Digital Identity Scotland – Prototype draws to a close
Mike Crockart, Delivery Lead for the Digital Identity Scotland Programme, provides an update as the work on a prototype draws to a close…
“The pandemic and our country’s response has rightly dominated all of our lives in recent weeks. For many of us it has meant a change to where we are working; how we are working; what we are working on; and for some whether we are working at all. For Digital Identity, however, it has brought into sharp focus the potential benefits of an improved method for digitally proving identity or entitlements in a new world. Particularly where accessing services online may not only be the easiest but also the safest way to do so.
As a result, we have continued our work – albeit remotely – and it has been an exciting time for the programme, building and testing an attribute-led approach to support simple, safe and secure access to public services. In partnership with Mydex CIC and DHI (Digital Health and Social Care Institute), we have successfully developed a fully working prototype, including linking a separate credential provider (Okta UK Ltd) as an example authentication service. This has proven the technical feasibility and provided ample opportunity for testing the usability of the proposed service. With Young Scot and Independent Living Fund as example Relying Parties, we developed associated user journeys and iterated based on user feedback.
The goal is to simplify access to services and reduce tedious processes for users, for example, repeatedly providing personal information that has been verified as accurate elsewhere, such as age or disability, whilst maintaining high levels of privacy and security. A key aim of the prototype was to test concepts with users. We wanted to know how they interpreted a Scottish Government branded authentication credential (registration/login) and if they understood that it is reusable across the whole of the Scottish public sector. We also introduced the concept of creating a citizen-controlled attribute store into which they could add verified information, and could then choose to share selected trusted facts about themselves with other organisations to speed up application processes.
Our findings were that users broadly understood that the credential was reusable across services; users were familiar with 2-factor authentication via SMS and authenticator apps, though many regarded this as an inconvenience despite awareness of the benefits to security; and there was generally support for creating and using an attribute store.
However, it became clear early on that we need to do more to explain the difference between facts asserted by users about themselves and facts verified as being true by a trusted third party. We will also work with users to understand how best to outline the benefits this will give them and service providers in speeding up their access while reducing the risk of their privacy or security being breached.
The prototype has added a great deal of knowledge to the wider Digital Identity Programme around technical feasibility, usability and user perceptions. Our plan now is to conduct more user research with the prototype (which we will have access to for 12 months), testing and iterating associated wireframes. This will help us understand how best to convey the attributes model to users so they have full trust and confidence in using the service, particularly as to how it gives them full control of their data. We will be looking to test with a broader demographic to understand whether this impacts findings. There is also more work to do to ensure the service is fully inclusive and promote how the service removes barriers to access for all.
I touched on the COVID-19 outbreak above. As a result of it, user testing moved from being conducted face to face to remotely, and impacted the number of users we were able to test with, particularly ILF users, so we look forward to continuing this testing over the coming weeks and months. We have recorded demonstrations of each prototype iteration to seek insight from stakeholders and inform development work with relying parties.
I look forward to now moving into the next phase of the programme where we take all we’ve learnt into a plan for developing a Beta/Live service. We will be further engaging with providers of public services across Scotland that might be both relying parties and attribute providers, as we look to build a simple, safe and secure digital identity service that removes friction, effort, risk and cost to both individuals and public organisations – a lasting mantra from David Alexander at Mydex CIC.”
Hilary Kidd, Smart Services Director at Young Scot, adds:
“At Young Scot, we are thrilled to have ensured that young people have played a key role in user-testing and informing the development of the prototype as part of a potential attribute-led approach. We are looking forward to working closely with Digital Identity Scotland and partners in the next phase.”
We will publish final reports and other documentation about the prototype in the coming weeks and will be scheduling a virtual National Stakeholder Group meeting to seek views. We also plan to hold an Industry Engagement Day in early summer. This would be for potential suppliers of all components of a future Beta/Live service e.g credential providers, brokers, attribute providers and identity providers.
We will publish more details and invitations here in due course.
Get in touch!
As always, please feel free to get in touch at firstname.lastname@example.org if you have any feedback or questions.