At GDS, our mission is to build a simple, joined-up and personalised experience of government for everyone. Over the last few months we've written about our work on a GOV.UK account, and a new single sign-on and digital identity solution. Today I want to talk about the strategy underpinning these initiatives, and how the systems are going to work together.
The principle of least astonishment
The GDS mission says we are here to make government simple. It's easy to say, but what do we really mean by that word, "simple"?
One approach to simplicity is to say: we want to surprise our users as little as possible. When they click a button, it should do what they expected it to do, not something completely out of the ordinary. This idea is sometimes called the principle of least astonishment.
Almost all successful digital organisations offer a single way to sign in across all their products. Your BBC account works for Weather and iPlayer, your Amazon account works for both shopping and video streaming, and your bank app lets you view both your current account and your mortgage. You could reasonably ask, why don’t government services work this way? Why are there well over a hundred different ways to sign in?
There are two reasons. One is about the public sector technology estate, the other is about GDS itself.
The challenge of steering flotillas
One of the reasons things don't work that way is that GOV.UK, while it appears to be one thing, is really assembled from hundreds of different products run by hundreds of different teams. The UK government has one of the most distributed technology estates of any organisation in the world. This is a tremendous strength, because it allows digital products to be built by the people closest to their users.
The drawback to this federated model is that all those different systems sometimes have to find different ways of doing the same thing. GDS has long championed an approach to this challenge known as Government as a Platform, where common components are built once and used by multiple services. This improves user experiences, drives down costs and makes service operations more efficient. GOV.UK Pay and GOV.UK Notify are two great examples.
So, to make ‘signing into GOV.UK’ work the same way across the whole site, we have to create a set of common systems so good that all these hundreds of teams want to use them. That's where the new single sign-on and identity checking solution come in. Think of them like new additions to the toolkit for building great government services (which today already includes GDS services, as well as great APIs offered by the likes of HMRC and DVLA among many others).
That's why we work so closely with people across government at all levels to guarantee that what's built works for both sets of users: users of government and teams in government.
Beyond one-size-fits-all
I said that there were two reasons why signing in to government services on GOV.UK doesn't always work as a user might expect. We've covered the first one, which is that government's distributed technology estate (a good thing) can end up with the same problem being solved in many different ways.
The second reason is that much of GOV.UK was never built with the expectation that people would sign in to it. If you forget for a second about the hundreds of services attached to it, the core of GOV.UK is an information-based website with about half a million content pages. If a user looks at one of those pages, the next user visiting that page will see the same thing. That might sound obvious, but it's very different to, say, the Spotify homepage, which will look quite different from one user to the next, based on personal preferences and previous usage.
The current one-size-fits-all approach has worked beautifully for years, and will always be the main way GOV.UK works. It's one of the things that helps keep GOV.UK loading super fast for millions of people every day. And if you just want to find out some information, it works great. For that reason, GOV.UK expects users will sign-in to access services (like Universal Credit, or Personal Tax Account) when needed, but it doesn't have a concept of users being signed in to the whole GOV.UK experience.
Until now, that is. The GOV.UK Account introduces, for the first time, the idea of being logged-in to GOV.UK itself – not just an individual service, but the whole website and all the services on it.
Personalised and proactive
This simple and powerful idea introduces a host of opportunities, many of which the GOV.UK Account team have already written about. Logging in to GOV.UK will let users bring together the information and services most relevant to them, and make it easier to keep track of what they're doing with different parts of government. A GOV.UK Account could, with permission, suggest what services a person might need next, show them services they're eligible for, and even notify them when policy changes affect them.
This gets to the heart of how the single sign-on and the GOV.UK Account work together: the single sign-on will provide an easy way for users to sign in from any part of GOV.UK, then the account will make the experience of GOV.UK better for those who are signed in.
Signing in will work the exact same way whether people sign in to fill in their passenger information, pay the Dart charge, or to subscribe to content updates on GOV.UK. If they've already signed into any other government service, there will be no need to sign in again. And while they're signed in, they'll have access to features on GOV.UK that provide more convenient access to services they use frequently.
Meanwhile, as Lead Product Manager Will Myddleton put it in a recent episode of the GDS Podcast, government teams will be able to spend "their budgets and their time and their human creativity solving the problems that are unique to their service." Users of government services will have fewer passwords to manage, and fewer systems to work out. And, for those who want it, there'll be a personalised experience of GOV.UK that goes beyond one-size-fits-all.
In one sense, it's transformative to how government services work today. In another, it's just… the least astonishing thing.
27 comments
Comment by Anthony posted on
Interesting they don't provide a shot of the login screen saying they've sent a six digit code to your email. That code may or may not arrive. Or it arrives at the precise moment it is due to time out. I've spent the best part of an hour trying to access my account and now failed. I'm not even gong to bother again. MP has been contacted. Sainsbury's manage better.
Comment by The GDS Team posted on
Hi Anthony,
We’re sorry to hear you’ve had an issue with GOV.UK Account. If you are not receiving the code by email after you’ve requested it, you can click on the ‘request a new code’ option. If that does not work, you can get in touch with our support team by clicking on the ‘Support’ link at the bottom of the page.
Thanks,
The GDS Team
Comment by Chris posted on
Is this another computer solution that insists citizens have photographic identification?
Are you aware that this country does not have laws that require citizens to own photographic identification?
Do you see how requiring citizens to own photographic identification to access vital public services, is actually a BARRIER to accessing these public services?
Centralising identity verification is all well and good, if we have a strong identity legislation in this country,
but we don't. National ID cards aren't legal, and are not issued by the state.
The existing utilization of Verify (UC) is rife with fraud, with hundreds of thousands of stolen identities. People pass through the Verify process fraudulently and make false claims of benefit using the name and national insurance of another innocent citizen.
I don't drive, I don't own a passport. Quite simply, it is not convenient for me to use GOV.UK services, because the system is set up wit the the assumption that users have photographic identification, when in fact, there is no legislative or realistic assurance that all citizens will be able to meet the parameters you are laying out.
If the main way moving forward to access public services is by owning a photo ID, then issue me a photo ID. Otherwise, you are excluding people like me from this modernisation.
Comment by The GDS Team posted on
Hi Chris,
Thank you for your comment. Ensuring that all citizens and residents are able to access services is one of the programme’s top priorities.
We're increasing the number of data sources which can be used to prove a person’s identity in the absence of a driving license or a passport, like birth certificates. We're also exploring different ways for people to prove their identity including the use of vouching, delegation and other techniques with services.
Thanks,
The GDS Team
Comment by Max posted on
Are you going to use this for internal authorization and authentication as well? i.e. for civil servants accessing things like Pay and Notify.
I'm sure many of the same issues around identity assurance occur within government itself. And I certainly would find it reassuring that the system used by the government to secure sensitive internal data is used to secure my private data too.
Comment by The GDS Team posted on
Hi Max,
We're speaking to service teams across government, including those running internally-facing services for civil servants. If the service is within central government, and has needs that we can meet, we’d certainly want to consider those.
Thanks,
The GDS Team
Comment by Gemma Adams posted on
Hi,
This looks like a sensible direction to be heading in...
Do you have an idea of how long (roughly) it is going to take to deliver a single login account for the whole of UK Government?
Thanks,
Gemma
Comment by The GDS Team posted on
Hi Gemma,
Thank you for your feedback. Not at this time. What we can say is services will only be integrated when we’re confident the new solution works as it needs to.
Thanks,
The GDS Team
Comment by Steve Ruddy posted on
I work in the wider public sector (local Authority) and have been waiting for years for the Verify product to deliver the anticipated efficiencies- but equally understand the difficulties. I hoped this refresh would grab the opportunity to seamlessly link, via SSO, customers central government credentials to their local government digital accounts.
Is this not now in scope in this first tranche?
Thanks
Comment by The GDS Team posted on
Hi Steve,
The initial focus of the programme's funding is central government services. However, we are building the single sign-on and identity solution in a way that will make it easy for any services to use them, including those operated by local authorities. We are regularly engaging with local authorities and see them as central to the value of these common services.
Thanks,
The GDS Team
Comment by Kenneth posted on
As another British citizen, I am disappointed that the intent of this work is _not_ to create a common identifier (source: https://gds.blog.gov.uk/2021/07/13/a-single-sign-on-and-digital-identity-solution-for-government/#comment-969949).
That said, if my GOV.UK Account will act as a sort of keychain for other identifiers (my National Insurance number, my UTR, my passport number, etc), then I suppose it's a good enough proxy for now.
Is that the case? Will I be able to go into my GOV.UK Account settings and maximally populate it with as many identifiers as I have?
I don't know why us Brits can't get over this obsession with not having a single personal identifier that is used by both the public and private sectors. Many European countries have one and the sky there seemingly hasn't fallen in.
Comment by The GDS Team posted on
Hi Kenneth,
At this stage we simply don't know. We are taking a privacy by design approach to building the system, seeking to balance convenience with the concerns of many users. We're clear that access to services should be easier, which for users means less time spent filling in the same information. The work we have ahead is to achieve that aim while safeguarding the privacy of individuals.
Thanks,
The GDS Team
Comment by Max posted on
I completely agree Kenneth.
My main concern is that by not having a common identifier, government departments are having to store much more of my personal data, in order to enable 'matching' between services. Having to 'match' data also inevitably increases the possibility of mistakes, meaning my data might be mismatched with someone else's, thus potentially exposing my personal information to third parties.
Comment by The GDS Team posted on
Hi Max,
We are providing a consistent identifier for each user for each department. It is not a single identifier used across government, but does mean the same user will have the same identifier each time they log into a particular service, minimising the need for matching.
We aren’t replacing all of the channels a user might use to contact a department, or building a CRM for government, so it will remain necessary for departments to hold the data necessary for them to manage their relationship with users, for example when then use the phone or interact in person.
Departments often have their own identifiers to ensure they match users to the right records, for example the Unique Taxpayer Reference at HMRC. It would not be straightforward or valuable to try to replace these with a single, central one for the digital channel, and our service will support the use of existing identifiers for disambiguation where the user chooses to share them.
Thanks,
The GDS Team
Comment by Kenneth posted on
"It would not be straightforward or valuable to try to replace these with a single, central one for the digital channel ..."
I agree that it would not be straightforward, but I do not agree that it would not be valuable.
Other Western European countries with ubiquitous single national identifiers include Belgium, Denmark, Finland, Iceland, the Netherlands, Norway and Sweden. Those are all pretty civilised countries last time I looked.
What is so unique about the UK that we cannot manage to have a single national identifier, and thus instead have to expend an immense amount of unnecessary human effort implementing data-matching algorithms?
If each person had 100 different identifiers, there might be some logic to the argument against them, but each person only has a handful of identifiers anyway, with a lot of use made of the National Insurance number, so how much do we really gain from not simply consolidating on a single identifier?
Comment by The GDS Team posted on
Hi Kenneth,
Thank you for your comment. We are not making a system which enrols people to a new digital identity document. Our aim is to create a system that allows people to log in and prove who they are using existing documents and evidence.
Thanks,
The GDS Team
Comment by Caroline Miskin posted on
Will third party access (eg, by tax agents or friends, family or voluntary sector who are helping) be built in, that is the biggest challenge in this area?
Comment by The GDS Team posted on
Hi Caroline,
Thanks for your important question. The ability for users to delegate certain aspects of their interactions with government will be a critical part of the system. To begin with, the single sign-on will only handle authentication, and existing means of delegating access will continue to be provided by individual services where appropriate. Over time, we expect to develop a common approach to delegated access, too. The detailed work to understand exactly how this will work hasn't started yet. It will be conducted in close collaboration with departments who have experience providing such a capability.
Thanks,
The GDS Team
Comment by Sean posted on
Hi Team,
I think this is a great idea. Could you tell me if other apps will be able to integrate via API's at all?
Many thanks,
Sean
Comment by The GDS Team posted on
Hi Sean,
Right now we're designing the system with a focus on use by central government services. We have no immediate plans to make it available to the wider public sector or private sector, though we believe our architecture could support this in time. Integration with the single sign-on will use standard APIs like OpenID Connect.
Thanks,
The GDS Team
Comment by Newton Christian Okorogheye posted on
THAT IS AWESOME, KEEP IT UP.
Comment by Hugh posted on
Will there be different levels of gov.uk sign in?
For example I would expect a less secure log on to pay a Dart charge as opposed to completing a tax self-assessment.
Comment by The GDS Team posted on
Hi Hugh,
There will be different levels of identity checks depending on the service you are looking to use. These levels will be agreed with the service themselves.
Thanks,
The GDS Team
Comment by Simon posted on
Is this the right time to do this with scepticism over vaccine passports and national I.d cards....
Comment by The GDS Team posted on
Hi Simon,
We understand the comparison but we are not building a national ID or similar scheme. What we are trying to build is closer to having an online login for your bank account, which enables access to all the bank’s services, rather than having to create separate accounts to apply for a loan, credit card or other service a bank might provide.
We have heard consistently from users that having numerous logins to access government services is confusing, time-consuming and frustrating - we want to simplify this and make it easier for users to access government services. We have learnt a lot from previous attempts and the last 18 months has shown us how much this facility is needed by government and our users. This is about fast, simple and secure access to services for our users. And if you don’t want to have an account, you still don’t have to have one.
Thanks,
The GDS Team
Comment by Not Telling posted on
As a British citizen, I frankly don't *want* a centralised government SSO. I'm deeply skeptical of the state, do not like giving out my personal details *at all* and if anything appreciated that each form asked the same thing anew as it made me think that the information was being stored in a compartmentalised fashion. Frankly, I guess I find the chaos and fiefdoms reassuring, beyond anything else.
Comment by The GDS Team posted on
Hi,
We understand your perspective and that there are other citizens who will feel the same way. That is why we are taking a consent-based approach to make sure users of online government services remain in control of their personal information.
Our aim is to give users choice over whether to save their personal details in an account for greater convenience, or to provide their details every time, as they prefer. Users will also be able to see which details they’ve shared, when, and with whom in their GOV.UK Account and manage these permissions over time.
Thanks,
The GDS Team