https://identityassurance.blog.gov.uk/2015/12/21/gov-uk-verify-technical-delivery-update-21-december-2015/

GOV.UK Verify: Technical delivery update, 21 December 2015

This blog post is for anyone interested in the technical development of GOV.UK Verify.

In our first technical delivery update we explained that there are 3 parts to GOV.UK Verify and the delivery team is responsible for building and maintaining 2 of them: the GOV.UK Verify hub and Document Checking Service.

Currently the delivery team -  made up of developers, engineers, analysts, product managers, delivery managers and architects - is working on 3 technical delivery priorities: increasing adoption of GOV.UK Verify; improving and maintaining GOV.UK Verify; and reducing our technical debt.

Here’s what we’ve been working on since the last update, and what we plan to do next.

Increasing adoption of GOV.UK Verify

We want departments across government to adopt GOV.UK Verify increasingly as it progresses from beta to live because it’s secure, straightforward and meets the needs of their users. To improve GOV.UK Verify and make it better for end users, we’ve:

  • stopped asking users if they can access their financial records. A recent A/B test showed that users were more likely to verify if they are not asked this question. Since making the change the authentication completion rate has increased by 6% (2% as a direct result of removing the question)
  • began a new A/B test looking at whether or not we need ask users if they are over 19 and have moved to the UK within the past 12 months. These questions are used to gauge if users are likely to have a credit file that could be used as part of verification but we’re testing the hypothesis that the benefits of having the page are outweighed by the number of people dropping out whose identities could actually have been verified

Improving and maintaining GOV.UK Verify

We want to improve the way we run the GOV.UK Verify federation and ensure we’re ready to run a live service come April 2016. To keep GOV.UK Verify available and secure, and to meet the most pressing needs of end users, we’ve:

  • improved the resiliency of our auditing datastores in the Document Checking Service
  • deployed Sentry, a tool to help us better track application errors, across more environments
  • completed our transition to using a SAML metadata file to retrieve public certificates. This has reduced complexity in our code and standardises the usage of SAML metadata in our application
  • began upgrading to OpenNTP to resolve syncing issues with our previous NTP servers. NTP (network time protocol) ensures the clocks on our servers, and the rest of the federation, are set to the same time. We need to know that requests from departments have been recently generated. Without NTP we would not be able to know this.

Reducing our technical debt

To reduce accumulated technical debt and allow us to continue to deliver at pace, we’ve:

  • made a start on work to separate out our application and infrastructure deployments. This will remove dependencies in our codebase and allow us to deploy new code faster

Things we plan to do next

Over the Christmas period we have a change freeze and are not deploying any new code. Our next release of new code will be in January.

Over the next 2 weeks we plan to:

  • prepare our next A/B test of the introduction pages on the hub, to see whether we can simplify the user journey further whilst still giving people the information they need
  • prepare changes needed to accommodate the new certified companies that are connecting to GOV.UK Verify in the New Year

4 comments

  1. Comment by MarkK posted on

    This explains why the sign-on url includes
    &selected-evidence=credit_card&selected-evidence=driving_license (sic) even when the credit card has not been mentioned. It is remarkable that the privacy officer and group were prepared to agree a change of policy: faced with what was being done a proportion declined to continue, so don't tell them. That seems to be an agile leap from transparent (can see what's happening) to transparent (can't see insides).
    More seriously, the new EU data protection regulation spells out that public bodies may not use consent as the legal basis for processing personal data. Can we get an update on that?

    • Replies to MarkK>

      Comment by Janet Hughes posted on

      Hi Mark,

      Thanks for commenting.

      The url shows the way the logic in the hub is working to direct the user to a certified company that’s likely to work for them.

      We’ve removed the question about whether the user has credit card statements available from the user journey because we found in lab research with users, and from usage statistics from the live service, that it wasn’t helping users find a company likely to work for them. This is part of our ongoing work to iterate the service and find ways to help users through the process efficiently in a way that works for them.

      The url still contains that snippet because although we have removed the screen, the logic in the hub means that we still need to record a response as though that question were still in the hub (until we remove that element of the logic completely, and we won’t do that until we’re sure we won’t want to use that part of the logic in the user journey in future).

      As I said in my reply to a different comment, we’ve been keeping a close watch on the new EU data protection regulation and we’re confident that our approach will remain compliant with the regulation. Until the final text of the law is released we’re not able to comment in detail, but we will do so once we’ve been able to see and review the text.

      Thanks again,

      Janet

  2. Comment by Kane Simms posted on

    How far away is this from going progressing from beta to live? And how can those in local government take advantage of it?

    Cheers
    Kane