetoregistersuccessfully2.Thiscomesatacosttoo.TheDepartmentforWorkandPensions(DWP)estimatesthatthemanualidentitychecksthatwillbenecessaryasaresultoflowregistrationrateswillreducetheirpotentialsavingsfromtheroll-outofGOV.UKVerifyby£40mover10years.

Toaddressthis“hardtoverify”or“thin-file”cohort,itisessentialtomakeawiderrangeofdatasources,coveringdifferenttypesofdata,availabletotheGOV.UKVerifyIDPs.ThisWhitePaperdemonstratesthatLAsareavaluableandpracticalsourceofsuchdata.Italsodemonstratesthatthereisacompellingbusinesscaseforlocalauthoritiesandotherorganisationstoadoptafederatedcitizenidentitysolutiontomeettheirstrategicobjectivesofdeliveringservicesmoreeffectively,efficiently,andcheaplythroughonlinechannels.

Federatedidentityisapowerfulmechanismforincreasingcustomerconvenience,enhancingorganisationalefficiencyandtransformingthewayonlineservicesaredelivered.Builttoagreed,interoperablestandards,afederatedidentitysystemcandeliverarangeofbenefits:

● acustomercentricidentitythatcangiveaccesstoawiderangeofservicesacrossthepublicandprivatesectors;

● sharedtrust,facilitatingaccesstoawiderangeofattributesforarelyingpartytoestablishcustomerentitlementandeligibility,withcustomerpermission;

● increasedsecurityandreducedlevelsoffraud;● financialsavingsfororganisationsandtheircustomers;● increasedconvenienceandreducedtransactionfrictionfororganisationsand

customers.

Withoutafederatedcitizenidentitysolutiondeliveringhighlevelsofassuranceandtrust,itisimpossibletoachievefullendtoenddigitaltransformationofhigherriskservicesandofmorecomplexservicesthatrequireeligibilitychecks.Eligibility

2SeetheNAOreportonRollingOutUniversalCredit,section3.21:https://www.nao.org.uk/wp-content/uploads/2018/06/Rolling-out-Universal-Credit.pdf.SeealsotheNovember2017minutesofthePrivacyandConsumerAdvisoryGroupmeeting,item3.Evenwithsupport,only1in5peoplewereabletoverifytheiridentityinatrialcarriedoutinCroydon.

4

checking,usingattributeexchange,requiresasharedtrustanchorforidentity,whichafederatedsystemprovides.

IntheUKthereiscurrentlyonlyonefederatedidentityschemethatiscapableofdeliveringthenecessaryhighleveloftrust,basedonanagreedsetofstandards,thatcandeliverallofthebenefitsoutlinedabove.ThatschemeisGOV.UKVerify.

ItisanexcitingtimeintheevolutionofGOV.UKVerify.InMay2018theGovernmentDigitalService(GDS)announcedtheirintentiontosupporttherolloutofhigh-levelgovernmentstandardsforidentityproofingandverificationintotheprivatesectorandtocontinuetosupportdevelopmentofanidentitymarketintheUKthatleadstothecreationofubiquitousdigitalidentity.InOctober20185IDPsenteredintonewcontractswithGovernmenttoenablethisdevelopment.ThisprovidesanidealopportunitytoextendthereachofGOV.UKVerify,butalsotoexplorehowGOV.UKVerifymightevolvetobettermeetthemarketneedsforfederatedidentity.ThisWhitePaperfeedsintothatdebate.

ThehypothesiswesetouttoinvestigateinthisprojectisthatlocalauthoritytransactiondatacouldbeusedbyIDPstoraisethelevelofassuranceofathin-filecustomer’sdigitalidentity,andenablenearlyalllocalauthoritycustomerstotakeadvantageofGOV.UKVerify.

Theprojectobjectiveswereto:

1. developanexampleservice,deliveredthroughtheEtiveDigitalLogBook(DLB),incorporatingGOV.UKVerify;

2. demonstratehowdataintheDLBcould,withtheuser’sconsent,bepassedtoanIDPinordertoelevatethelevelofassuranceassociatedwiththatuser’sGOV.UKVerifyidentity;

3. designatechnicalarchitecturethatenablestheabove;

4. addressthedatagovernanceissuesraisedinthepreviousEtiveOIXDiscoveryProject3andtoconfirmthat:

a. theprocessesandproceduresusedbythelocalauthoritiestoon-boardtheircustomersaresufficientlyrobusttoprovidereliableidentityevidencetoIDPs;

b. theevidenceavailablemeetstherequirementssetoutintheGovernment’sGoodPracticeGuidesforidentityproofingandverification;

3https://oixuk.org/wp-content/uploads/2017/02/Micro-Sources-of-Data-Final-.pdf

5

c. theevidenceavailableusefullycoverstheevidencecategoriescurrentlylackingforthehardtoreachclientgroupinquestion;

5. prepareabusinesscasetodemonstratethevaluethatlocalauthoritiesandotherrelyingpartiescouldderivefromtheircustomershavingaGOV.UKVerifyaccount,andthevalueIDPscouldderivefromaccesstoLAdata;

6. communicatetheprojectfindingstoLAsandtheirITsupplierstohelpspeeduptheunderstandingandadoptionofGOV.UKVerify.

PROJECTDESIGN

Therewere3mainprojectstreams:

1. InformationGovernance-assessingthequalityoflocalprocessesanddata,andhowwelltheymeasureuptotherequirementsofGoodPracticeGuide454;

2. BusinessCase-thebenefitsofadoptingGOV.UKVerifyasafederatedcitizenidentitysolutionforLAservices;

3. IndustryConsultation-raisingsupplierandlocalauthorityawarenessandunderstandingofGOV.UKVerify,andgainingfeedbackfromthesector.

Eachoftheseworkstreamsisdescribedinthesectionsbelow.

Wealsomodelledanexamplecustomerjourney,anddraftedatechnicalsolution.

InthecourseofthisprojectitbecameclearthattomeettheneedsofLAsandHAs,GOV.UKVerifyneedstoevolve.WehighlighthowGOV.UKVerifyneedstochangetobecomeamorecompletesolution.

Weconcludewithrecommendationsfornextsteps.

Arangeofstakeholderswereinvolvedintheworkstreams,includingLAsandrepresentativebodies,IDPs,ahubprovider,ITsupplierstotheLAmarket,andGDS.TheparticipantsandtherolestheyperformedintheprojectarelistedinAppendixA

WORKSTREAM1-INFORMATIONGOVERNANCE

AnearlierOIXDiscoveryprojectdescribedhowLAdatacouldbeusedbyGOV.UKVerifyIDPstoimproveregistrationratesforthin-filecustomers.TheAlphaprojectestablishedthatthedatacollectionprocessesinourparticipatingLAswererobustandwouldmeet

4Seehttps://www.gov.uk/government/publications/identity-proofing-and-verification-of-an-individual

6

thestandardssetoutintheGovernment’sGoodPracticeGuide45fordatasourcesusedforidentityproofingandverification.

INFORMATIONGOVERNANCEAPPROACH

AninformationcomplianceauditwasconductedwiththeLondonBoroughsofTowerHamlets(LBTH)andHackney(LBH)toreviewhowtheycarryoutidentityproofingandverificationatpresentinthecontextofapplicationstotheirsocialhousingregisters,andhowthismatchesuptotherequirementsofGoodPracticeGuide45-“Identityproofingandverificationofanindividual”.

Eachcouncil’swrittenprocedureswerereviewed.Wealsoobservedhowtheprocedureswereimplementedintheonestopshopsandback-officeoperationsdealingwithsocialhousingapplications.Fromthisengagementwiththecouncilswedevelopedideasonhowaself-certificationprocessmightworkforlocalsourcesofdata.

Anindustryconsultationeventoninformationgovernancewasheldinrelationtoidentityproofingandverification.FromthisaninformationcompliancereportwasproducedandreviewedbyGDSandtwooftheprojectIdPs.ThefullinformationcompliancereportisavailableontheOIXwebsite5.

INFORMATIONGOVERNANCEFINDINGS

ThekeyfindingsfromtheInformationGovernanceworkarethat:

1. theprocessesdocumentedandobservedarecapableofprovidingacomprehensivedatasourceforGOV.UKVerifyIDPs;

2. thereissufficientevidenceagainsttheIdentityProofingandVerification(IPV)elementsA,BandC,and,forsomeapplicants,IPV-E,tohelpachieveanLOA2Identity6;

3. theprocessesundertakencapturedatainamannerconsistentwitharatingof“strong”forthepurposesofusebyanIDPtocreateanLOA2identity,withtheadditionoftheIDP’saccesstoIPV-Drequiredmaterial,suchasDeaths,NationalChangeofAddressregister(NCOA),PoliticallyExposedPersonsregister(PEPS,SanctionsandFraud;

5https://oixuk.org/blog/2018/11/23/using-gov-uk-verify-for-local-authority-multi-service-portals-alpha-project/

6IPV-Arelatestothestrengthoftheidentityevidencepresented;IPV-Brelatestothevalidationoftheidentityevidence-isitgenuine?IPV-Crelatestotheverificationoftheidentityevidence-doesitbelongtothepersonwhoclaimsit?IPV-Drelatestocounterfraudmeasuresassociatedwiththeidentity.IPV-Erelatestoactivityhistoryassociatedwiththeidentity.

7

4. thedatabeingcollectedbytheLondonBoroughsofTowerHamletsandHackney,andtheprocessesinvolvedincapturingthatdata,areofsufficientqualitytobeusedintheidentityproofingandverificationundertakenbyIdentityProviderswithintheGOV.UKVerifyscheme.

AkeyfindingofthisprojectstreamisthattheLAsobservedmeetthenecessarydataandprocessstandardsrequiredtosupportGOV.UKVerifyidentityproofingandverification.Theseobservationsrelatetosocialhousingtransactions,butitislikelythatotherlocalauthorityprocesses,forexamplefinancialassessmentsforsocialcare,wouldalsoprovidedataofhighvalueintheidentityproofingandverificationprocess,althoughinlowervolumes.

Aself-certificationprocesscouldbedevelopedtohelpLAsassessiftheymeetthenecessarystandardstoprovidedataintotheGOV.UKVerifyidentityproofingandverificationprocess.Thisself-certificationschemewouldcoverthefollowingareas:

Writtenprocedures DoestheorganisationhaveformalwrittenproceduresforIDverification?Howarethesesignedoff?Whatisthereviewprocess?

Stafftraining Whattrainingdostaffreceiveinidentityproofingandverification,indocumentchecking,andinanti-fraudprocedures?Isregularrefreshertrainingdelivered?

Documentsacceptedasproofofidentityandeligibility

DoestherangeofdocumentsthatmustbepresentedmatchtherequirementofGPG45?

Policyonoriginaldocuments Whichdocumentsmustbepresentedintheiroriginalformat;whenarecopies/printsfromtheinternetaccepted?

Useofscanningdevices Arescanningdevicesusedtodetectfraudulentdocuments?Ifso,inwhatcircumstances?

Counterfraudmeasures Whatcounterfraudmeasuresaredeployede.g.creditrecordagencychecks,othercross

8

checks?

Qualityassuranceprocesses Dosupervisorscarryoutcross-checksandspotcheckstoensureprocessesarebeingfollowedcorrectly?

Facetofacechecks Arefacetofacecheckscarriedouttolinkindividualstoasserteddocuments(passports,drivinglicencesetc)?

Crosschecking Whatcross-checksaremadebetweendifferentdocumenttypese.g.benefitpaymentsintothebankaccountmatchthebenefitawardsnotice?

Relevantaccreditations Forexample,thelevelachievedagainsttheInformationGovernanceToolkit/DataSecurityandProtectionToolkit

Table2.Potentialelementsofaself-certificationprocessformicro-sourcesofidentitydata

TheseideaswouldbedevelopedfurtherinasubsequentBetaproject,butrelatedindustrysectorsalreadyhaveexperienceofself-certification(e.g.theOpenIDCertificationProgram,theOIXnetRegistry,andtScheme)fromwhichwecanlearnlessonsintermsoflegal,technical,andregistrationapproaches.

ItislikelythattheprovisionofLAdataintotheVerifyidentityproofingandverificationprocesswouldbecoveredbycontractualarrangementswiththeIDPs,toensurethenecessaryinformationgovernancestandardswereinforceattheLA.

Insummary,theAlphaprojectconfirmsthatlocallycollecteddataissuitabletobeusedintheGOV.UKVerifyidentityproofingandverificationprocess.

WORKSTREAM2-BUSINESSCASE

ThecoreofthisAlphaprojectisexploringhowlocallyhelddatacanhelpthin-fileusersverifythemselvesthroughGOV.UKVerifyIDPs.Itisimportanttotakeastepback,though,andexplorewhyhighlyassuredonlineidentitymakesbusinesssense.Whatisinitforlocalauthorities,theirpartnersandtheircustomers?WhatisinitforIDPs?WhatadditionalbenefitdoestheEtiveDigitalLogBookconfer?Inshort,whatisthebusinesscaseforusingafederatedapproachtoidentity,andapersonaldatastore?

9

Thebusinesscaseisexplainedinmoredetailinaseparatebusinesscasedocument,alsoavailableontheOIXwebsite7.Inthefollowingsectionswedescribeouroverallapproachandhighlightthemainfindings.

BUSINESSCASEAPPROACH

Toproduceabusinesscase,weworkedwithtwolocalauthoritypartners,theLondonBoroughsofTowerHamletsandHackney,withtheGreaterLondonAuthority(GLA),thePostOffice,andGDS.WealsorananindustryconsultationeventtogatherinputfromLAsuppliers.

Thebusinesscasecoversthefollowingareas:

1. indicativeoverallbenefits.Wehavebeenabletoreferencepreviousresearchcarriedoutaspartofthe#VerifyLocalpilotsrunbyGDSwithadozenlocalauthorities.ThisresearchhasbeenbuiltintoaLocalVerifyBenefitsCalculatortool8thatembedssomegenericmetrics,andcanbeconfiguredbylocalauthoritiestogiveanindicationofthescaleofbenefittheymightderivefromGOV.UKVerify.ThistoolisdescribedinmoredetailintheseparateBusinessCasedocument,buttheheadlinefiguresreferencedinthenextsectionrelatetoanexamplemetropolitancouncilwith275,000residents,deliveringthefullsetoflocalgovernmentservices;

2. socialhousing.WehaveexploredsocialhousingtransactionsinmoredetailanddemonstratethatthebenefitsidentifiedintheLocalVerifyBenefitsCalculatorarelikelytobeconservative.Socialhousingisoneofthemorecomplexservices,requiringmorerigorousidentityandeligibilitychecks;

3. federatedidentity.Weexploretheparticularbenefitsthataccruefromadoptingafederatedsolutiontoidentity,withparticularreferencetopopulationchurninmetropolitanareas,multi-agencyworking,andvulnerablegroupssuchasthehomeless;

4. fraud.Werefertoexistinggovernmentandindustryresearchtoindicatetheamountoffraud-relatedcostourexamplemetropolitancouncilwith275,000residentsmightavoid;

5. systemsintegration.Throughourindustryconsultationwehavebeguntounderstandtheintegrationcoststhatcouldbereducedifthesectorasawholeweretoadoptacommonapproachtofederatedidentity;



10

6. valueoflocaldata.Byprovidingvalidatedandverifieddataintotheidentityproofingandverificationprocess,localauthoritiesandhousingassociationswouldbecomeactivepartnersinidentityproofingandverification,ratherthanpassiverecipientsofidentities.Thisdatawouldhavevalue,andcouldoffsetthecosttotherelyingpartiesofidentityproofingandverification.WehavealsoidentifiedhowthisdatacouldhelptheGOV.UKVerifyIDPsdeliverhighlyassuredidentitiestothin-filecustomerswhodonothaveany,orasufficientdigitalfootprintincommerciallyavailabledatasourcestomeetthegovernmentstandardforGOV.UKVerifyregistration

7. personaldatastores.Weexploretheadditionalbenefitsthatcanaccruefromincludingapersonaldatastore,suchastheEtiveDigitalLogBook,aspartofafederatedidentitysolution.

THENEEDFORANECOSYSTEMSAPPROACH

Assuredonlineidentityisaprerequisitefordeliveringhigherriskservicesonline,i.e.servicesthatdeliverbenefitsincashorkind,orthatsharesensitivepersonalinformationwithusers.

Fullydigitalend-to-endservicetransformationreliesonmorethanjustanassuredonlineidentity.For81localauthorityservicesproofofeligibilityisalsorequired.Establishingeligibilitywithoutrecoursetoexpensive,slowandinconvenientpaperprocessesrequiresanadditional,butlinked,ecosystem-theattributeexchangeecosystem.AttributeexchangeisdescribedinmoredetailintheseparateBusinessCasepaper9.

Thepotentialcostsavingsthatcouldbemadebyadoptingattributeexchangearebuiltintothebusinesscase,andtotheLocalVerifyBenefitsCalculator.ThebenefitofGOV.UKVerifywillbemagnifiedwhentheidentityecosystemispairedwithanattributeexchangeecosystem.AttributeexchangehelpsdeliveracompellingbusinesscaseforadoptingGOV.UKVerifyinthefirstplace10.


10TheroletobeplayedbyattributeexchangehasrecentlybeenemphasisedbytheChiefDigitalOfficeratMHCLG.Seehttp://www.ukauthority.com/data4good/entry/8228/mhclg-digital-chief-points-to-attribute-exchange-potential

11

BUSINESSCASERESULTS

TheheadlinefiguresgivenbelowaredescribedinmoredetailintheseparateBusinessCasedocument11.

Anexamplemetropolitancouncilwith275,000residents,deliveringthefullrangeoflocalgovernmentservicescouldsave£16.78moverafive-yearperiodbytransformingtheirserviceswithGOV.UKVerifyandattributeexchange.Thisfigureismadeupof:

A. £4.45midentityassurancesavingsB. £2.50meligibilitycheckingsavingsC. £9.83mservicedeliverysavings

Year-on-yearsavingsafterthe5-yearimplementationperiod,fortheexamplecouncil,couldamountto£4.435m.

Thegenericmetricsusedinthemodelthatgeneratethesesavingsfiguresyieldanestimatedcostpercaseforsocialhousingtransactionsis£10.87.However,researchwithonelocalauthorityshowedtheircoststobecloserto£350percase.Althoughweneedtovalidatethissocialhousingfigurebycomparisonwithotherlocalauthorities,itdoesindicatethatthebenefitsfiguresyieldedbytheLocalVerifyBenefitsCalculatorarelikelytobeconservativeratherthanoptimistic.

Weestimatethattheexamplemetropolitancouncilof275,000residentscouldalsoavoidfraudlossesof£4.7moverthe5-yearimplementationperiodbyadoptingGOV.UKVerify.

Acommonapproachtofederatedidentity,basedonGOV.UKVerify,couldsavebetween£412kand£1.24mperannuminLondonalonebyavoidingtheneedtore-registercitizenseverytimetheymove.ThisisbasedonpopulationchurnfiguresforLondon.In2016317,000peopleovertheageof18movedfromoneLondonboroughtoanother.Thebenefitstobederivedfromadoptingafederatedapproachtoidentityforthe“hardtoverify”wouldbeproportionallygreater,giventheadditionaleffortrequiredtoregisterthiscohortinthefirstplace.Similarbenefits,albeitsmallerinvolume,arelikelytoaccrueinanymetropolitanarea.

Accesstoafederatedidentityisofparticularvaluetovulnerablegroups,suchasthehomelessandvictimsofdomesticabuse,whoaremorelikelytoloseorbeseparatedfromtheiridentitydocumentsortohavethemstolen.Replacementdocumentscanbe


12

expensive,andthecostofreplacementoftenfallstothethirdsector.Examplereplacementcostsare:

A.Birthcertificate£9.50

B.EUpassports/IDcards£21.60to£104.60

C.ReplacementBiometricResidencePermit£56

D.ConfirmationofIndefiniteLeavetoRemain£237

Whilereplacementdocumentsarebeingsoughtthesevulnerableusersarealsounabletoaccesstheservicestheyneed.

Atop-5suppliertolocalauthoritiesestimatedthatalackofstandardsforidentityacrosslocalauthoritysystemscouldleadtosystemsintegrationcostsof£50mforlocalauthoritysuppliers,foridentitiesatLOA1.AdditionalcostwouldbeincurredforLOA2accounts.StandardisingonGOV.UKVerifywouldreducethiscost,andintegrationtime,byprovidingacommoninterfaceandapproach.

Localorganisationswhoareactivelyengagedinhelpingcustomersprovewhotheyareshouldbenefitfromreducedidentityproofingandverificationchargesinrecognitionofthevaluetheyareaddingtotheprocess.Wehavenotattemptedtoquantifythepotentialsavings,ortosuggestparticularcommercialmodelsinthisproject,butrecognisethisisoneofthekeytopicsthatwillhavetobeaddressed.

Apartfromactingasastoreofvaluableidentityevidence,apersonaldatastorecanstoreothercredentialsandevidencethattheusercanchoosetosharewithdifferentserviceproviders,astheneedarises.Citizenscansharetheirdatawithchosenorganisations,foralimitedperiodoftime,andforspecificpurposes.Thiscanbeparticularlyusefulforuserswhoarehighlymobile,orwhohavetodealwithmultipleagenciesinordertogetajobdone.Itcanbeinvaluableforvulnerablegroups,suchasthehomelessandvictimsofdomesticabuse,whoaremorelikelytoloseidentitydocuments,havethemstolen,orbeseparatedfromthem.TheseparateBusinessCasedocumentdiscussessomepotentialusecases.

Apersonaldatastorealsoallowsidentityproofingandverificationtobecomeaprocessovertime,ratherthanapointintimepass/failexercise.Asmoreidentity-relatedinformationiscollectedinapersonaldatastore,theopportunityfortheusertoreachahigherlevelofassurancethroughtheirIDPincreases.

ForIDPs,therearebenefitsinbeingabletosuccessfullyofferhighlyassuredidentityservicestoawiderrangeofcustomers,includingcurrentlythin-filecustomers.ResearchcarriedoutinTowerHamletsinrelationtotheirWorkPathservice(aservicethathelpslocalresidentsfindandstayinwork),indicatethat98%ofthatcohortwould

13

havesufficientlystrongevidencetoachieveanLOA2identityverification.89%ofthecohort(including19%fromoverseas)wouldhavestrongphoto-id,allowingforstrongIDverification.63%ofthecohortarelikelytohavesufficientactivityhistorytoachieveLOA2.TheDLBwouldprovidetheresttheopportunitytobuildupactivityhistoryovertime.OpeninguptheLAmarketingeneraltoGOV.UKVerifyhasthepotentialtosignificantlyextendthereachofGOV.UKVerifytomanymorecustomers,whichwouldprovideIDPswithasignificantmarketopportunity.

Theevidencewehaveassembleddemonstratesthatlocalauthoritiesandotherorganisationscouldderivesignificantbenefits,quantitativeandqualitative,byadoptingGOV.UKVerify.

WORKSTREAM3-INDUSTRYCONSULTATION

AspartoftheprojectweengagedwithITsupplierstotheLAsector.Thiswaspartlytomakesuppliersawareofthebenefitsofafederatedapproachtoidentity,toraiseawarenessofGOV.UKVerifyinparticular,andexplainthelinkbetweenfederatedidentityandattributeexchange.Combinedwiththis,wefeltitwasimportanttogettheirinputintothesolutionsbeingdeveloped,duetotheirroleasmajorsupplierstolocalauthorities.FromtheconsultationsweformulatedideasonhowGOV.UKVerifyshouldevolvetobetterservetheLAmarket.

CONSULTATIONAPPROACH

WepartneredwithtechUKtorunfourconsultationevents.Supplierstothelocalauthoritymarketwereinvitedtoattend.AlistoftheorganisationswhoattendedtheseconsultationsisshowninappendixC12.

Consultation1introducedthebenefitsofGOV.UKVerifyandgaveanoverviewoftheproject.Roundtablesessionsweresetuptocover:usinglocaldatainidentityproofingandverification;userinterfaceissues;thebusinesscaseforGOV.UKVerifyinlocalauthorities;thelocalauthoritymarketforGOV.UKVerify;andprivatesectorhubs.

Consultation2wentintomoredetailabouthowGOV.UKVerifyidentityproofingandverificationworksanddiscussedtheinformationgovernanceworkstream,andtechnicaldesign.

Consultation3dealtwithuserinterfaceanddesign.

Consultation4summarisedtheprojectfindings.

12Pleasenotethatattendancedoesnotnecessarilymeanendorsementofviewsexpressedinthepaper

14

Inputfromdelegateswasactivelysoughtinall4workshops,whichwasthenfollowedupwithone-to-onediscussionswithsomeofthesuppliers.

CONSULTATIONOUTCOMES

Theconsultationeventsprovidedusefulfeedbackonallaspectsoftheproject.SomeclearmessagesemergedfromtheengagementwithLAsandsuppliersonhowGOV.UKVerifyshouldevolve.

ThekeyfeaturesofthemodifiedGOV.UKVerifymodelweareproposingare:

1. anecosystemsapproach;2. fullfederationacrossalllevelsofassurance;3. usinglocaldataintheidentityproofingandverificationprocess;4. allowingrelyingpartiestoofferasingleIDPwhenregisteringnewusers;5. differentcommercialmodels.

ANECOSYSTEMSAPPROACH.

AnecosystemsapproachwouldcombineattributeexchangewithGOV.UKVerifyidentitiestoachievefullvaluefromdigitalidentity.Aconsistentmessagefromallthelocalauthoritiesandsupplierswehavespokentoisthatattributeexchangedeliverstherealbusinesscaseforadoptingfederatedidentity.Thereisgrowingrecognitioningovernmenttoothatattributeexchangeisessentialtofundamentallytransformthewayservicesaredeliveredonline13.Attributesneedtoflowbetweenthepublicandprivatesectors,notjustwithinthepublicsector,sotheadoptionofacommonstandardforidentityacrossthepublicandprivatesectorsisabsolutelynecessarytodeliverthelevelsoftrustrequiredfordatatofloweffectively,securely,andinlinewithcustomerpreferences.Astandards-basedapproachtoattributeexchangeisequallynecessary.

TheremaybeothertechnicalimplicationsforGOV.UKVerifyinadoptinganecosystemsapproach.Forexample,theabilitytomaintainsessionstate14foridentitysessionswouldallowattributeproviderstoconfirmthatacitizenhasloggedinattherequiredlevelofassurancetopermitthereleaseofattributes.

13Seehttp://www.ukauthority.com/data4good/entry/8228/mhclg-digital-chief-points-to-attribute-exchange-potentialandhttps://dwpdigital.blog.gov.uk/2017/09/19/helping-citizens-choose-how-their-data-can-work-for-them/

14Statefulmeansthecomputerorprogramkeepstrackofthestateofaninteractionovertime.

15

FULLFEDERATIONATALLLEVELSOFASSURANCE

Manylocalauthoritiescurrentlyoffertheircitizens“MyAccount”facilitiesatlowlevelsofassurancethatallowcustomerstologin,pre-populateonlineforms,saveforms,trackcallprogressandsoon.Thesetypesofaccountsareperfectlyadequateforlow-risktransactionswherethecustomer’sidentitydoesnotneedtobeconfirmed.SimpleloginaccountsarenotcurrentlyofferedbyGOV.UKVerify.Thisleaveslocalauthoritieswithanumberofchoices:

1. toruntheirownsimplelogin“MyAccount”inparallelwithGOV.UKVerify.Thisisnotagooduseofresourcesandcreatesanissueforcustomerswholaterwantandneedtoelevatethelevelofassuranceassociatedwiththeironlineidentity;

2. toforcecustomerstoregisterforaGOV.UKVerifyaccountatLOA1whenitisnotstrictlynecessary.Thisintroducesunnecessaryfriction,andpotentiallycost,intotheonlineprocess;

3. forLAstodeveloptheirownsolutionstoLOA1andLOA2accounts,whichiscomplex,expensive,anddefeatsthebenefitsofaplatformapproachacrossthepublicsector.LocallydevelopedLOA1andLOA2accountsarealsoveryunlikelytodeliverthelevelsoftrustrequiredtosupporttheattributeexchangeecosystem.

LocalauthoritiesneedtohavethechoicetofullyoutsourcetheircitizenidentitysolutiontoGOV.UKVerifyIDPs,andforthosesolutionstocoverthefullrangeoflevelsofassurance.Citizenscanbegiventheoptiontoelevatethelevelofassuranceassociatedwiththeironlineidentityastheneedarises.Aswehaveshownininitialuserinterfacedesigns(seeappendixB),thereisalsotheoptiontoengineeracustomerjourneysothatthecustomercangetonwiththejobinhandwithminimumfrictionbycreatingasimplelogin,andthenincreasetheassuranceassociatedwiththeironlineidentityatthepointintheprocesswhenitisrequired.

USINGLOCALDATAINTHEIDENTITYPROOFINGANDVERIFICATIONPROCESS

Additionaldatasourcescanbe,andhavebeen,broughtonstreaminthepasttohelptheGOV.UKVerifyIDPsimprovetheiridentityproofingandverificationprocesses.Thisprojecthasdemonstratedtheenormouspotentialofallowinglocalauthoritydatatobeaddedtothelistofavailabledatasources.Theface-to-faceprocessesalreadyinplaceinlocalauthorities,andthecross-checkstheycarryouttoensureapplicantsareentitledtokeyservices,makethisdataparticularlyvaluableinenablingpeople,whoarecurrentlyhardtoverify,togetanidentityaccountwithaGOV.UKVerifyIDP.Webelievethattheoutcomesfromthisprojectdemonstratethatlocalauthoritydata,properlyaccredited,shouldbecomepartoftheGOV.UKVerifyidentityproofingandverificationprocessescarriedoutbyIDPs.

16

Ofcourse,thereisdatainotherpartsofgovernment,andintheprivatesector,thatcouldbeequallyvaluableinimprovingthesuccessrateofGOV.UKVerifyregistrations.DWPandHMRCdata,forexample,couldalsohelpthecurrentlyhardtoverifyachieveaGOV.UKVerifyaccount.Wewouldstronglyrecommendresearchintothefeasibilityofbringingadditionaldataintotheidentityproofingandverificationprocess.

CONTRACTINGWITHASINGLEIDP

AllowingrelyingpartiestoofferasingleIDPwhenregisteringnewusersforaGOV.UKVerifyIDwouldremovesignificantcomplexityfromtheuserjourney.HavingtochooseanIDPfromthe5onofferisoneofthemoredifficultaspectsoftheGOV.UKVerifyuserjourney.OfferingasingleIDPhasavaluableroletoplayinreducingfrictionintheregistrationprocess.

OfferingasingleIDPwouldalsogiverelyingpartiestheopportunitytonegotiatefavourablecommercialtermswiththeirchosenIDP.Thesecommercialtermscouldincluderecompensetotherelyingpartyforprovidingdataintotheidentityproofingandverificationprocess.Userchoicecanstillprevailinthisenvironment,ascustomerscouldreuseVerifyIDsalreadyregisteredwithanotherIDPinthecontextoftransactionswithotherrelyingparties.Indeed,theopportunitiestodosowillonlyincreaseasGOV.UKVerifyisrolledoutacrosstheprivatesector.

DIFFERENTCOMMERCIALMODELS

GOV.UKVerifyoffersasinglecommercialmodelforrelyingparties.RelyingpartiesarechargedafixedfeewhentheyinitiallyregisteroneoftheircustomersforaGOV.UKVerifyaccount,orwhenacustomerwithapre-existingGOV.UKVerifyaccountfirstusesthatIDtotransactwiththerelyingparty.ThismodelallowstheCabinetOfficetorecouptheIDPchargeovertimewithoutloadingthefullcostonthefirstrelyingpartytoregisteracustomerforaGOV.UKVerifyidentity.

Thedevelopmentofubiquitousdigitalidentitythatmeetsagreedstandardsandcanbeusedacrosspublicandprivatesector,willleadtoarangeofcommercialmodels.Forexample,amuchlower“per-authentication”chargemightbeofferedinplaceoftheexisting,relativelyhigh“per-registration/firstuse”charge.ConsortiaofhubprovidersandIDPscouldchoosetocommoditiseidentityonthebasisthatrealvalueliesinadditionalattributes,deliveredthroughtheattributeexchangeecosystem.Itismucheasierforarelyingpartytocalculatereturnoninvestmentforattributeprovisionthanitisforidentityonitsown.

17

Itisimportantthatthiscommercialdiversityisallowedtodevelop,asdifferentmarketsectorsarelikelytobenefitfromdifferentcommercialmodels,andcompetitionwilldrivedownprices.Itisequallyimportantthatlocalauthoritiesareabletochoosefromtheseprivatesectormodelsshouldtheywishto.

Enablingthisevolutionwouldstimulatethemarketforfederatedidentityandachievethevolumesnecessarytoallowthemarkettothrive.TherearewidereconomicbenefitstobederivedfromallowingGOV.UKVerifytoachieveitsfullpotential.Wehavemodelledtheseforlocalgovernmentinthelogicchainbelow,butthesameprinciplesapplytothecentralgovernmentandtheprivatesector.

Diagram6.Logicchainofeconomicbenefits

CONCLUSIONSANDRECOMMENDATIONS

ThisprojecthasdemonstratedthatlocalauthoritiescollectandmanagedatathatwouldhavehighvalueintheGOV.UKVerifyidentityproofingandverificationprocess,particularlyforthin-filecustomerswhowouldnototherwisepasstheGOV.UKVerifyregistrationprocess.

18

ThebusinesscasedemonstratesthatlocalauthoritiescouldderivesubstantialvaluefromimplementingGOV.UKVerifyandanassociatedattributeexchangeecosystem,andthatIDPswouldalsobenefitfromusingdatacollectedbyLAs,andopeninguptheLAmarketforidentityservices.

WehavemodelledaworkabletechnicalsolutiontomakinglocaldataavailabletoGOV.UKVerifyidentityproviders,andstartedtheprocessofdesigningauserinterfacethatcouldsuccessfullyweavetogetherlocalauthoritytransactionswithastreamlinedGOV.UKVerifyregistrationprocess.

Wehavedeveloped,validatedandcommunicatedourfindingsthroughaseriesofindustryconsultationevents.

Projectrecommendationsarethat:

A. aBetaprojectisconductedtotestanddeveloptheoutputsfromtheAlphaprojectwithawiderrangeoflocalauthoritiesandlocalauthoritycustomers;

B. theBetaprojectisusedto:○ implementalivetechnicalinfrastructurebasedonthemodeldeveloped

inAlpha;

○ demonstrate,inpractice,theuseoflocalauthoritydatatohelpthehardtoverifyregisterforaGOV.UKVerifyaccounttoLOAn,withtheuser’sconsent;

○ demonstratetrustelevationovertime,fromsimpleloginstoLOA2,usingdatacollectedintheDLB;

○ demonstratetheviabilityofself-certificationoflocaldatasources;

○ carryoutuserexperienceresearchtovalidateanddeveloptheuserinterfaceoutputsfromtheAlphaproject;

○ testtheenhancedfunctionalityforGOV.UKVerifyrecommendedinthisdocument;

○ workwithDWPtodemonstratehowactivelocalauthorityinvolvementinidentityproofingandverificationwoulddeliverbenefitsintheUniversalCreditapplicationprocess.

19

APPENDIXA-PROJECTPARTICIPANTS

Digidentity GOV.UKVerifyIdentityProviderInvolvedintechnicaldesignandtechnicalintegration

Etive ProjectsponsorandsupplieroftheDigitalLogBook(DLB).Involvedintechnicaldesign,technicalintegration,userinterfacedesign,andindustryconsultation.

PeteGale,IDResearch AdviceonlessonslearntfromGOV.UKVerify

GBGroup GOV.UKVerifyIdentityProvider.Involvedintechnicaldesign,informationgovernance,anduserinterfacedesign

GovernmentDigitalService Projectassurance

GreaterLondonAuthority Involvedinbusinesscasedevelopment

IanImesonConsultingLtd Involvedintechnicaldesign,technicalintegration,informationgovernance,userinterfacedesignandindustryconsultation

IanLitton,PositiveAttributesLtd Projectcoordinator.Involvedintechnicaldesign,technicalintegration,informationgovernance,userinterfacedesign,industryconsultationandauthoringprojectblogsandpapers.

LondonBoroughofHackney Relyingparty.Involvedininformation

20

governanceandbusinesscasedevelopment

LondonBoroughofTowerHamlets Relyingparty.Involvedininformationgovernanceandbusinesscasedevelopment

Mvine Hubprovider.Involvedintechnicaldesign,technicalintegration,anduserinterfacedesign.

PostOffice GOV.UKVerifyIdentityProvider.Involvedintechnicaldesign,technicalintegration,informationgovernance,anduserinterfacedesign

techUK Involvedinorganising,coordinating,andhostingindustryconsultationevents.

APPENDIXB-INITIALUSERINTERFACEDESIGNS

Aspartoftheprojectwehavedevelopedanexamplesetofscreenstoillustratehowtheuserjourneyforthin-filecustomerscouldbesimplified.Keyfeaturesofthecustomerjourneyare:

1. upfrontcommunicationwithusersaboutthejourneytheyareembarkingon,andhowGOV.UKVerifywillfigureinthatjourney.SometestingofthisapproachhasalreadybeendoneinthecontextoftheWarwickshireCountyCouncilBlueBadgeprivatebetaproject15.ItisalsoacommonservicepatternfortheEtiveDigitalLogBook,withuserstypicallyhavingafacetofaceinterviewaspartofthesocialhousingprocess,duringwhichtheDigitalLogBookisintroduced;

15Formoreinformationonthisprivatebetaprojectseehttps://dwpdigital.blog.gov.uk/2017/09/19/helping-citizens-choose-how-their-data-can-work-for-them/

21

2. useofasingleIDPratherthanofferingtheuserachoiceofIDPs.ThisreducestheconceptualcomplexityofVerifyforitsusers.Userchoicecanstillprevailinthisenvironment.Ausercoulduseapre-existingdigitalIDfromadifferentcertifiedIDPwiththerelyingparty,andtheycouldstillregisterwithmorethanonecertifiedIDPindifferentcontextsandusedifferentaccountswithdifferentrelyingparties.WebelievethiswouldmaintainthePrivacyandConsumerAdvisoryGroup(PCAG)requirementformultiplicity16;

3. creationofasimpleloginaccountwiththeIDP.OuruserjourneystartswiththecreationofasimpleloginaccountbytheIDP.Theuserisabletocreateasecureaccount,protectedbytwo-factorauthentication,withtheminimumamountoffriction,sotheycangetonwiththejobinhand;

4. useoflocallysourceddata.Oncetheuserhascompletedthejobinhand,thetransactioninformationthathasbeenenteredandvalidatedbythelocalauthoritycanbepassedtotheIDP,withtheuser’sconsent,toelevatethelevelofassuranceassociatedwiththeiraccount.

EXAMPLESCREENS

Thejourneywouldstartwithanexplanatoryemail(notshownhere),explainingtheroleoftheDigitalLogBookinthesocialhousingapplication,andtheuseofGOV.UKVerifyforidentityproofingandverification.TheemailwouldcontainalinktosetupaDigitalLogBook(orlogin,iftheuseralreadyhasone).Thiswouldlinktothescreenbelow.

16Seehttps://www.gov.uk/government/publications/govuk-verify-identity-assurance-principles/identity-assurance-principles

22

Wewillfollowtheroutetakenbyauserwhoissettingupanewdigitallogbook.

Thefirststepisfortheusertosetupasimplelogin.Thiscanbedonewithminimumfriction,allowingtheusertogetonwiththejobofcompletingtheirsocialhousingapplication.Thepre-registrationapproachmodelledheredoesnotgivetheuserachoiceofIDP,butdirectsthemstraighttotherelyingparty’schosenIDP,thePostOfficeinthiscase.Thisisdesignedtofurtherreducefriction,andremovesomeofthecognitivedissonanceassociatedwiththeconceptoffederatedidentity.

Userexperienceresearchwillbeneededtotesthowwellthisapproachworks,andtoidentifyhowtohandlebrandingaroundGOV.UKVerifyandtheIDP.

24

Twofactorauthenticationreducesthepossibilityofanotheruserhijackingasimplelogin,animportantconsiderationgiventhattheuserwillbegiventheoptiontoelevatethelevelofassuranceassociatewiththeirIDatalaterdate.

26

Theusercannowloginwiththeirnewsimplelogin.Theywillreceivethesecondfactorchallengeintheprocess(notshown).

28

Theuserisshownatypicaldialogueforwhenafederatedidentityisbeingusedtoaccessaparticularapplication(theDigitalLogBookinthiscase).

29

Aspartoftheset-upprocessoftheDigitalLogBook,theuserisaskedtosignuptotheconditionsofuseandtheprivacypolicy.

30

Theusercannowstarttheirsocialhousingapplication.Intheprocesstheywillself-assertalotofinformation,anduploadaseriesofdocuments,thatwilllaterbeusedtohelpthemelevatethelevelofassuranceassociatedwiththeirPostOfficeGOV.UKVerifyaccount.Alloftheinformationonthefollowingscreensisrequiredtoassessiftheapplicantiseligibletobeaddedtothesocialhousingregister.

32

DocumentscanbeuploadedandstoredintheDLB.

34

Theuserisgivenasummaryofthedocumentsuploaded,andisabletosharethesewiththecouncilforasetperiodoftime.Theycanchoosenottodothis,andtosharetheoriginaldocuments,butcurrentusageoftheDigitalLogBookindicatesthatmostuserswillshareelectronicallyasitismoreconvenientandspeedsuptheapplicationprocess.

Iftheapplicantmeetstheeligibilityrequirements,thecouncilswehaveworkedwithrequirethemtoattendafacetofaceinterviewsothatoriginaldocumentscanbe

35

checked,andaphotographoftheapplicantcanbetakenandaddedtothecasefile.Thisisimportanttoensurethatthepersonwholatercomestoviewapropertyisthesamepersonwhooriginallyapplied.

ThecaseworkerwouldlogontotheDigitalLogBook,viewtherecordsalreadysharedbytheDLBuser,andconfirmthattheyhavecheckedtheoriginaldocuments.Theywouldalsorecordif,forexample,theyhadusedapprovedscanningsolutionstocheckforfraudulentdocuments.ThiswouldincreasethevalueofthedatatotheIDPs.FacetofacecheckscouldpotentiallysupportLOA3identities.

Thecouncilcouldrequestanextensiontothesharingaccessdateifrequired.

WhentheusernextlogsontotheirDLBtheywillbeofferedtheopportunitytoincreasethestrengthoftheirGOV.UKVerifyaccount.Thedialoguebelowshowstheuserthattheiraccountiscurrentlylowstrength(i.e.asimplelogin).Theincentiveforincreasingthestrengthoftheiraccountisaccesstoawiderrangeofonlineservices.

36

TheuserisredirectedtothePostOffice.InthebackgroundthePostOfficewillreceiveaSAMLmessagecontainingtherelevantdatafromtheDLB,plusassociatedmetadata.ThiscanbecombinedwiththeIDP’snormalsourcesofdatainanattempttobringtheuser’saccountuptoLOA1orLOA2.

OneoptionisfortheIDPtoredisplaythedatasourcesthatarebeingsharedfromtheDLBandtogivetheuserthechoiceatthatpointofdecidingiftheywanttosharetherelevantdocumentswiththeIDP

37

TheIDPwouldconfirmthesuccessofthetrustelevationbeforehandingbacktotheDLB:

38

APPENDIXC-DRAFTTECHNICALDESIGN

HIGHLEVELARCHITECTURE

Theoverallarchitectureisrepresentedinthefollowingdiagram:

Diagram1.Highlevelarchitecture

TheDigitalLogBooksitsinfrontofacouncil’sbackofficesystemsandpresentsasingleintegrationpointtotheGOV.UKVerifyhub.Thelinksbetweentheback-officesystemsandtheDigitalLogBookcanbeimplementedinanumberofdifferentways,dependingonthecouncil’spreferencesandthecapabilitiesoftheirback-officesystems.

39

AmetadataschemawoulddescribethelocaldatainawaythatwouldallowtheIDPstoquantifyitsvalueintheidentityproofingandverificationprocess.Theexampleschemabelowincludesdataitemsrelatingtosocialhousingtransactions,buttheschemacouldbeextendedtocoverdifferenttransactionsandothersourcesofdata.

Diagram2.Metadatascheme

Themetadataitemsaredescribedinmoredetailinthefollowingtable.

Dataitem Thedatabeingpresented

Datacategory(ID,ActivityHistory,KnowledgeBasedVerification)

DescribesthetypeofdatarepresentedandwhichIdentityVerificationcategoryitsitswithin.

Datedatarecorded Thedatewhenthedataitemwasfirstrecorded

Currency(lastupdated) Thedatewhenthedataitemwaslastupdated

40

Self-assertedorverified? Hasthedatabeenverifiedbyacouncilofficer

Methodofverification E.gscanningtechnologyused,manualcheck.Weneedtodevelopapicklistforthisitem.

MandatoryorOptional Willthisdataitemalwaysbepresent,oronlysometimes?

ActivityHistorydefinition Istheactivityhistoryinquestionofhigh,mediumorlowvalue.Thiswillbebasedonanagreedcategorisation.Forexample,ahistoryofautomatedpaymentswouldbeoflowvalue.

User'slevelofassurancewhendatawasrecorded(LoAx)

Thiswillindicateifthedata(particularlyifself-asserted)wasboundtoamoreorlesshighlyassuredidentity

Cross-checkedagainst... Hasthisdataitembeencrossedcheckedinanyway?E.g.hastheamountonanawardnoticefromtheDWPbeencross-checkedagainstpaymentsintotheindividual’sbankaccount?

Table3.Descriptionofmetadataitems.

TheexistingGOV.UKVerifySAMLprofilewouldbeextendedtopresenttheDLBdatatotheIDPsviaahub.ThefollowingschematicmapstheSAMLcallsinthecustomerjourney:

41

Diagram3.SchematicofSAMLcalls

Intheproposedmodelitispossibleforauser,overtime,toelevatethelevelofassurance(LOA)associatedwiththeirGOV.UKVerifyaccountastheyassemblemoreidentity-relateddataintheirDLB.Theycouldprogressfromasimplelogin,toLOA1andthenLOA2.

42

APPENDIXD-ORGANISATIONSATTENDINGCONSULTATIONEVENTS17

ACAMS GoodPeople PersonCentredSoftware

Agilisys GOSS PostOffice

IanImesonConsultingLtd LondonBoroughofHackneyCouncil

RoyalBoroughofKensington&Chelsea

Barclays HousingAssociationsCharitableTrust

RoryMacDonald

Barking&Dagenham Idemia Sitekit

Capita IEG4 LondonBoroughofSuttonCouncil

Civica iStandUK TataConsultancyServices

ConsultHyperion Jadu ThePireanGroupofCompanies

DWP LondonBoroughofKingston

TISA

Etive LondonBoroughofWalthamForest

LondonBoroughofTowerHamlets

Evernym LocalGovernmentAssociation

Yoti

GBG MvineLimited zInet

GDS NHSDigital

GreaterLondonAuthority NorthgatePublicServices

17Pleasenotethatattendancedoesnotnecessarilymeanendorsementofviewsexpressedinthepaper

43

APPENDIXE-GLOSSARYOFTERMS

Attribute Acharacteristicofapersonorathing

AttributeExchange Amechanismthatallowsarelyingpartytorequestinformationaboutadatasubjectfromanattributeprovider,online,andinreal-time,withthedatasubject’sexplicitpermission.Theattributeexchangeecosystemisgovernedbyatrustframeworkthatcoverstechnical,legalandcommercialaspectsoftheecosystem.Typicallybuiltusingopenstandardsprotocolsandspecifications,suchasoAuth2andUserManagedAccess(UMA).

AttributeProvider Anorganisationthatcanprovideattributesaboutapersonorathingthroughtheattributeexchangeecosystem

FederatedIdentity Acommonsetofpolicies,practicesandprotocolstomanageidentityandtrustacrossorganisations.

GeneralDataProtectionRegulation(GDPR) AEuropeanregulationondataprotectionandprivacythatreplacedthe1995DataProtectionDirective(andtheUKDataProtectionAct1998)onMay25th2018.

LevelofAssurance Theleveloftrustthatcanbeputinadigitalidentity,basedonthelevelofconfidencethatthepersoninpossessionofthedigitalidentityiswhotheysaytheyare.TheUKgovernmenthasdefinedthelevelsofassurance,andmappedthemto

44

internationalstandards,intheirGoodPracticeGuide4518

PersonalDataStore(PDS) Asecuredatarepositorythatisownedandmanagedbyanindividualuser,evenifitisinitiallyissuedtotheindividualbyanorganisation.ThePDSprovidestheuserwithtoolstocontrolwhotheysharetheirdatawith,inwhatcircumstances,andforwhatpurposes.

RelyingParty Aserviceprovider,organisation,orsystemthatconsumesandreliesonthedigitalidentitiesprovidedbyanidentityprovider

Simplelogin Anunverifieduseraccount,setuptoallowtheusertoauthenticate,butwithoutprovidinganyproofofidentity.

18https://www.gov.uk/government/publications/identity-proofing-and-verification-of-an-individual