This blog post is for anyone interested in the technical development of GOV.UK Verify.
In our first technical delivery update we explained that there are 3 parts to GOV.UK Verify and the delivery team is responsible for building and maintaining 2 of them: the GOV.UK Verify hub and Document Checking Service.
The delivery team is made up of developers, engineers, analysts, product managers, delivery managers, designers, researchers, content designers and architects. Currently, we’re working on 3 technical delivery priorities: increasing adoption of GOV.UK Verify; improving and maintaining GOV.UK Verify; and reducing our technical debt.
Here’s what we’ve been working on since the last update, and what we plan to do next.
Increasing adoption of GOV.UK Verify
We want departments across government to adopt GOV.UK Verify increasingly as it progresses from beta to live because it’s secure, straightforward and meets the needs of their users. To improve GOV.UK Verify and make it better for end users, since our last update we’ve:
- completed an A/B test which looked at a new way of describing GOV.UK Verify based on our research in the lab. The new content introduces the idea that GOV.UK Verify ‘is a new scheme to fight the growing problem of online identity theft’. The change has had a positive impact on the authentication success rate and will now be rolled out for all users.
- made it clearer for users with a non-UK passport that they will also need a UK photocard driving licence to use GOV.UK Verify by changing the messaging on the hub.
- prepared our next A/B test which will remove the ‘Finding the right company for you’ page. Users see this page before the filtering questions on the hub. It’s there to better prepare users for these questions but we want to check that it is still necessary.
- started work to hide certified companies unlikely to verify you behind a button on the ‘Choose a company’ page. This is intended to discourage users from choosing a company that they recognise but that cannot verify them.
- continued to make changes to prepare for the new certified companies joining GOV.UK Verify soon.
Improving and maintaining GOV.UK Verify
We want to continue to improve the way we run the GOV.UK Verify federation and ensure we’re ready to run a live service come April 2016. To continue to keep GOV.UK Verify available and secure we’ve:
- released a new version of the Matching Service Adaptor (MSA) with support for multiple private encryption keys. The MSA is a tool which simplifies the integration of digital services with GOV.UK Verify. The update minimises the impact to users when services rotate their encryption keys.
- removed Java 7 from our service following our upgrade to Java 8 towards the end of last year.
Reducing our technical debt
There are things we need to do to the GOV.UK Verify codebase to tidy up accumulated impact of having made a lot of different changes over time (this is often referred to as ‘technical debt’). To reduce accumulated technical debt and allow us to continue to deliver at pace, we’ve:
- continued work to split the deployments of our software and infrastructure. This will allow us to deploy new changes to our code faster and with less complexity.
- began work to break apart a large shared library of code used for our SAML (Security Assertion Markup Language) messages. This removes dependencies between our microservices and will allow us to make changes to our code faster.
- removed the need for our tests to rely on private keys & certificates from our public key infrastructure (PKI). This allows us to generate private keys & certificates as we need them, making it quicker to write and maintain our tests.
Things we plan to do next
In the coming 2 to 3 weeks we expect to continue to:
- perform A/B tests to optimise the hub for users
- prepare changes needed to accommodate the new certified companies that will be connecting to GOV.UK Verify
- work on reducing our technical debt to make it easier for us to continuously improve the service
- maintain and improve the service