I recently read a great post from Jerry Fishenden on the Identity Principles underpinning the Identity Assurance Programme at the Cabinet Office.
I was once asked to talk about why identity initiatives fail. In preparation for my chat, I interviewed users and designers of various schemes that had succeeded and failed. The conclusions of those discussions were obvious but I am surprised how passionate people still get about identity initiatives that exhibit similar tendencies.
The almost universally expressed view was that it wasn’t about identity at all: an identity credential isn’t an end product or service but something that you require or acquire to get or do something. If what you get or do with an identity credential just isn’t attractive for whatever reason, or is available in a much easier way, then it is very unlikely that the identity product or service will be a “starter for 10”.
The second strand was equally obvious: if the identity credential – however well designed or privacy protecting – is more expensive or onerous to get/use than other ways of doing things, then forget it. How many wallets have tried to replace simply typing in your credit card number over an SSL connection over the last decade? I have lost count. Keep it simple for consumers and relying parties.
There were some simple questions that came up again and again in assessing the value provided by schemes – listed here by order of frequency:
- What are the services I can get using the identity credential? Are they compelling?
- Is the credential expensive or difficult to get or use?
- Can I get the service without the credential?
- What’s the business service being implemented? Does it really provide value over how I do business today? Can I do business with more people, more easily?
- What will the experience be like for my customers? Is it likely to put them off?
- How complicated is it to install?
- What is the risk if I rely on the token – will I get stung for failures, fraud etc. or is there greater protection than I have today?
- What makes it better than the status quo – do more business more cheaply? (SSL, Username, Password)
However wonderfully designed your ID service, it is the services that it enables that drive its success or failure – and only if it makes those services more easy to obtain than otherwise or obtainable on better terms.