https://identityassurance.blog.gov.uk/2016/01/12/gov-uk-verify-technical-delivery-update-12-january-2016/

GOV.UK Verify: Technical delivery update, 12 January 2016

This blog post is for anyone interested in the technical development of GOV.UK Verify. It tells you what we’ve been working on since the last update towards the end of December, and what we plan to do next. 

In our first technical delivery update we explained that there are 3 parts to GOV.UK Verify and the delivery team is responsible for building and maintaining 2 of them: the GOV.UK Verify hub and Document Checking Service.

The delivery team is made up of developers, engineers, analysts, product managers, delivery managers, designers, researchers, content designers and architects. Currently, the team’s working on 3 technical delivery priorities: increasing adoption of GOV.UK Verify; improving and maintaining GOV.UK Verify; and reducing our technical debt.

Increasing adoption of GOV.UK Verify

We want departments across government to adopt GOV.UK Verify increasingly as it progresses from beta to live because it’s secure, straightforward and meets the needs of their users. To improve GOV.UK Verify and make it better for end users, since our last update we’ve:

  • reintroduced an A/B test looking at whether or not we need ask users if they are over 19 and have moved to the UK within the past 12 months. We had paused the test over the festive period. We hope to have conclusive results this week.
  • updated our A/B testing framework to allow us to test more than 2 variants at a time.
  • prepared our next A/B test with changes to the introductory content on the hub. We’re testing a new way of describing GOV.UK Verify based on our research in the lab, to help make it clear to users what GOV.UK Verify is for. The new text introduces the idea that GOV.UK Verify ‘is a new scheme to fight the growing problem of online identity theft’.
  • continued to make changes to prepare for the new certified companies joining GOV.UK Verify soon.

Improving and maintaining GOV.UK Verify

We want to continue to improve the way we run the GOV.UK Verify federation and ensure we’re ready to run a live service come April 2016. To continue to keep GOV.UK Verify available and secure we’ve:

  • rotated our apt package repository GPG (GNU Privacy Guard) key. These keys are used to ensure that we only deploy software that we can trust to our servers.
  • started work to distinguish more quickly and easily between new and repeat ‘billable events’. Certified companies are paid each time they verify a user. For each year after that the account is used, they are paid again. This work will allow us to reconcile invoices from certified companies faster.
  • began work on the Matching Service Adapter (MSA) to add support for multiple encryption keys. The MSA is a tool which simplifies the integration of digital services with GOV.UK Verify. The changes allow government departments to rotate their encryption keys without interruptions to users. A new version of the MSA with these changes will be released shortly.

Reducing our technical debt

There are things we need to do to the GOV.UK Verify codebase to tidy up accumulated impact of having made a lot of different changes over time (this is often referred to as ‘technical debt’). To reduce accumulated technical debt and allow us to continue to deliver at pace, we’ve:

  • removed a dependency on our external public key infrastructure for unit and integration tests. This means we can add new functionality faster in the future.
  • began work to remove a shared SAML library dependency between our applications. This will also allow us to add new functionality faster.

Things we plan to do next

In the coming 2 to 3 weeks we expect to continue to:

  • perform A/B tests to optimise the hub for users
  • prepare changes needed to accommodate the new certified companies that are connecting to GOV.UK Verify
  • work on reducing our technical debt
  • maintain and improve the service

Subscribe to the blog and keep up to date with GOV.UK Verify's latest technical developments and follow @KitCarrau on Twitter.