open identity exchange, digital sources of trust 1 research findings

OIX Digital Sources of Trust 1

Alpha Research Findings 03.02.15

James Boardwell, Rattle (rattlecentral.com) Andrea Valle, Adobe

http://rattlecentral.com

“Discover the user experience under which thin-file users will be inclined

to present digital evidence of identity from trustworthy sources to a

certified Identity Provider as part of an LOA 2 digital identity registration.”

This Digital Sources of Trust 1 project was concerned with finding secure ways for thin file citizens to prove their identity to LOA2 in order to be able to access gov.uk services, using paperless identity document / data verification.

The main focus of the user tests was to understand the user experience of the verification process and in particular, whether people would and could present evidence around the Personal Learner Record, a document produced by the Skills Funding Agency and available via the National Careers Service.

The Data: Personal Learner Record

Thin File demographics - by their definition - don’t have strong evidence of their identity. For example, valid passports, driving licences or financial data. The Personal Learner Record is a relatively new document produced by the Skills Funding Agency and available through the National Careers Service. It contains details of further education for all adults in the last 3-4 years. Pros: It should cover most younger thin-file usersCons: It is not a recognised document

Data for Knowledge Based Verification (KBV) and PDS data sharing

<MessageLogTraceRecord> <Addressing xmlns="http://schemas.microsoft.com/2004/06/ServiceModel/Management/MessageTrace"> <Action>http://tempuri.org/ILearnerServiceR9/LearnerByUln</Action> <To>https://ws2.staging.miap.gov.uk/Compatibility/QcfServices/LearnerServiceR9.svc</To> </Addressing> <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"> <s:Body> <LearnerByUln xmlns="http://tempuri.org/"> <invokingOrganisation xmlns:a="http://schemas.datacontract.org/2004/07/Amor.Qcf.Common" xmlns:i="http://www.w3.org/2001/XMLSchema-instance"> <a:ChannelCode>None</a:ChannelCode> <a:Password>##########</a:Password> <a:Reference>TEST72</a:Reference> <a:Ukprn>TEST0072</a:Ukprn> <a:Username>TEST72</a:Username> </invokingOrganisation> <userType>LNR</userType> <vendorId>1</vendorId> <language>ENG</language> <uln>9349327510</uln> <givenName>Adam</givenName> <familyName>Antcliff</familyName> <findType>FUL</findType> </LearnerByUln> </s:Body>

This is what the data in the PLR looks like and from which we formed questions to ask users.

“What affects the inclination of thin-file users to present or use digital

evidence (in particular PLR data) of their identity?”

From the project aims we produced this research question.

Or, how we do people convert and what affects that conversion? (We are assuming for the test that this PLR data alone would have been sufficient for LOA2 when that seems doubtful.)

Let’s remind ourselves of the problem we’re trying to fix…

Video 1:

“Proving who you are is a complete and utter nightmare”

https://vimeo.com/119214574

Proving who you are - for a significant minority of people - is incredibly difficult.


The Test• 20 Thin File users

• 3 User Journeys:

• #1 Eight Knowledge Based Questions (7 from PLR)

• #2 Download the Personal Learner Record

• #3 Share data via Personal Data Store

20 people recruited aged 17-30 who had undertaken some further education (vocational training was allowed) in the last 3 years. No valid passport or driving licence. No significant credit history - only 2 of: bank account; mortgage; loan; store cards; mobile phone contract; electricity bill in your name.

The Use Case

photo credit: https://www.flickr.com/photos/leehaywood/4203551907

A strong user case as younger people applying for a provisional driving licence often fall into the ‘thin-file’ demographic due to life stage: they live at home, don’t have any financial products, and their passport has expired.

https://www.flickr.com/photos/leehaywood/4203551907

We used the existing GDS Identity Provider journey from hub, however we added the 3 user journeys we were testing. Most of the testing was undertaken in the GDS user testing suite at Aviation House, with a minority done in Sheffield at the Rattle studio.

(It’s worth mentioning that testing the willingness of people to use digital evidence was inherently tied up with the interaction and usability of the GDS templates.)

The KBV Questions (User Journey #1)

1.What was the postcode of your place of residence on 1/1/2010?

2.What is your place of birth?

3.In what year did you pass "Introduction to Construction Work: Entry 3" (include retakes)?

4.What is your Unique Learner Number?

5.Which examination board did you take your GCSE in English with?

6.In what month and year did you commence the course "Diploma in Fitness Instructing & Personal Training"?

7.Which grade did you obtain in the following subject: "GCSE in Further Mathematics"?

8.What are the first two letters of the forename of another person on the electoral register at your address?

To see screenshots of the entire process please refer to the PDF of screenshots:https://www.dropbox.com/s/hcyxv7242yghv8u/OIX%20DSOT1%20User%20Test%20Questions.pdf?dl=0

The electoral roll question was kept from the existing GDS IdP journey as a benchmark to understand how educational data was perceived in relation to ‘standard’ dynamic KBV questions.

PDS Data Sharing Options• Personal information

• Name

• Date of birth

• Postcode

• Address

• Skills Funding Agency

• Certificates of Educational Achievement

• Housing

• Tenant agreement

• Rental payment history

• Smart card

• Card Identity Details

• Transaction History

• Bank Account / Credit Card

• Account information

• Transaction History

These options were presented as tick boxes to check and we asked people to choose seven from the eleven available.

What Did We Discover?

#1 Most Love the Ability to Verify Online Without Gold Std Documents

Male (D):

“When’s it coming into action?... because that would be a very good service, I reckon a load of people would start using that.”

The process of applying for passports and driving licences can be scary and this process made it relatively simple. It was very well received - we only had 3 people who would not have progressed and converted: 2 would have preferred to do it offline (they felt intimidated by the online process) and 1 technically literate teenager felt that he would not have wanted to share his data online (with the IdP).

Video 2:

“This is wicked”



However, there are issues affecting conversion:

#2 Process And Documents / Data Need To Be Clearer

• Identity verification is associated with definitive (tangible) documents and references rather than KBV

• KBV questions unfamiliar and therefore slightly confusing, affecting confidence in the process

• Some users thought they were providing static KBV security questions:

Male (E): “That’s like a secret question...That’s smart I suppose. It’s better than what’s your friends name or your mum’s maiden name things like that.”

People associate identity with documents or reference numbers, not data points.

KBV was unfamiliar and as such it affected confidence in the process - people didn’t feel sure about what they were doing.

Fix: question format; knowledge of the PLR and what data being used; use other data too - mobile phone?

Video 3:

Confusion about static versus dynamic knowledge based verification (“are these security questions?”)



#3 Personal = Good Too Personal = Bad

• Tension between being personal enough to feel trust that is valid, and too personal making people feel uncomfortable

• Makes people conscious of the process, brings people out of flow state

Moving along in flow, feels like a test then - a question acts as a flag, brings them into consciously thinking about process and identity.2 clips.

Video 4:

“Asking me is like a punch in the gut”


Crucially, this user would have continued, but the question felt very intimate.

And for some the KBV questions made them question the data, the document and where it all came from.


Video 4:

“Who’s keeping tabs on me?”


#4 Answering Questions Very Different To Sharing Data

• Questions = Flow and a less conscious focus on identity

• Sharing via PDS was presumed to be documents and involve humans (humans judge you).

• Users also had decisions to make in the PDS journey 3 and they were second guessing what documents / data would be relevant….

User journey 3 was understood differently by users - due to the concept of sharing data. In user journey 1 (KBV) participants did not believe they were sharing the PLR, partly because they didn’t know what it was & didn’t believe they had ownership of it. Whereas the act of sharing data via a PDS service (in user journey 3) was more explicit.(Still, 20 - 25% said they would prefer to use a PDS than answer questions as it was quicker).

Video 5:

Sharing data via a Personal Data Store - “why would they even want that?”



Willingness to Share via PDS

Here we can see how the various willingness to share different types of data.

#5 Financial Data Is Sacrosanct

• It feels far too private to risk sharing

• Female (Ma): “They need to quit! bank account, credit card, don’t even be asking be about that… Imagine, A transaction history, they wanna know where you’ve been going with what money you’ve been spending at what time (gasps) no way thats ridiculous, so unnecessary init”

As we saw in the last side financial data felt the most personal of all data points for the thin file participants. Whilst this wasn’t spontaneously mentioned on the KBV questions - it was flagged up consistently in user journey 3, possibly due to the older thin-file groups having experience of debt and perhaps highlights issues of money management (something we know from other research they feel vulnerable and embarrassed about).

Video 6:

Choosing what to share via a Personal Data Store



#6 Social Data Has A Greater Shelf Life

• Data with social currency has a longer shelf life

• Unique Learner Number and Examination Board are things people feel they should know

• Most people keep educational records (19 out of 20 had access to them)

Subject grades, postcodes, course names and institutions are all data types that have social currency; they are used frequently and have transaction value = high recall.No social currency, for example examination board data = low recall. The examination board question was something people felt they knew but had little confidence in their answers. Likewise Unique Learner Numbers (ULNs) were something most people thought they recognised but nobody knew it; it isn’t something they use to transact with regularly.

A User Experience People Trust?

• In principle KBV using digital sources of evidence works well

• Both KBV and PDS would convert better with known documents and clearer understanding of what is being shared, how and with whom #transparency

• Recommend further tests with mobile transaction data

To sum up.

Andrea, from Adobe:

The project team has discussed the possible ways to improve the process of verification using paperless documents to proof identity or verify claimed data. Adobe has proposed as the next step of the project to use secure PDF documents as digital sources of evidence as part of the digital identity registration process.

Adobe Digital Government

citizen accesses applicable

government service

citizen ID requested by government

service

citizen directed to identity provider of

choice

citizen authenticated

citizen has ID already

online questionnaire to assert citizen

identity

citizen identity asserted & ID

created successfully

citize

n doe

s not

curre

ntly

have

ID


Citizen Experience – Current

citizen identity cannot be asserted & process aborted

As Government agencies move forward to produce and exchange secure electronic documents (protected by technologies like Digital Rights Management and Electronic Signatures), the citizen will have reserved access to their documents and will be allowed to share them in a transparent way under their control through a secure platform.


citizen accesses applicable

government service

citizen ID requested by government

service

citizen directed to identity provider of

choice


citizen has ID already

online questionnaire via identity provider to assert citizen identity

citizen identity asserted & ID

created successfully

citize

n doe

s not

curre

ntly

have

ID


citizen selects preferred attribute providers & gives contact permission

secure message sent via government hub to

appropriate attribute providers with request for

information

New Citizen Experience

health services

military

educationlocal authorities

social services

citizen instantly informed of alternative attribute providers & provided with direct contact method to bridge “offline gap”

DWP HMRC

other

citize

n ide

ntity

cann

ot

be as

serte

d thr

ough

stand

ard d

proc

ess

These documents could serve as digital source of evidence that citizen will be able to share with Identity Providers or Attribute Providers for a limited amount of time or limited scope like validating KBV questions.


Attribute Provider & Digital Source of Evidence

selected identity provider reassesses based on new

evidence of identity

authorised attribute provider user accesses

government hub & accesses information

requests

appropriate proof of identity data /

documents attached to request

digital rights & signatures applied to digital

documentation / data to verify authenticity &

control access

digital documentation / data dispatched securely

to selected identity provider via digital hub

access to evidence documentation / data

automatically revoked to maintain privacy & security. Audit Log archived by digital

hub

citizen identity asserted & ID created successfully

online questionnaire via identity provider to assert

citizen identity via knowledge based authentication

SAML

aut

hent

icatio

n

used

for d

ata t

rans

fer

electronic documents, structured data, metadata

scanned physical documentation

citizen copied in to documentation and

stored in personal data store if required

In particular, the presence of metadata within those digital documents would help the IdPs to process relevant information in automated ways without need to physically access the complete document. We plan to start a pilot soon to validate these concepts and test new scenarios for provisioning digital identities online to a larger user base.

OIX Digital Sources of Trust 1

Alpha Research Findings 03.02.15

open identity exchange, digital sources of trust 1 research findings

Technology

financial data

digital evidence of

share data

particular plr data

personal data store20

recognised document

digital identity registration

user experience