The View Driving Record (VDR) public beta has been running for over two months, with over 50,000 visits to date.
When giving users access to sensitive information such as the details on your driving licence, we need to be sure that the right people get access to the right information.
Access to the service is currently allowed by matching the user's data to the driving licence number. We also use an existing link to the Department for Work and Pensions (DWP) to check if the National Insurance Number (NINO) provided matches details held by DWP and HM Revenue & Customs (HMRC).
Whilst this authentication process is fairly quick and straightforward, there are some downsides.
● the user has to re-authenticate each time they use the service
● if the user doesn't know their NINO they can't use the service
● it does not provide us with the level of confidence the user is who they say they are in order to offer them more information such as their photo image or allow them to link to a transactional service.
For example, at present, the user would have to register with Government Gateway and re-authenticate before being able to update their address or renew their licence.
Working with GDS
The VDR team have been working closely with the Government Digital Service (GDS) identity assurance team to address these concerns and develop a private beta using identity assurance. This has involved connecting identity assurance to our service and developing a process to match the user's verified identity to their driving licence record.
Once the match has been made, we have created a rule which allows us to recognise the user each time they use the service. This will mean that once registered with identity assurance, users will have faster access.
As part of DVLA's wider transformation of driver services the identity assurance sign in can be re-used to provide the foundations for the authentication process for driving licence applications etc.
Development and testing
The team here have adopted slightly different methods of development and testing, as we work remotely to the GDS identity assurance team. We re-used some code written by GDS and HMRC that was initially used in their PAYE exemplar transaction, which was the first service to go into private beta using identity assurance. We have also developed our own for the DVLA specific elements. To overcome remote working we have used tools such as Huddle to aid the collaboration process.
Our testing strategy altered slightly compared to what we’re used to. Taking in to account the complexity of development work occurring from two separate locations (GDS & DVLA) testing took a ‘stop-&-start’ slant.
Data creation changed from the typical JSON files that we’re used to and we decided to make take full advantage of the Postman extension in Chrome. This powerful HTTP client not only allowed us to craft our HTTP requests quickly, this also allowed us to store any requests for future use simply and effectively.
As well as saving us a significant amount of time it also saved us a considerable about of effort when testing commenced across the many different test environments we use. Storing this data for future use and making it immediately accessible to the entire test team allowed them to persevere with their end-to-end testing without the dreaded thought of creating and re-creating (and re-creating.....) data over and over again!
Roll out plan
We are aiming to launch our private beta of the identity assurance option this week. This will mean that a limited number of users will be given the opportunity to trial identity assurance as an alternative to the existing log in process. We will use the feedback from that trial to improve the process and iron out any issues with matching users to their record. We then aim to extend the trial gradually until identity assurance is ready to progress to full public beta.