SlideShare a Scribd company logo

Open Identity Exchange, Digital Sources of Trust 1 Research Findings

James Boardwell
James Boardwell

Presentation from an OIX research project which looked at ways in which thin file users could use alternative ways to verify their identity. Research involved testing with 20 users who were tasked with applying for a Provisional Driving Licence (working mock up of the service), using data from the Personal Learner Record. The project partners were: OIX; Adobe; The Cabinet Office (Government Digital Service) OIX: http://oixuk.org Research undertaken by Rattle http://www.rattlecentral.com

Technology
1 of 32
Download to read offline
OIX Digital Sources of Trust 1 Alpha Research Findings 03.02.15 James Boardwell, Rattle (rattlecentral.com) Andrea Valle, Adobe
“Discover the user experience under which thin-file users will be inclined to present digital evidence of identity from trustworthy sources to a certified Identity Provider as part of an LOA 2 digital identity registration.” This Digital Sources of Trust 1 project was concerned with finding secure ways for thin file citizens to prove their identity to LOA2 in order to be able to access gov.uk services, using paperless identity document / data verification. The main focus of the user tests was to understand the user experience of the verification process and in particular, whether people would and could present evidence around the Personal Learner Record, a document produced by the Skills Funding Agency and available via the National Careers Service.
The Data: Personal Learner Record Thin File demographics - by their definition - don’t have strong evidence of their identity. For example, valid passports, driving licences or financial data. The Personal Learner Record is a relatively new document produced by the Skills Funding Agency and available through the National Careers Service. It contains details of further education for all adults in the last 3-4 years. Pros: It should cover most younger thin-file users Cons: It is not a recognised document
Data for Knowledge Based Verification (KBV) and PDS data sharing <MessageLogTraceRecord> <Addressing xmlns="http://schemas.microsoft.com/2004/06/ServiceModel/Management/MessageTrace"> <Action>http://tempuri.org/ILearnerServiceR9/LearnerByUln</Action> <To>https://ws2.staging.miap.gov.uk/Compatibility/QcfServices/LearnerServiceR9.svc</To> </Addressing> <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"> <s:Body> <LearnerByUln xmlns="http://tempuri.org/"> <invokingOrganisation xmlns:a="http://schemas.datacontract.org/2004/07/Amor.Qcf.Common" xmlns:i="http:// www.w3.org/2001/XMLSchema-instance"> <a:ChannelCode>None</a:ChannelCode> <a:Password>##########</a:Password> <a:Reference>TEST72</a:Reference> <a:Ukprn>TEST0072</a:Ukprn> <a:Username>TEST72</a:Username> </invokingOrganisation> <userType>LNR</userType> <vendorId>1</vendorId> <language>ENG</language> <uln>9349327510</uln> <givenName>Adam</givenName> <familyName>Antcliff</familyName> <findType>FUL</findType> </LearnerByUln> </s:Body> This is what the data in the PLR looks like and from which we formed questions to ask users.
“What affects the inclination of thin- file users to present or use digital evidence (in particular PLR data) of their identity?” From the project aims we produced this research question. Or, how we do people convert and what affects that conversion? (We are assuming for the test that this PLR data alone would have been sufficient for LOA2 when that seems doubtful.) Let’s remind ourselves of the problem we’re trying to fix…
Video 1: “Proving who you are is a complete and utter nightmare” https://vimeo.com/119214574 Proving who you are - for a significant minority of people - is incredibly difficult.
The Test • 20 Thin File users • 3 User Journeys: • #1 Eight Knowledge Based Questions (7 from PLR) • #2 Download the Personal Learner Record • #3 Share data via Personal Data Store 20 people recruited aged 17-30 who had undertaken some further education (vocational training was allowed) in the last 3 years. No valid passport or driving licence. No significant credit history - only 2 of: bank account; mortgage; loan; store cards; mobile phone contract; electricity bill in your name.
The Use Case photo credit: https://www.flickr.com/photos/leehaywood/4203551907 A strong user case as younger people applying for a provisional driving licence often fall into the ‘thin-file’ demographic due to life stage: they live at home, don’t have any financial products, and their passport has expired.
We used the existing GDS Identity Provider journey from hub, however we added the 3 user journeys we were testing. Most of the testing was undertaken in the GDS user testing suite at Aviation House, with a minority done in Sheffield at the Rattle studio. (It’s worth mentioning that testing the willingness of people to use digital evidence was inherently tied up with the interaction and usability of the GDS templates.)
The KBV Questions (User Journey #1) 1.What was the postcode of your place of residence on 1/1/2010? 2.What is your place of birth? 3.In what year did you pass "Introduction to Construction Work: Entry 3" (include retakes)? 4.What is your Unique Learner Number? 5.Which examination board did you take your GCSE in English with? 6.In what month and year did you commence the course "Diploma in Fitness Instructing & Personal Training"? 7.Which grade did you obtain in the following subject: "GCSE in Further Mathematics"? 8.What are the first two letters of the forename of another person on the electoral register at your address? To see screenshots of the entire process please refer to the PDF of screenshots: https://www.dropbox.com/s/hcyxv7242yghv8u/OIX%20DSOT1%20User%20Test%20Questions.pdf?dl=0 The electoral roll question was kept from the existing GDS IdP journey as a benchmark to understand how educational data was perceived in relation to ‘standard’ dynamic KBV questions.
PDS Data Sharing Options • Personal information • Name • Date of birth • Postcode • Address • Skills Funding Agency • Certificates of Educational Achievement • Housing • Tenant agreement • Rental payment history • Smart card • Card Identity Details • Transaction History • Bank Account / Credit Card • Account information • Transaction History These options were presented as tick boxes to check and we asked people to choose seven from the eleven available.
What Did We Discover?
#1 Most Love the Ability to Verify Online Without Gold Std Documents Male (D): “When’s it coming into action?... because that would be a very good service, I reckon a load of people would start using that.” The process of applying for passports and driving licences can be scary and this process made it relatively simple. It was very well received - we only had 3 people who would not have progressed and converted: 2 would have preferred to do it offline (they felt intimidated by the online process) and 1 technically literate teenager felt that he would not have wanted to share his data online (with the IdP).
Video 2: “This is wicked” https://vimeo.com/119213929
However, there are issues affecting conversion:
#2 Process And Documents / Data Need To Be Clearer • Identity verification is associated with definitive (tangible) documents and references rather than KBV • KBV questions unfamiliar and therefore slightly confusing, affecting confidence in the process • Some users thought they were providing static KBV security questions: Male (E): “That’s like a secret question...That’s smart I suppose. It’s better than what’s your friends name or your mum’s maiden name things like that.” People associate identity with documents or reference numbers, not data points. KBV was unfamiliar and as such it affected confidence in the process - people didn’t feel sure about what they were doing. Fix: question format; knowledge of the PLR and what data being used; use other data too - mobile phone?
Video 3: Confusion about static versus dynamic knowledge based verification (“are these security questions?”) https://vimeo.com/119213930
#3 Personal = Good Too Personal = Bad • Tension between being personal enough to feel trust that is valid, and too personal making people feel uncomfortable • Makes people conscious of the process, brings people out of flow state Moving along in flow, feels like a test then - a question acts as a flag, brings them into consciously thinking about process and identity. 2 clips.
Video 4: “Asking me is like a punch in the gut” https://vimeo.com/119129789 Crucially, this user would have continued, but the question felt very intimate. And for some the KBV questions made them question the data, the document and where it all came from.
Video 4: “Who’s keeping tabs on me?” https://vimeo.com/119129787
#4 Answering Questions Very Different To Sharing Data • Questions = Flow and a less conscious focus on identity • Sharing via PDS was presumed to be documents and involve humans (humans judge you). • Users also had decisions to make in the PDS journey 3 and they were second guessing what documents / data would be relevant…. User journey 3 was understood differently by users - due to the concept of sharing data. In user journey 1 (KBV) participants did not believe they were sharing the PLR, partly because they didn’t know what it was & didn’t believe they had ownership of it. Whereas the act of sharing data via a PDS service (in user journey 3) was more explicit. (Still, 20 - 25% said they would prefer to use a PDS than answer questions as it was quicker).
Video 5: Sharing data via a Personal Data Store - “why would they even want that?” https://vimeo.com/119213928
Willingness to Share via PDS Here we can see how the various willingness to share different types of data.
#5 Financial Data Is Sacrosanct • It feels far too private to risk sharing • Female (Ma): “They need to quit! bank account, credit card, don’t even be asking be about that… Imagine, A transaction history, they wanna know where you’ve been going with what money you’ve been spending at what time (gasps) no way thats ridiculous, so unnecessary init” As we saw in the last side financial data felt the most personal of all data points for the thin file participants. Whilst this wasn’t spontaneously mentioned on the KBV questions - it was flagged up consistently in user journey 3, possibly due to the older thin-file groups having experience of debt and perhaps highlights issues of money management (something we know from other research they feel vulnerable and embarrassed about).
Video 6: Choosing what to share via a Personal Data Store https://vimeo.com/119129797
#6 Social Data Has A Greater Shelf Life • Data with social currency has a longer shelf life • Unique Learner Number and Examination Board are things people feel they should know • Most people keep educational records (19 out of 20 had access to them) Subject grades, postcodes, course names and institutions are all data types that have social currency; they are used frequently and have transaction value = high recall. No social currency, for example examination board data = low recall. The examination board question was something people felt they knew but had little confidence in their answers. Likewise Unique Learner Numbers (ULNs) were something most people thought they recognised but nobody knew it; it isn’t something they use to transact with regularly.
A User Experience People Trust? • In principle KBV using digital sources of evidence works well • Both KBV and PDS would convert better with known documents and clearer understanding of what is being shared, how and with whom #transparency • Recommend further tests with mobile transaction data To sum up.
Andrea, from Adobe: The project team has discussed the possible ways to improve the process of verification using paperless documents to proof identity or verify claimed data. Adobe has proposed as the next step of the project to use secure PDF documents as digital sources of evidence as part of the digital identity registration process.
Adobe Digital Government citizenaccesses applicable governmentservice citizenIDrequested bygovernment service citizendirectedto identityproviderof choice citizen authenticated citizenhas IDalready onlinequestionnaire toassertcitizen identity citizenidentity asserted&ID createdsuccessfully citizendoesnot currentlyhaveID citizen authenticated Citizen Experience – Current citizenidentity cannotbeasserted& processaborted As Government agencies move forward to produce and exchange secure electronic documents (protected by technologies like Digital Rights Management and Electronic Signatures), the citizen will have reserved access to their documents and will be allowed to share them in a transparent way under their control through a secure platform.
Adobe Digital Government citizenaccesses applicable governmentservice citizenIDrequested bygovernment service citizendirectedto identityproviderof choice citizen authenticated citizenhas IDalready onlinequestionnairevia identityprovider to assertcitizenidentity citizenidentity asserted&ID createdsuccessfully citizendoesnot currentlyhaveID citizen authenticated citizenselectspreferred attributeproviders&gives contactpermission securemessagesentvia governmenthubto appropriateattribute providerswithrequestfor information New Citizen Experience health services military educationlocal authorities social services citizeninstantly informedofalternative attributeproviders&providedwithdirect contactmethodtobridge“offlinegap” DWP HMRC other citizenidentitycannot beassertedthrough standarddprocess These documents could serve as digital source of evidence that citizen will be able to share with Identity Providers or Attribute Providers for a limited amount of time or limited scope like validating KBV questions.
Adobe Digital Government Attribute Provider & Digital Source of Evidence selectedidentityprovider reassesses basedonnew evidenceofidentity authorisedattribute provideruseraccesses governmenthub& accessesinformation requests appropriateproofof identitydata/ documentsattachedto request digitalrights&signatures appliedtodigital documentation/datato verifyauthenticity& controlaccess digitaldocumentation/ datadispatchedsecurely toselectedidentity providerviadigitalhub accesstoevidence documentation/data automaticallyrevokedto maintainprivacy&security. AuditLogarchivedbydigital hub citizenidentityasserted& IDcreatedsuccessfully onlinequestionnairevia identityprovider toassert citizenidentityviaknowledge basedauthentication SAMLauthentication usedfordatatransfer electronic documents, structureddata, metadata scannedphysical documentation citizencopiedinto documentationand storedinpersonaldata storeifrequired In particular, the presence of metadata within those digital documents would help the IdPs to process relevant information in automated ways without need to physically access the complete document. We plan to start a pilot soon to validate these concepts and test new scenarios for provisioning digital identities online to a larger user base.
OIX Digital Sources of Trust 1 Alpha Research Findings 03.02.15

Recommended

truzzt / Idento.one TakeOut Pflichtenheft Uni Leonie.pdf
truzzt / Idento.one TakeOut Pflichtenheft Uni Leonie.pdftruzzt / Idento.one TakeOut Pflichtenheft Uni Leonie.pdf
truzzt / Idento.one TakeOut Pflichtenheft Uni Leonie.pdfh-bauer2014
 
Trusting the internet
Trusting the internetTrusting the internet
Trusting the internetAireen Sinong
 
PIDapalooza 2016 Keynote
PIDapalooza 2016 KeynotePIDapalooza 2016 Keynote
PIDapalooza 2016 KeynoteJonathan Clark
 
Privacy awareness full book-l
Privacy awareness full book-lPrivacy awareness full book-l
Privacy awareness full book-lcoedfvaliantvoora
 
DTF
DTF DTF
DTF MARYFEMINAKS2028336
 
When Too Many is Just Enough: Citizen Engagement and Federal Government Websites
When Too Many is Just Enough: Citizen Engagement and Federal Government WebsitesWhen Too Many is Just Enough: Citizen Engagement and Federal Government Websites
When Too Many is Just Enough: Citizen Engagement and Federal Government WebsitesJeffrey Ryan Pass
 
How Blockchains Are Transforming Adult Education
How Blockchains Are Transforming Adult EducationHow Blockchains Are Transforming Adult Education
How Blockchains Are Transforming Adult EducationJohn Domingue
 
Cyber crimes trends to watch-full book-l
Cyber crimes trends to watch-full book-lCyber crimes trends to watch-full book-l
Cyber crimes trends to watch-full book-lcoedfvaliantvoora
 

Recommended

truzzt / Idento.one TakeOut Pflichtenheft Uni Leonie.pdf
truzzt / Idento.one TakeOut Pflichtenheft Uni Leonie.pdftruzzt / Idento.one TakeOut Pflichtenheft Uni Leonie.pdf
truzzt / Idento.one TakeOut Pflichtenheft Uni Leonie.pdfh-bauer2014
 
Trusting the internet
Trusting the internetTrusting the internet
Trusting the internetAireen Sinong
 
PIDapalooza 2016 Keynote
PIDapalooza 2016 KeynotePIDapalooza 2016 Keynote
PIDapalooza 2016 KeynoteJonathan Clark
 
Privacy awareness full book-l
Privacy awareness full book-lPrivacy awareness full book-l
Privacy awareness full book-lcoedfvaliantvoora
 
DTF
DTF DTF
DTF MARYFEMINAKS2028336
 
When Too Many is Just Enough: Citizen Engagement and Federal Government Websites
When Too Many is Just Enough: Citizen Engagement and Federal Government WebsitesWhen Too Many is Just Enough: Citizen Engagement and Federal Government Websites
When Too Many is Just Enough: Citizen Engagement and Federal Government WebsitesJeffrey Ryan Pass
 
How Blockchains Are Transforming Adult Education
How Blockchains Are Transforming Adult EducationHow Blockchains Are Transforming Adult Education
How Blockchains Are Transforming Adult EducationJohn Domingue
 
Cyber crimes trends to watch-full book-l
Cyber crimes trends to watch-full book-lCyber crimes trends to watch-full book-l
Cyber crimes trends to watch-full book-lcoedfvaliantvoora
 
Self-Sovereign Identity: Lightening Talk at RightsCon
Self-Sovereign Identity: Lightening Talk at RightsCon Self-Sovereign Identity: Lightening Talk at RightsCon
Self-Sovereign Identity: Lightening Talk at RightsCon Kaliya "Identity Woman" Young
 
Client Cert Deployment Models and Hardware Tokens/Smart Cards
Client Cert Deployment Models and Hardware Tokens/Smart CardsClient Cert Deployment Models and Hardware Tokens/Smart Cards
Client Cert Deployment Models and Hardware Tokens/Smart CardsEd Dodds
 
Verifiable Credentials in Self-Sovereign Identity (SSI)
Verifiable Credentials in Self-Sovereign Identity (SSI)Verifiable Credentials in Self-Sovereign Identity (SSI)
Verifiable Credentials in Self-Sovereign Identity (SSI)Evernym
 
Legal Process using Social Media: Evidence, Jury Tampering, and the Service o...
Legal Process using Social Media: Evidence, Jury Tampering, and the Service o...Legal Process using Social Media: Evidence, Jury Tampering, and the Service o...
Legal Process using Social Media: Evidence, Jury Tampering, and the Service o...Omar Ha-Redeye
 
Omar Ha-Redeye - Legal Process using Social Media: Evidence, Jury Tampering, ...
Omar Ha-Redeye - Legal Process using Social Media: Evidence, Jury Tampering, ...Omar Ha-Redeye - Legal Process using Social Media: Evidence, Jury Tampering, ...
Omar Ha-Redeye - Legal Process using Social Media: Evidence, Jury Tampering, ...Clio - Cloud-Based Legal Technology
 
Personal Data and Trust Network inaugural Event 11 march 2015 - record
Personal Data and Trust Network inaugural Event 11 march 2015 - recordPersonal Data and Trust Network inaugural Event 11 march 2015 - record
Personal Data and Trust Network inaugural Event 11 march 2015 - recordDigital Catapult
 
Tony Nadalin' presentation at eComm 2008
Tony Nadalin' presentation at eComm 2008Tony Nadalin' presentation at eComm 2008
Tony Nadalin' presentation at eComm 2008eComm2008
 
DAY 1 Morning 1. Introductions 2. Confirm project .docx
DAY 1 Morning 1. Introductions 2. Confirm project .docxDAY 1 Morning 1. Introductions 2. Confirm project .docx
DAY 1 Morning 1. Introductions 2. Confirm project .docxsimonithomas47935
 
The challenges of digital evidence in ‘formal proceedings’ from Accuracy
The challenges of digital evidence in ‘formal proceedings’ from AccuracyThe challenges of digital evidence in ‘formal proceedings’ from Accuracy
The challenges of digital evidence in ‘formal proceedings’ from AccuracyPaul Wright MSc
 
Callcredit's Fraud Summit - Customer experience stream
Callcredit's Fraud Summit - Customer experience streamCallcredit's Fraud Summit - Customer experience stream
Callcredit's Fraud Summit - Customer experience streamCallcredit123
 
FSU Admissions Florida State University, Colleges I
FSU Admissions Florida State University, Colleges IFSU Admissions Florida State University, Colleges I
FSU Admissions Florida State University, Colleges IKatreka Howard
 
Identity Vs Reputation
Identity Vs ReputationIdentity Vs Reputation
Identity Vs ReputationMike Chen
 
The Domains of Identity & Self-Sovereign Identity MyData 2018
The Domains of Identity & Self-Sovereign Identity MyData 2018The Domains of Identity & Self-Sovereign Identity MyData 2018
The Domains of Identity & Self-Sovereign Identity MyData 2018Kaliya "Identity Woman" Young
 
Fraud auditing creative techniques
Fraud auditing creative techniquesFraud auditing creative techniques
Fraud auditing creative techniquesJim Kaplan CIA CFE
 
Stuart Harrison Open data - Under the hood
Stuart Harrison Open data - Under the hoodStuart Harrison Open data - Under the hood
Stuart Harrison Open data - Under the hoodeventwithme
 
Danger! Danger! Your Mobile Applications Are Not Secure
Danger! Danger! Your Mobile Applications Are Not SecureDanger! Danger! Your Mobile Applications Are Not Secure
Danger! Danger! Your Mobile Applications Are Not SecureTechWell
 
Privacy Implications of Biometric Data - Kevin Nevias
Privacy Implications of Biometric Data - Kevin NeviasPrivacy Implications of Biometric Data - Kevin Nevias
Privacy Implications of Biometric Data - Kevin NeviasKevin Nevias
 
Essay Cars Enslave Us Rather Than Liberate Us
Essay Cars Enslave Us Rather Than Liberate UsEssay Cars Enslave Us Rather Than Liberate Us
Essay Cars Enslave Us Rather Than Liberate UsAmanda Anderson
 
GDPR, User Data, Privacy, and Your Apps
GDPR, User Data, Privacy, and Your AppsGDPR, User Data, Privacy, and Your Apps
GDPR, User Data, Privacy, and Your AppsCarl Brown
 
Data Con LA 2022 - Pre- recorded - Web3 and Decentralized Identity
Data Con LA 2022 - Pre- recorded - Web3 and Decentralized IdentityData Con LA 2022 - Pre- recorded - Web3 and Decentralized Identity
Data Con LA 2022 - Pre- recorded - Web3 and Decentralized IdentityData Con LA
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 

More Related Content

Similar to Open Identity Exchange, Digital Sources of Trust 1 Research Findings

Self-Sovereign Identity: Lightening Talk at RightsCon
Self-Sovereign Identity: Lightening Talk at RightsCon Self-Sovereign Identity: Lightening Talk at RightsCon
Self-Sovereign Identity: Lightening Talk at RightsCon Kaliya "Identity Woman" Young
 
Client Cert Deployment Models and Hardware Tokens/Smart Cards
Client Cert Deployment Models and Hardware Tokens/Smart CardsClient Cert Deployment Models and Hardware Tokens/Smart Cards
Client Cert Deployment Models and Hardware Tokens/Smart CardsEd Dodds
 
Verifiable Credentials in Self-Sovereign Identity (SSI)
Verifiable Credentials in Self-Sovereign Identity (SSI)Verifiable Credentials in Self-Sovereign Identity (SSI)
Verifiable Credentials in Self-Sovereign Identity (SSI)Evernym
 
Legal Process using Social Media: Evidence, Jury Tampering, and the Service o...
Legal Process using Social Media: Evidence, Jury Tampering, and the Service o...Legal Process using Social Media: Evidence, Jury Tampering, and the Service o...
Legal Process using Social Media: Evidence, Jury Tampering, and the Service o...Omar Ha-Redeye
 
Omar Ha-Redeye - Legal Process using Social Media: Evidence, Jury Tampering, ...
Omar Ha-Redeye - Legal Process using Social Media: Evidence, Jury Tampering, ...Omar Ha-Redeye - Legal Process using Social Media: Evidence, Jury Tampering, ...
Omar Ha-Redeye - Legal Process using Social Media: Evidence, Jury Tampering, ...Clio - Cloud-Based Legal Technology
 
Personal Data and Trust Network inaugural Event 11 march 2015 - record
Personal Data and Trust Network inaugural Event 11 march 2015 - recordPersonal Data and Trust Network inaugural Event 11 march 2015 - record
Personal Data and Trust Network inaugural Event 11 march 2015 - recordDigital Catapult
 
Tony Nadalin' presentation at eComm 2008
Tony Nadalin' presentation at eComm 2008Tony Nadalin' presentation at eComm 2008
Tony Nadalin' presentation at eComm 2008eComm2008
 
DAY 1 Morning 1. Introductions 2. Confirm project .docx
DAY 1 Morning 1. Introductions 2. Confirm project .docxDAY 1 Morning 1. Introductions 2. Confirm project .docx
DAY 1 Morning 1. Introductions 2. Confirm project .docxsimonithomas47935
 
The challenges of digital evidence in ‘formal proceedings’ from Accuracy
The challenges of digital evidence in ‘formal proceedings’ from AccuracyThe challenges of digital evidence in ‘formal proceedings’ from Accuracy
The challenges of digital evidence in ‘formal proceedings’ from AccuracyPaul Wright MSc
 
Callcredit's Fraud Summit - Customer experience stream
Callcredit's Fraud Summit - Customer experience streamCallcredit's Fraud Summit - Customer experience stream
Callcredit's Fraud Summit - Customer experience streamCallcredit123
 
FSU Admissions Florida State University, Colleges I
FSU Admissions Florida State University, Colleges IFSU Admissions Florida State University, Colleges I
FSU Admissions Florida State University, Colleges IKatreka Howard
 
Identity Vs Reputation
Identity Vs ReputationIdentity Vs Reputation
Identity Vs ReputationMike Chen
 
The Domains of Identity & Self-Sovereign Identity MyData 2018
The Domains of Identity & Self-Sovereign Identity MyData 2018The Domains of Identity & Self-Sovereign Identity MyData 2018
The Domains of Identity & Self-Sovereign Identity MyData 2018Kaliya "Identity Woman" Young
 
Fraud auditing creative techniques
Fraud auditing creative techniquesFraud auditing creative techniques
Fraud auditing creative techniquesJim Kaplan CIA CFE
 
Stuart Harrison Open data - Under the hood
Stuart Harrison Open data - Under the hoodStuart Harrison Open data - Under the hood
Stuart Harrison Open data - Under the hoodeventwithme
 
Danger! Danger! Your Mobile Applications Are Not Secure
Danger! Danger! Your Mobile Applications Are Not SecureDanger! Danger! Your Mobile Applications Are Not Secure
Danger! Danger! Your Mobile Applications Are Not SecureTechWell
 
Privacy Implications of Biometric Data - Kevin Nevias
Privacy Implications of Biometric Data - Kevin NeviasPrivacy Implications of Biometric Data - Kevin Nevias
Privacy Implications of Biometric Data - Kevin NeviasKevin Nevias
 
Essay Cars Enslave Us Rather Than Liberate Us
Essay Cars Enslave Us Rather Than Liberate UsEssay Cars Enslave Us Rather Than Liberate Us
Essay Cars Enslave Us Rather Than Liberate UsAmanda Anderson
 
GDPR, User Data, Privacy, and Your Apps
GDPR, User Data, Privacy, and Your AppsGDPR, User Data, Privacy, and Your Apps
GDPR, User Data, Privacy, and Your AppsCarl Brown
 
Data Con LA 2022 - Pre- recorded - Web3 and Decentralized Identity
Data Con LA 2022 - Pre- recorded - Web3 and Decentralized IdentityData Con LA 2022 - Pre- recorded - Web3 and Decentralized Identity
Data Con LA 2022 - Pre- recorded - Web3 and Decentralized IdentityData Con LA
 

Similar to Open Identity Exchange, Digital Sources of Trust 1 Research Findings (20)

Self-Sovereign Identity: Lightening Talk at RightsCon
Self-Sovereign Identity: Lightening Talk at RightsCon Self-Sovereign Identity: Lightening Talk at RightsCon
Self-Sovereign Identity: Lightening Talk at RightsCon
 
Client Cert Deployment Models and Hardware Tokens/Smart Cards
Client Cert Deployment Models and Hardware Tokens/Smart CardsClient Cert Deployment Models and Hardware Tokens/Smart Cards
Client Cert Deployment Models and Hardware Tokens/Smart Cards
 
Verifiable Credentials in Self-Sovereign Identity (SSI)
Verifiable Credentials in Self-Sovereign Identity (SSI)Verifiable Credentials in Self-Sovereign Identity (SSI)
Verifiable Credentials in Self-Sovereign Identity (SSI)
 
Legal Process using Social Media: Evidence, Jury Tampering, and the Service o...
Legal Process using Social Media: Evidence, Jury Tampering, and the Service o...Legal Process using Social Media: Evidence, Jury Tampering, and the Service o...
Legal Process using Social Media: Evidence, Jury Tampering, and the Service o...
 
Omar Ha-Redeye - Legal Process using Social Media: Evidence, Jury Tampering, ...
Omar Ha-Redeye - Legal Process using Social Media: Evidence, Jury Tampering, ...Omar Ha-Redeye - Legal Process using Social Media: Evidence, Jury Tampering, ...
Omar Ha-Redeye - Legal Process using Social Media: Evidence, Jury Tampering, ...
 
Personal Data and Trust Network inaugural Event 11 march 2015 - record
Personal Data and Trust Network inaugural Event 11 march 2015 - recordPersonal Data and Trust Network inaugural Event 11 march 2015 - record
Personal Data and Trust Network inaugural Event 11 march 2015 - record
 
Tony Nadalin' presentation at eComm 2008
Tony Nadalin' presentation at eComm 2008Tony Nadalin' presentation at eComm 2008
Tony Nadalin' presentation at eComm 2008
 
DAY 1 Morning 1. Introductions 2. Confirm project .docx
DAY 1 Morning 1. Introductions 2. Confirm project .docxDAY 1 Morning 1. Introductions 2. Confirm project .docx
DAY 1 Morning 1. Introductions 2. Confirm project .docx
 
The challenges of digital evidence in ‘formal proceedings’ from Accuracy
The challenges of digital evidence in ‘formal proceedings’ from AccuracyThe challenges of digital evidence in ‘formal proceedings’ from Accuracy
The challenges of digital evidence in ‘formal proceedings’ from Accuracy
 
Callcredit's Fraud Summit - Customer experience stream
Callcredit's Fraud Summit - Customer experience streamCallcredit's Fraud Summit - Customer experience stream
Callcredit's Fraud Summit - Customer experience stream
 
FSU Admissions Florida State University, Colleges I
FSU Admissions Florida State University, Colleges IFSU Admissions Florida State University, Colleges I
FSU Admissions Florida State University, Colleges I
 
Identity Vs Reputation
Identity Vs ReputationIdentity Vs Reputation
Identity Vs Reputation
 
The Domains of Identity & Self-Sovereign Identity MyData 2018
The Domains of Identity & Self-Sovereign Identity MyData 2018The Domains of Identity & Self-Sovereign Identity MyData 2018
The Domains of Identity & Self-Sovereign Identity MyData 2018
 
Fraud auditing creative techniques
Fraud auditing creative techniquesFraud auditing creative techniques
Fraud auditing creative techniques
 
Stuart Harrison Open data - Under the hood
Stuart Harrison Open data - Under the hoodStuart Harrison Open data - Under the hood
Stuart Harrison Open data - Under the hood
 
Danger! Danger! Your Mobile Applications Are Not Secure
Danger! Danger! Your Mobile Applications Are Not SecureDanger! Danger! Your Mobile Applications Are Not Secure
Danger! Danger! Your Mobile Applications Are Not Secure
 
Privacy Implications of Biometric Data - Kevin Nevias
Privacy Implications of Biometric Data - Kevin NeviasPrivacy Implications of Biometric Data - Kevin Nevias
Privacy Implications of Biometric Data - Kevin Nevias
 
Essay Cars Enslave Us Rather Than Liberate Us
Essay Cars Enslave Us Rather Than Liberate UsEssay Cars Enslave Us Rather Than Liberate Us
Essay Cars Enslave Us Rather Than Liberate Us
 
GDPR, User Data, Privacy, and Your Apps
GDPR, User Data, Privacy, and Your AppsGDPR, User Data, Privacy, and Your Apps
GDPR, User Data, Privacy, and Your Apps
 
Data Con LA 2022 - Pre- recorded - Web3 and Decentralized Identity
Data Con LA 2022 - Pre- recorded - Web3 and Decentralized IdentityData Con LA 2022 - Pre- recorded - Web3 and Decentralized Identity
Data Con LA 2022 - Pre- recorded - Web3 and Decentralized Identity
 

Recently uploaded

Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsMark Billinghurst
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationMichael W. Hawkins
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machinePadma Pradeep
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking MenDelhi Call girls
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreternaman860154
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAndikSusilo4
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure servicePooja Nehwal
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking MenDelhi Call girls
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Allon Mureinik
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxOnBoard
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slidespraypatel2
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Scott Keck-Warren
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxLBM Solutions
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetEnjoy Anytime
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...shyamraj55
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonetsnaman860154
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Alan Dix
 

Recently uploaded (20)

Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Human Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR SystemsHuman Factors of XR: Using Human Factors to Design XR Systems
Human Factors of XR: Using Human Factors to Design XR Systems
 
GenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day PresentationGenCyber Cyber Security Day Presentation
GenCyber Cyber Security Day Presentation
 
Install Stable Diffusion in windows machine
Install Stable Diffusion in windows machineInstall Stable Diffusion in windows machine
Install Stable Diffusion in windows machine
 
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men08448380779 Call Girls In Greater Kailash - I Women Seeking Men
08448380779 Call Girls In Greater Kailash - I Women Seeking Men
 
Presentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreterPresentation on how to chat with PDF using ChatGPT code interpreter
Presentation on how to chat with PDF using ChatGPT code interpreter
 
Azure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & ApplicationAzure Monitor & Application Insight to monitor Infrastructure & Application
Azure Monitor & Application Insight to monitor Infrastructure & Application
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure serviceWhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
WhatsApp 9892124323 ✓Call Girls In Kalyan ( Mumbai ) secure service
 
Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men08448380779 Call Girls In Civil Lines Women Seeking Men
08448380779 Call Girls In Civil Lines Women Seeking Men
 
Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)Injustice - Developers Among Us (SciFiDevCon 2024)
Injustice - Developers Among Us (SciFiDevCon 2024)
 
Maximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptxMaximizing Board Effectiveness 2024 Webinar.pptx
Maximizing Board Effectiveness 2024 Webinar.pptx
 
Slack Application Development 101 Slides
Slack Application Development 101 SlidesSlack Application Development 101 Slides
Slack Application Development 101 Slides
 
Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024Advanced Test Driven-Development @ php[tek] 2024
Advanced Test Driven-Development @ php[tek] 2024
 
Key Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptxKey Features Of Token Development (1).pptx
Key Features Of Token Development (1).pptx
 
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your BudgetHyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
Hyderabad Call Girls Khairatabad ✨ 7001305949 ✨ Cheap Price Your Budget
 
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
Automating Business Process via MuleSoft Composer | Bangalore MuleSoft Meetup...
 
How to convert PDF to text with Nanonets
How to convert PDF to text with NanonetsHow to convert PDF to text with Nanonets
How to convert PDF to text with Nanonets
 
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...Swan(sea) Song – personal research during my six years at Swansea ... and bey...
Swan(sea) Song – personal research during my six years at Swansea ... and bey...
 

Open Identity Exchange, Digital Sources of Trust 1 Research Findings

  • 1. OIX Digital Sources of Trust 1 Alpha Research Findings 03.02.15 James Boardwell, Rattle (rattlecentral.com) Andrea Valle, Adobe
  • 2. “Discover the user experience under which thin-file users will be inclined to present digital evidence of identity from trustworthy sources to a certified Identity Provider as part of an LOA 2 digital identity registration.” This Digital Sources of Trust 1 project was concerned with finding secure ways for thin file citizens to prove their identity to LOA2 in order to be able to access gov.uk services, using paperless identity document / data verification. The main focus of the user tests was to understand the user experience of the verification process and in particular, whether people would and could present evidence around the Personal Learner Record, a document produced by the Skills Funding Agency and available via the National Careers Service.
  • 3. The Data: Personal Learner Record Thin File demographics - by their definition - don’t have strong evidence of their identity. For example, valid passports, driving licences or financial data. The Personal Learner Record is a relatively new document produced by the Skills Funding Agency and available through the National Careers Service. It contains details of further education for all adults in the last 3-4 years. Pros: It should cover most younger thin-file users Cons: It is not a recognised document
  • 4. Data for Knowledge Based Verification (KBV) and PDS data sharing <MessageLogTraceRecord> <Addressing xmlns="http://schemas.microsoft.com/2004/06/ServiceModel/Management/MessageTrace"> <Action>http://tempuri.org/ILearnerServiceR9/LearnerByUln</Action> <To>https://ws2.staging.miap.gov.uk/Compatibility/QcfServices/LearnerServiceR9.svc</To> </Addressing> <s:Envelope xmlns:s="http://schemas.xmlsoap.org/soap/envelope/"> <s:Body> <LearnerByUln xmlns="http://tempuri.org/"> <invokingOrganisation xmlns:a="http://schemas.datacontract.org/2004/07/Amor.Qcf.Common" xmlns:i="http:// www.w3.org/2001/XMLSchema-instance"> <a:ChannelCode>None</a:ChannelCode> <a:Password>##########</a:Password> <a:Reference>TEST72</a:Reference> <a:Ukprn>TEST0072</a:Ukprn> <a:Username>TEST72</a:Username> </invokingOrganisation> <userType>LNR</userType> <vendorId>1</vendorId> <language>ENG</language> <uln>9349327510</uln> <givenName>Adam</givenName> <familyName>Antcliff</familyName> <findType>FUL</findType> </LearnerByUln> </s:Body> This is what the data in the PLR looks like and from which we formed questions to ask users.
  • 5. “What affects the inclination of thin- file users to present or use digital evidence (in particular PLR data) of their identity?” From the project aims we produced this research question. Or, how we do people convert and what affects that conversion? (We are assuming for the test that this PLR data alone would have been sufficient for LOA2 when that seems doubtful.) Let’s remind ourselves of the problem we’re trying to fix…
  • 6. Video 1: “Proving who you are is a complete and utter nightmare” https://vimeo.com/119214574 Proving who you are - for a significant minority of people - is incredibly difficult.
  • 7. The Test • 20 Thin File users • 3 User Journeys: • #1 Eight Knowledge Based Questions (7 from PLR) • #2 Download the Personal Learner Record • #3 Share data via Personal Data Store 20 people recruited aged 17-30 who had undertaken some further education (vocational training was allowed) in the last 3 years. No valid passport or driving licence. No significant credit history - only 2 of: bank account; mortgage; loan; store cards; mobile phone contract; electricity bill in your name.
  • 8. The Use Case photo credit: https://www.flickr.com/photos/leehaywood/4203551907 A strong user case as younger people applying for a provisional driving licence often fall into the ‘thin-file’ demographic due to life stage: they live at home, don’t have any financial products, and their passport has expired.
  • 9. We used the existing GDS Identity Provider journey from hub, however we added the 3 user journeys we were testing. Most of the testing was undertaken in the GDS user testing suite at Aviation House, with a minority done in Sheffield at the Rattle studio. (It’s worth mentioning that testing the willingness of people to use digital evidence was inherently tied up with the interaction and usability of the GDS templates.)
  • 10. The KBV Questions (User Journey #1) 1.What was the postcode of your place of residence on 1/1/2010? 2.What is your place of birth? 3.In what year did you pass "Introduction to Construction Work: Entry 3" (include retakes)? 4.What is your Unique Learner Number? 5.Which examination board did you take your GCSE in English with? 6.In what month and year did you commence the course "Diploma in Fitness Instructing & Personal Training"? 7.Which grade did you obtain in the following subject: "GCSE in Further Mathematics"? 8.What are the first two letters of the forename of another person on the electoral register at your address? To see screenshots of the entire process please refer to the PDF of screenshots: https://www.dropbox.com/s/hcyxv7242yghv8u/OIX%20DSOT1%20User%20Test%20Questions.pdf?dl=0 The electoral roll question was kept from the existing GDS IdP journey as a benchmark to understand how educational data was perceived in relation to ‘standard’ dynamic KBV questions.
  • 11. PDS Data Sharing Options • Personal information • Name • Date of birth • Postcode • Address • Skills Funding Agency • Certificates of Educational Achievement • Housing • Tenant agreement • Rental payment history • Smart card • Card Identity Details • Transaction History • Bank Account / Credit Card • Account information • Transaction History These options were presented as tick boxes to check and we asked people to choose seven from the eleven available.
  • 12. What Did We Discover?
  • 13. #1 Most Love the Ability to Verify Online Without Gold Std Documents Male (D): “When’s it coming into action?... because that would be a very good service, I reckon a load of people would start using that.” The process of applying for passports and driving licences can be scary and this process made it relatively simple. It was very well received - we only had 3 people who would not have progressed and converted: 2 would have preferred to do it offline (they felt intimidated by the online process) and 1 technically literate teenager felt that he would not have wanted to share his data online (with the IdP).
  • 14. Video 2: “This is wicked” https://vimeo.com/119213929
  • 15. However, there are issues affecting conversion:
  • 16. #2 Process And Documents / Data Need To Be Clearer • Identity verification is associated with definitive (tangible) documents and references rather than KBV • KBV questions unfamiliar and therefore slightly confusing, affecting confidence in the process • Some users thought they were providing static KBV security questions: Male (E): “That’s like a secret question...That’s smart I suppose. It’s better than what’s your friends name or your mum’s maiden name things like that.” People associate identity with documents or reference numbers, not data points. KBV was unfamiliar and as such it affected confidence in the process - people didn’t feel sure about what they were doing. Fix: question format; knowledge of the PLR and what data being used; use other data too - mobile phone?
  • 17. Video 3: Confusion about static versus dynamic knowledge based verification (“are these security questions?”) https://vimeo.com/119213930
  • 18. #3 Personal = Good Too Personal = Bad • Tension between being personal enough to feel trust that is valid, and too personal making people feel uncomfortable • Makes people conscious of the process, brings people out of flow state Moving along in flow, feels like a test then - a question acts as a flag, brings them into consciously thinking about process and identity. 2 clips.
  • 19. Video 4: “Asking me is like a punch in the gut” https://vimeo.com/119129789 Crucially, this user would have continued, but the question felt very intimate. And for some the KBV questions made them question the data, the document and where it all came from.
  • 20. Video 4: “Who’s keeping tabs on me?” https://vimeo.com/119129787
  • 21. #4 Answering Questions Very Different To Sharing Data • Questions = Flow and a less conscious focus on identity • Sharing via PDS was presumed to be documents and involve humans (humans judge you). • Users also had decisions to make in the PDS journey 3 and they were second guessing what documents / data would be relevant…. User journey 3 was understood differently by users - due to the concept of sharing data. In user journey 1 (KBV) participants did not believe they were sharing the PLR, partly because they didn’t know what it was & didn’t believe they had ownership of it. Whereas the act of sharing data via a PDS service (in user journey 3) was more explicit. (Still, 20 - 25% said they would prefer to use a PDS than answer questions as it was quicker).
  • 22. Video 5: Sharing data via a Personal Data Store - “why would they even want that?” https://vimeo.com/119213928
  • 23. Willingness to Share via PDS Here we can see how the various willingness to share different types of data.
  • 24. #5 Financial Data Is Sacrosanct • It feels far too private to risk sharing • Female (Ma): “They need to quit! bank account, credit card, don’t even be asking be about that… Imagine, A transaction history, they wanna know where you’ve been going with what money you’ve been spending at what time (gasps) no way thats ridiculous, so unnecessary init” As we saw in the last side financial data felt the most personal of all data points for the thin file participants. Whilst this wasn’t spontaneously mentioned on the KBV questions - it was flagged up consistently in user journey 3, possibly due to the older thin-file groups having experience of debt and perhaps highlights issues of money management (something we know from other research they feel vulnerable and embarrassed about).
  • 25. Video 6: Choosing what to share via a Personal Data Store https://vimeo.com/119129797
  • 26. #6 Social Data Has A Greater Shelf Life • Data with social currency has a longer shelf life • Unique Learner Number and Examination Board are things people feel they should know • Most people keep educational records (19 out of 20 had access to them) Subject grades, postcodes, course names and institutions are all data types that have social currency; they are used frequently and have transaction value = high recall. No social currency, for example examination board data = low recall. The examination board question was something people felt they knew but had little confidence in their answers. Likewise Unique Learner Numbers (ULNs) were something most people thought they recognised but nobody knew it; it isn’t something they use to transact with regularly.
  • 27. A User Experience People Trust? • In principle KBV using digital sources of evidence works well • Both KBV and PDS would convert better with known documents and clearer understanding of what is being shared, how and with whom #transparency • Recommend further tests with mobile transaction data To sum up.
  • 28. Andrea, from Adobe: The project team has discussed the possible ways to improve the process of verification using paperless documents to proof identity or verify claimed data. Adobe has proposed as the next step of the project to use secure PDF documents as digital sources of evidence as part of the digital identity registration process.
  • 29. Adobe Digital Government citizenaccesses applicable governmentservice citizenIDrequested bygovernment service citizendirectedto identityproviderof choice citizen authenticated citizenhas IDalready onlinequestionnaire toassertcitizen identity citizenidentity asserted&ID createdsuccessfully citizendoesnot currentlyhaveID citizen authenticated Citizen Experience – Current citizenidentity cannotbeasserted& processaborted As Government agencies move forward to produce and exchange secure electronic documents (protected by technologies like Digital Rights Management and Electronic Signatures), the citizen will have reserved access to their documents and will be allowed to share them in a transparent way under their control through a secure platform.
  • 30. Adobe Digital Government citizenaccesses applicable governmentservice citizenIDrequested bygovernment service citizendirectedto identityproviderof choice citizen authenticated citizenhas IDalready onlinequestionnairevia identityprovider to assertcitizenidentity citizenidentity asserted&ID createdsuccessfully citizendoesnot currentlyhaveID citizen authenticated citizenselectspreferred attributeproviders&gives contactpermission securemessagesentvia governmenthubto appropriateattribute providerswithrequestfor information New Citizen Experience health services military educationlocal authorities social services citizeninstantly informedofalternative attributeproviders&providedwithdirect contactmethodtobridge“offlinegap” DWP HMRC other citizenidentitycannot beassertedthrough standarddprocess These documents could serve as digital source of evidence that citizen will be able to share with Identity Providers or Attribute Providers for a limited amount of time or limited scope like validating KBV questions.
  • 31. Adobe Digital Government Attribute Provider & Digital Source of Evidence selectedidentityprovider reassesses basedonnew evidenceofidentity authorisedattribute provideruseraccesses governmenthub& accessesinformation requests appropriateproofof identitydata/ documentsattachedto request digitalrights&signatures appliedtodigital documentation/datato verifyauthenticity& controlaccess digitaldocumentation/ datadispatchedsecurely toselectedidentity providerviadigitalhub accesstoevidence documentation/data automaticallyrevokedto maintainprivacy&security. AuditLogarchivedbydigital hub citizenidentityasserted& IDcreatedsuccessfully onlinequestionnairevia identityprovider toassert citizenidentityviaknowledge basedauthentication SAMLauthentication usedfordatatransfer electronic documents, structureddata, metadata scannedphysical documentation citizencopiedinto documentationand storedinpersonaldata storeifrequired In particular, the presence of metadata within those digital documents would help the IdPs to process relevant information in automated ways without need to physically access the complete document. We plan to start a pilot soon to validate these concepts and test new scenarios for provisioning digital identities online to a larger user base.
  • 32. OIX Digital Sources of Trust 1 Alpha Research Findings 03.02.15