- Start with a smaller ecosystem
- Many successful approaches to identity control the level of complexity by limiting the initial size of the ecosystem of services and identity providers. The Australian government, for example, controlled the growth in complexity by choosing to solve the problems within government first, and build success there, before attempting to involve the private sector. For example, The Scottish government prioritizes maximizing user data reuse across public sector services, prioritizing success in this ecosystem over private sector opportunities, and reducing identity verification. Start with an easier user journey to build scale, and add as you learn. Identity verification and authentication are separate concepts, and many services have successfully controlled complexity by offering a strong digital credential first, adding identity verification as an additional service later.
- Work on both the supply and demand side
- Successful programs design for the needs of users first, then for organizational convenience. However, with identity spanning multiple services, the only way of ensuring a good user experience is for identity programs to work closely with the teams providing those services to understand their needs. This can encompass making it as easy as possible to technically integrate with your service, by using open standards, clear documentation, sandboxes and examples in the open. Also by making it bureaucratically simple to get started by eliminating procurement and setup. Finally working with service teams to help them understand how and when identity is best integrated into each user journey, for example by sharing and pooling user research.
- Build community
- This is no substitute for direct research with users to understand their needs, but successful approaches often involve intense work to build consensus with stakeholders on problem solving, or getting closer to groups of users and experts. This can be in the form of engagement with privacy stakeholders and industry associations. A common approach is to use the generation of a trust framework as a focus for conversation and agreement, and as a means to bring people in and understand their concerns and needs. Focusing stakeholder attention at the level of a trust framework allows you to discuss and agree what is important, agnostic of technology or vendor.
- Make sure you can learn and iterate rapidly
- It’s important to put yourself in the position where you can test your riskiest assumption with users as early as possible. This means that you may need to organize your program so that the aspects you are least certain about, are in a position where you are most easily able to learn and change. Successful programs keep development of the parts of their service they are least certain about close, putting them in the hands of teams they are sure are able to learn and adapt quickly. [1]
References:
[1] How to control your biggest risks in digital identity — Public Digital