Presentation from an OIX research project which looked at ways in which thin file users could use alternative ways to verify their identity. Research involved testing with 20 users who were tasked with applying for a Provisional Driving Licence (working mock up of the service), using data from the Personal Learner Record.
The project partners were: OIX; Adobe; The Cabinet Office (Government Digital Service)
OIX: http://oixuk.org
Research undertaken by Rattle http://www.rattlecentral.com
[2024]Digital Global Overview Report 2024 Meltwater.pdf
Open Identity Exchange, Digital Sources of Trust 1 Research Findings
1. OIX
Digital Sources of Trust 1
Alpha Research Findings 03.02.15
James Boardwell, Rattle (rattlecentral.com)
Andrea Valle, Adobe
2. “Discover the user experience under
which thin-file users will be inclined
to present digital evidence of identity
from trustworthy sources to a
certified Identity Provider as part of
an LOA 2 digital identity registration.”
This Digital Sources of Trust 1 project was concerned with finding secure ways for thin file citizens to prove their identity to LOA2 in order to be able to access gov.uk
services, using paperless identity document / data verification.
The main focus of the user tests was to understand the user experience of the verification process and in particular, whether people would and could present evidence
around the Personal Learner Record, a document produced by the Skills Funding Agency and available via the National Careers Service.
3. The Data: Personal Learner
Record
Thin File demographics - by their definition - don’t have strong evidence of their identity. For example, valid passports, driving licences or financial data. The Personal
Learner Record is a relatively new document produced by the Skills Funding Agency and available through the National Careers Service. It contains details of further
education for all adults in the last 3-4 years.
Pros: It should cover most younger thin-file users
Cons: It is not a recognised document
4. Data for Knowledge Based Verification
(KBV) and PDS data sharing
<MessageLogTraceRecord>
<Addressing xmlns="http://schemas.microsoft.com/2004/06/ServiceModel/Management/MessageTrace">
<Action>http://tempuri.org/ILearnerServiceR9/LearnerByUln</Action>
<To>https://ws2.staging.miap.gov.uk/Compatibility/QcfServices/LearnerServiceR9.svc</To>
</Addressing>
<s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/">
<s:Body>
<LearnerByUln xmlns="http://tempuri.org/">
<invokingOrganisation xmlns:a="http://schemas.datacontract.org/2004/07/Amor.Qcf.Common" xmlns:i="http://
www.w3.org/2001/XMLSchema-instance">
<a:ChannelCode>None</a:ChannelCode>
<a:Password>##########</a:Password>
<a:Reference>TEST72</a:Reference>
<a:Ukprn>TEST0072</a:Ukprn>
<a:Username>TEST72</a:Username>
</invokingOrganisation>
<userType>LNR</userType>
<vendorId>1</vendorId>
<language>ENG</language>
<uln>9349327510</uln>
<givenName>Adam</givenName>
<familyName>Antcliff</familyName>
<findType>FUL</findType>
</LearnerByUln>
</s:Body>
This is what the data in the PLR looks like and from which we formed questions to ask users.
5. “What affects the inclination of thin-
file users to present or use digital
evidence (in particular PLR data) of
their identity?”
From the project aims we produced this research question.
Or, how we do people convert and what affects that conversion? (We are assuming for the test that this PLR data alone would have been sufficient for LOA2 when that
seems doubtful.)
Let’s remind ourselves of the problem we’re trying to fix…
6. Video 1:
“Proving who you are is a complete and utter nightmare”
https://vimeo.com/119214574
Proving who you are - for a significant minority of people - is incredibly difficult.
7. The Test
• 20 Thin File users
• 3 User Journeys:
• #1 Eight Knowledge Based Questions (7 from
PLR)
• #2 Download the Personal Learner Record
• #3 Share data via Personal Data Store
20 people recruited aged 17-30 who had undertaken some further education (vocational training was allowed) in the last 3 years.
No valid passport or driving licence.
No significant credit history - only 2 of: bank account; mortgage; loan; store cards; mobile phone contract; electricity bill in your name.
8. The Use Case
photo credit: https://www.flickr.com/photos/leehaywood/4203551907
A strong user case as younger people applying for a provisional driving licence often fall into the ‘thin-file’ demographic due to life stage: they live at home, don’t have
any financial products, and their passport has expired.
9. We used the existing GDS Identity Provider journey from hub, however we added the 3 user journeys we were testing. Most of the testing was undertaken in the GDS
user testing suite at Aviation House, with a minority done in Sheffield at the Rattle studio.
(It’s worth mentioning that testing the willingness of people to use digital evidence was inherently tied up with the interaction and usability of the GDS templates.)
10. The KBV Questions
(User Journey #1)
1.What was the postcode of your place of residence on 1/1/2010?
2.What is your place of birth?
3.In what year did you pass "Introduction to Construction Work: Entry 3" (include
retakes)?
4.What is your Unique Learner Number?
5.Which examination board did you take your GCSE in English with?
6.In what month and year did you commence the course "Diploma in Fitness
Instructing & Personal Training"?
7.Which grade did you obtain in the following subject: "GCSE in Further Mathematics"?
8.What are the first two letters of the forename of another person on the electoral
register at your address?
To see screenshots of the entire process please refer to the PDF of screenshots:
https://www.dropbox.com/s/hcyxv7242yghv8u/OIX%20DSOT1%20User%20Test%20Questions.pdf?dl=0
The electoral roll question was kept from the existing GDS IdP journey as a benchmark to understand how educational data was perceived in relation to ‘standard’
dynamic KBV questions.
11. PDS Data Sharing Options
• Personal information
• Name
• Date of birth
• Postcode
• Address
• Skills Funding Agency
• Certificates of Educational Achievement
• Housing
• Tenant agreement
• Rental payment history
• Smart card
• Card Identity Details
• Transaction History
• Bank Account / Credit Card
• Account information
• Transaction History
These options were presented as tick boxes to check and we asked people to choose seven from the eleven available.
13. #1 Most Love the Ability to Verify
Online Without Gold Std Documents
Male (D):
“When’s it coming into action?... because that
would be a very good service, I reckon a load
of people would start using that.”
The process of applying for passports and driving licences can be scary and this process made it relatively simple. It was very well received - we only had 3 people who
would not have progressed and converted: 2 would have preferred to do it offline (they felt intimidated by the online process) and 1 technically literate teenager felt that
he would not have wanted to share his data online (with the IdP).
16. #2 Process And Documents /
Data Need To Be Clearer
• Identity verification is associated with definitive
(tangible) documents and references rather than KBV
• KBV questions unfamiliar and therefore slightly
confusing, affecting confidence in the process
• Some users thought they were providing static KBV
security questions:
Male (E): “That’s like a secret question...That’s smart I
suppose. It’s better than what’s your friends name or
your mum’s maiden name things like that.”
People associate identity with documents or reference numbers, not data points.
KBV was unfamiliar and as such it affected confidence in the process - people didn’t feel sure about what they were doing.
Fix: question format; knowledge of the PLR and what data being used; use other data too - mobile phone?
17. Video 3:
Confusion about static versus dynamic knowledge based
verification (“are these security questions?”)
https://vimeo.com/119213930
18. #3 Personal = Good
Too Personal = Bad
• Tension between being personal enough to feel
trust that is valid, and too personal making people
feel uncomfortable
• Makes people conscious of the process, brings
people out of flow state
Moving along in flow, feels like a test then - a question acts as a flag, brings them into consciously thinking about process and identity.
2 clips.
19. Video 4:
“Asking me is like a punch in the gut”
https://vimeo.com/119129789
Crucially, this user would have continued, but the question felt very intimate.
And for some the KBV questions made them question the data, the document and where it all came from.
21. #4 Answering Questions Very
Different To Sharing Data
• Questions = Flow and a less conscious focus on
identity
• Sharing via PDS was presumed to be documents
and involve humans (humans judge you).
• Users also had decisions to make in the PDS
journey 3 and they were second guessing what
documents / data would be relevant….
User journey 3 was understood differently by users - due to the concept of sharing data.
In user journey 1 (KBV) participants did not believe they were sharing the PLR, partly because they didn’t know what it was & didn’t believe they had ownership of it.
Whereas the act of sharing data via a PDS service (in user journey 3) was more explicit.
(Still, 20 - 25% said they would prefer to use a PDS than answer questions as it was quicker).
22. Video 5:
Sharing data via a Personal Data Store -
“why would they even want that?”
https://vimeo.com/119213928
23. Willingness to Share via PDS
Here we can see how the various willingness to share different types of data.
24. #5 Financial Data Is
Sacrosanct
• It feels far too private to risk sharing
• Female (Ma): “They need to quit! bank account,
credit card, don’t even be asking be about that…
Imagine, A transaction history, they wanna know
where you’ve been going with what money you’ve
been spending at what time (gasps) no way thats
ridiculous, so unnecessary init”
As we saw in the last side financial data felt the most personal of all data points for the thin file participants. Whilst this wasn’t spontaneously mentioned on the KBV
questions - it was flagged up consistently in user journey 3, possibly due to the older thin-file groups having experience of debt and perhaps highlights issues of money
management (something we know from other research they feel vulnerable and embarrassed about).
26. #6 Social Data Has A
Greater Shelf Life
• Data with social currency has a longer shelf life
• Unique Learner Number and Examination Board
are things people feel they should know
• Most people keep educational records (19 out of
20 had access to them)
Subject grades, postcodes, course names and institutions are all data types that have social currency; they are used frequently and have transaction value = high recall.
No social currency, for example examination board data = low recall.
The examination board question was something people felt they knew but had little confidence in their answers. Likewise Unique Learner Numbers (ULNs) were
something most people thought they recognised but nobody knew it; it isn’t something they use to transact with regularly.
27. A User Experience
People Trust?
• In principle KBV using digital sources of evidence
works well
• Both KBV and PDS would convert better with
known documents and clearer understanding of
what is being shared, how and with whom
#transparency
• Recommend further tests with mobile transaction
data
To sum up.
28. Andrea, from Adobe:
The project team has discussed the possible ways to improve the process of verification using paperless documents to proof identity or verify claimed data. Adobe has
proposed as the next step of the project to use secure PDF documents as digital sources of evidence as part of the digital identity registration process.
30. Adobe Digital Government
citizenaccesses
applicable
governmentservice
citizenIDrequested
bygovernment
service
citizendirectedto
identityproviderof
choice
citizen
authenticated
citizenhas
IDalready
onlinequestionnairevia
identityprovider to
assertcitizenidentity
citizenidentity
asserted&ID
createdsuccessfully
citizendoesnot
currentlyhaveID
citizen
authenticated
citizenselectspreferred
attributeproviders&gives
contactpermission
securemessagesentvia
governmenthubto
appropriateattribute
providerswithrequestfor
information
New Citizen Experience
health
services
military
educationlocal
authorities
social
services
citizeninstantly informedofalternative
attributeproviders&providedwithdirect
contactmethodtobridge“offlinegap”
DWP HMRC
other
citizenidentitycannot
beassertedthrough
standarddprocess
These documents could serve as digital source of evidence that citizen will be able to share with Identity Providers or Attribute Providers for a limited amount of time or
limited scope like validating KBV questions.
31. Adobe Digital Government
Attribute Provider & Digital Source of Evidence
selectedidentityprovider
reassesses basedonnew
evidenceofidentity
authorisedattribute
provideruseraccesses
governmenthub&
accessesinformation
requests
appropriateproofof
identitydata/
documentsattachedto
request
digitalrights&signatures
appliedtodigital
documentation/datato
verifyauthenticity&
controlaccess
digitaldocumentation/
datadispatchedsecurely
toselectedidentity
providerviadigitalhub
accesstoevidence
documentation/data
automaticallyrevokedto
maintainprivacy&security.
AuditLogarchivedbydigital
hub
citizenidentityasserted&
IDcreatedsuccessfully
onlinequestionnairevia
identityprovider toassert
citizenidentityviaknowledge
basedauthentication
SAMLauthentication
usedfordatatransfer
electronic
documents,
structureddata,
metadata
scannedphysical
documentation
citizencopiedinto
documentationand
storedinpersonaldata
storeifrequired
In particular, the presence of metadata within those digital documents would help the IdPs to process relevant information in automated ways without need to physically
access the complete document.
We plan to start a pilot soon to validate these concepts and test new scenarios for provisioning digital identities online to a larger user base.