There are two primary "identity proofing" user experience (UX) options when it comes to enrolling a person in a high value application (RP). The differences come down to whether or not a RP or a CSP does the collection of information needed for identity validation and verification. Should one or the other be the default UX for public sector services?
As I've pointed to before, disruptive innovation should be non-disruptive to adopt, so a UX that is non-disruptive should be consistent with the day to day online experiences of a person i.e. what have the daily online user journeys of a person trained them to expect?
I don’t think the general public really minds the enrollment process. First time at a site, I provide certain pieces of identity information that assists the site in disambiguating my identity or tying me to a specific record. It actually has several advantages: I am responsible for the information passed, I know what information pertaining to me is being relied upon. And it doesn’t preclude the site I am visiting from doing an out-of-band verification.From a recent conversation with a Domain Expert
The typical online experience is for the RP to collect the needed information, and results in the following flow:
The alternate flow is the out-sourcing of the information collection to a Credential Service Provider (CSP) which, research has shown, is not the normal expected experience for the majority of people. This results in the following flow:
BTW, it is important to note that this is about the UX and not about division of responsibility, so from an implementation perspective both the TM and IM components could very well be provided by the same CSP. In addition, the first flow lends itself a lot more cleanly to a pull based architecture which is important for authorization.
- Identity Establishment, Verification and Validation
- Future of Identity Management is… Now!
- Balancing Identity Assurance and User Enrollment UX
- Does Public Sector Identity Federation have a Compelling Gain-to-Pain Ratio?
Did you find this interesting? Don't miss any new posts. Sign up to automatically receive them now!
This blog post first appeared on Anil John | Blog (https://blog.aniljohn.com). The opinions expressed here are my own and do not represent my employer’s view in any way.