GDS 2012 Discovery ‘Local authority review: citizen online identity assurance’
This report provides an overview of the ways in which councils currently address online citizen identity assurance (IdA) and offers an insight into the challenges and barriers councils face in expanding their online services within the context of digital service transformation and citizen IdA. The report also makes recommendations on actions that could be taken to inform and support councils in implementing their strategies and plans for online citizen IdA.
From telephone interviews with council representatives from across the UK some common themes emerged:
- councils may offer hundreds of online services but many of these are not transactional and do not require any form of citizen IdA
- in many cases, citizens are nevertheless offered the opportunity to register in order that a ‘single view of the customer’ can be developed and the overall customer experience can be improved
- IdA for transactional online services is managed in a number of different ways within each council:
- registration, validation and authorisation may be through a single sign-on to a group of services or multiple sign-on to many different services
- both in-house developed and third party purchased solutions are in place
- citizens are often therefore required to register and identify themselves multiple times in different ways to the same organisation
- levels of assurance for each service are generally determined locally and are either referred to in terms of a number (0-3) or colour (bronze-gold); councils offer online services requiring levels of assurance 0, 1 and 2 (bronze and silver) but no examples of online services requiring assurance level 3 (gold) were identified
- councils recognise that communicating the concepts of IdA to their citizens, particularly in relation to a federated approach, will be very challenging but it is suggested that establishment of a national approach and branding that can be trusted by the public would help
- citizen trust may be difficult to achieve and it is suggested that demographic and customer insight studies could help to identify groups that might require digital assistance and the type of identity providers with whom they would be most familiar and therefore trust
- a number of councils are in the process of investigating or reviewing the market place for an IdA solution and there is a common concern not to adopt a solution that will not align with a future national standardised approach; additionally, councils are considering future requirements for linkages across council borders as well as across public service providers; open standards are therefore felt to be an important principle
- a number of councils are keen to take up opportunities to share knowledge and experience as well as to collaborate in constructive ways especially with the Government Digital Service (GDS)
- most frequently identified benefits of implementing a standardised online citizen IdA solution include greater satisfaction, security and convenience for the citizen and improved efficiency and lower costs for the council
- most frequently identified barriers and issues include organisational silos, cost (although this was not explicitly identified as a resource issue), data matching and quality, citizen trust, ownership (of data and/or service), legal understanding and accessibility and usability of a solution
- councils are interested to identify whether, how and when their plans may align with a national approach and to minimize any risk of future isolation and/or having to re-engineer their chosen solution
The following recommendations are made:
- Provide assistance to councils so that they may align with the IdAP (identity assurance programme) vision:
- publish IdAP vision and strategy at earliest opportunity
- publish IdAP deliverables roadmap and timeline
- enable councils to utilise the HMG (Her Majesty’s Government) procurement framework
- Work nationally with all suppliers including council suppliers to:
- review the landscape of IdA provision
- promote the national perspective
- Publish a common set of features and standards for IdA (such as a minimum feature list). These would build on good practice guides such as the Requirements for Secure Delivery of Online Public Services (RSDOPS).
- Engage with councils to pilot federated IdA solutions and explore alternative non-federated approaches that have already been taken by some councils such as Harrow to online citizen IdA.
- Widen lines of communications to councils through:
- knowledge sharing platform
- social media (eg blogs, tweets)
- Develop good practice guidelines for implementing assisted digital for IdA.
- Customer insight research is required to:
- investigate user attitudes to and perceptions of trust, data sharing and the role of third party identity providers
- usability/accessibility studies should be undertaken and good practice for IdA defined and published
- develop a communications plan and national campaign to raise citizen awareness and trust
- Create a national brand for federated IdA to encourage citizens to trust the new approach.