https://identityassurance.blog.gov.uk/2016/02/09/gov-uk-verify-technical-delivery-update-9-february-2016/

GOV.UK Verify: Technical delivery update, 9 February 2016

This blog post is for anyone interested in the technical development of GOV.UK Verify.

In our first technical delivery update we explained that there are 3 parts to GOV.UK Verify and the delivery team is responsible for building and maintaining 2 of them: the GOV.UK Verify hub and Document Checking Service.

The delivery team is made up of developers, engineers, analysts, product managers, delivery managers, designers, researchers, content designers and architects. Currently, we’re working on 3 technical delivery priorities: increasing adoption of GOV.UK Verify; improving and maintaining GOV.UK Verify; and reducing our technical debt.

Here’s what we’ve been working on since the last update, and what we plan to do next.

Increasing adoption of GOV.UK Verify

We want departments across government to adopt GOV.UK Verify increasingly as it progresses from beta to live because it’s secure, straightforward and meets the needs of their users. To improve GOV.UK Verify and make it better for end users, since our last update we’ve:

  • completed an A/B test which removed the ‘Finding the right company for you’ page and looked at its effect on completion rate. Users see this page before they see the series of questions to help them choose a certified company that’s likely to work for them. The test was inconclusive - we’ll re-test soon, this time focussing on the impact on success rate.
  • improved our analytics so that we can better track the success rates of users with different combinations of evidence, to help us understand how people are interacting with the service and make decisions about how to improve it.
  • prepared out next A/B test to improve the ‘Can I be verified?’ page. Users are asked if they are over 19 or have moved to the UK in the last 12 months. This indicates that the user is likely to have an activity history that can be validated by the certified companies. The new design aims to filter users who do not have an address in the UK and therefore cannot be verified so we can tell them GOV.UK Verify won’t work for them before they choose a certified company, and direct them to another way to access the service they want to use.
  • tested new prototypes of the user journey in our user research lab. We wanted to see if there are ways of communicating the concept in fewer steps, but with each step containing more information. Initial feedback from this work supports our current approach of delivering information in small chunks.
  • continued to make changes to prepare for the new certified companies joining GOV.UK Verify soon, for example we will need to change some of the questions to reflect the different methods new providers will be offering.

Improving and maintaining GOV.UK Verify

We want to continue to improve the way we run the GOV.UK Verify federation and ensure we’re ready to run a Live service come April 2016. To continue to keep GOV.UK Verify available and secure we’ve:

  • started rebuilding our frontend application (the bits of GOV.UK Verify that users see). The new frontend is being built in the open and will allow users to use GOV.UK Verify in Welsh.
  • started work on the Matching Service Adapter (MSA) to add support for multiple signing keys. The MSA is a tool which simplifies the integration of digital services with GOV.UK Verify. I previously wrote about updates to the MSA to add support multiple encryption keys. This follow on work will further reduce disruption to users when government departments rotate their signing & encryption keys. A new version of the MSA with these changes will be released shortly.

Reducing our technical debt

There are things we need to do to the GOV.UK Verify codebase to tidy up accumulated impact of having made a lot of different changes over time (this is often referred to as ‘technical debt’). To reduce accumulated technical debt and allow us to continue to deliver at pace, we’ve:

  • continued work to break apart a large shared library of code used for our SAML (Security Assertion Markup Language) messages. This removes dependencies between our microservices and will allow us to make changes to our code faster.

Things we plan to do next

In the coming 2 to 3 weeks we expect to continue to:

  • perform A/B tests to optimise the hub for users
  • prepare changes needed to accommodate the new certified companies that will be connecting to GOV.UK Verify
  • work on reducing our technical debt
  • maintain and improve the service

Subscribe to the blog to keep up to date with GOV.UK Verify's latest technical developments and follow @KitCarrau on Twitter