An update on One Login for Government

24 Aug 2022 03:08 PM

Our mission to build one fast, simple and secure way for people to access government services is both relatively straightforward, and hugely complex.

Validating somebody’s identity so they can access services is mostly a ‘solved problem’ across government. Patterns and processes have grown up over time, and people are able to prove their identity, even though their experiences might be suboptimal, and they might face different hurdles and repetitive steps for different services. But here’s the thing: no one department or service is doing it all well.

It’s been nearly a year since I became the Single Responsible Owner of the One Login for Government programme, and it’s true when they say that time flies when you’re having fun. I can’t believe it’s been a year already! I remember arriving last September and giving my first ever external-facing presentation and now we’ve got products in beta, a packed dance card for services who want to work with us, and we are well on our way to building up the product suite that our government partners have asked for.

So what are my reflections and what have I learned? First of all, the Government Digital Service, or GDS, is a great place to be. It’s full of bright, enthusiastic people who care passionately about what we’re doing and making our single sign-on and identity-checking solution as easy to use and inclusive for users as we possibly can. There’s a great sense of purpose and real buzz in the air.

Delivering at pace

So, really, my first job was to work out what already exists and negotiate myself to a position of being able to ‘steal with pride’ the excellent work that’s gone on in other departments in this area.

As one of my key stakeholders said to me, “If you can bring the best of the best under one product set, you’re all set, you’ll be the market leader in government”. So that’s what we’re working towards… at pace!

We’ve got an initial version of our browser-based route - with a passport check and knowledge-based verification - in limited beta with our partners, the Disclosure and Barring Service. We’ve got an identity-checking app for people with driving licences in beta with HMRC for Government Gateway users, and credible plans for passports and Biometric Residence Permits to be added soon. We’re actively working on digital vouching, a face-to-face route, and new knowledge-based verification question sets that leverage government data – all of which will make identity checks more inclusive.

We’re most definitely underway in terms of delivery. We’re building the things that departments have told us they need and we’re standing on the shoulders of all the great work and research that’s already been done across government, so we’re not starting from scratch.

Understanding what success looks like

That’s the relatively straightforward bit. Working with departments to migrate their services in a way that makes sense for them and their users is the complex bit – particularly if you don’t want everyone you migrate to have to prove their identity again.

The legacy and diversity of identification methods across government means that there’s quite a lot of analysis work to be done to map existing processes to the Good Practice Guide (GPG) framework and understand the relative levels of assurance they need. There’s a trade-off between the veracity of the process and the percentage of people who will get through it, so departments have set their assurance levels in light of this.

We’ve spent a lot of time working to understand what’s really important to users and departments, and then building our roadmap and plan to focus on these key metrics. This has been really interesting because departments all have slightly different success criteria, and within their own organisations have optimised around different things based on their user groups.

One thing that does seem to be consistently important is the percentage of eligible users who make it through an identity verification route successfully. More on this in a subsequent blog post, no doubt, but working to understand different service needs and the implications of variations of numbers of users via different channels has been really helpful in determining our near-term goals.

So, we’ve made big steps forward in terms of building the things that departments have asked for, and this will remain our core focus for the next six months at least. However, in parallel, we’re starting to work through the complexities of user migration, how our account functionality needs to work, and how we can start to reuse identities verified in one place to access services in another.

We’re also thinking about how we can start to influence user behaviour when they’re on GOV.UK, so that being ‘logged in’ becomes a default behaviour, because it ‘unlocks’ other things and improves user experience.

It’s been a great first year and I’m looking forward to the next one!

If you work on a public government service with authentication and/or identity validation needs, get in touch with our team.