Digital authorization with Fontys part 2
One of the themes that Novum pays attention to is Self-Direction. An important topic in this regard is the aging population in combination with the digitization of government services. We expect that the demand for solutions around digital authorization will increase. Because we know that a large number of SVB customers have not registered a formal authorization for DigiD, but they have informally authorized someone by providing the password, Novum, together with students from Fontys University of Applied Sciences
research done. The demand for digital authorization will increase, especially because the security level of DigiD is increasing, and this method of 'authorising' is therefore becoming increasingly difficult.
“I'm familiar with empowering but I don't do it, people who help me help me in good faith. ”
Respondent Female, age 60
In March 2018 we had a group of students conducted a first study into digital authorisation. Two concepts emerged from this process. A standard step interface, but also a concept where authorization could be established via a conversational user interface. The first simple tests showed that this could possibly be a good solution. This was the reason to start a second study with a new group of students from Fontys University of Applied Sciences.
“How do we make digital authorization accessible to every citizen in the Netherlands?”
The broad assignment for the students was to design a digital authorization system for the widest possible audience.
- Sub-assignment one was to investigate whether a conversational user interface is a good solution to achieve the goal.
- Sub-assignment two was to investigate how such an authorization system should be positioned for the citizen. Is it useful to have every executor within the government do this themselves or should this be done in one central place?
Approach and results
Collect user research and insights
The students conducted user research among the target group above the state pension age by means of interviews. In addition, interviews were also conducted with professionals who have a lot to do with empowered persons, such as a tax consultant and also with informal carers. They are the ones who are often empowered. Personas were created on the basis of user research and literature research.
Important insights from agency and user research.
- The current authorization system is unknown to the elderly target group and people therefore give their password to the person who helps them.
- Authorization is often a process that two people who trust each other carry out together.
- The target group does not reason from an organizational perspective “I authorize you to do business with the SVB” but reasons much more from “I want you to help me with the finances”. In the current system it is difficult to request multiple authorizations for finance at once and this has to be done separately for each organization.
- The system must be very user-friendly to be seen as a workable alternative to sharing your password. People do this out of trust and convenience.
Create and test prototypes
Conversational user interface (Chat) does not work optimally for authorization
To answer sub-assignment one, a prototype was made of a conversational User Interface with which an authorization could be established. This was then tested.
There are several advantages and disadvantages to a conversational user interface (CUI) for setting up a mandate. The main advantage is that the two people involved in establishing the authorization go through the process together and are therefore always exactly aware of what the status is. And questions and problems can be addressed directly.
The major disadvantage of a CUI for setting up an authorization is that it offers unnecessarily many possibilities for a relatively simple process. In other words, the end user has too many degrees of freedom and options to deviate from the process, all of which would then have to be overcome. A chat may be able to offer support if something goes wrong, but it is not very useful to go through a few simple steps.
Conversational step interface as a good solution
Based on our research into the conversational user interface and based on research knowledge by the municipalities of Amsterdam, Almere and Leiden the idea of a conversational step interface has emerged, using a video call function. Research and feedback sessions showed that CUI tool was too extensive and complex for something as simple as authorizing. In the Conversational Step Interface concept, the advantages of a step interface are linked to the personal nature of the CUI. In the step interface a conversation is conducted by means of a video connection. This ensures a personal safe atmosphere.
Because we walk through the steps together, it creates a feeling of collaboration. Once the process has been completed, the authorization is immediately successful and there is no need to wait for emails or letters from the other party.
By using a video connection, it is clear to whom the authorization is given and the risk of identity fraud decreases.
The strongest point of this system is that it can be done remotely via a video connection, but also together at the kitchen table.
Because we learned from the first study that we should not only reason from an organizational perspective when it comes to authorization, we looked at a neat way to divide permissions into categories. A card sorting study was used for this purpose.
This study found that permissions are best broken down into different purposes. Four main groups have emerged: Finance, Healthcare, Housing and Traffic. Based on these groups, all permissions can be classified and the user can find what he or she is looking for faster. Below the main groups, subgroups are given that further subdivide the permissions.
Central or decentralized authorization? Do both!
Hybrid architecture for central and decentralized authority.
At the beginning of the project, there were two options for developing a permissions system. A central system in which everything can be arranged on one website and a decentralized system in which the user can arrange permissions separately on each website of authorities.
An analysis of the advantages and disadvantages of these options shows that they both have disadvantages from the perspective of the end user. In the case of decentralized mandates, the advantage is that this is relatively simple with a single mandate. However, when granting multiple permissions at different organizations to different people, the end user quickly loses the overview.
That is why, on the basis of this research, we recommend developing a hybrid system, in which, for example, an authorization can be set up locally on the SVB website, together with a central website where you can arrange an authorization for different organizations at once. All authorizations are stored in a central authorization register. The central website also provides an overview of all authorizations that a person has set up, and authorizations can also be revoked centrally there.
Because the research has clearly shown that it is undesirable for the SVB to solve the challenges surrounding digital authorization itself for its own target group, the advice is to link up with partnerships that are already working on this.
That's why we keep an eye on developments around the NL Digibeter project 'Voluntarily authorizing', that ran until July 2021 and may be continued.
In these further developments, we will have to include and further validate the insights from this research. The main insights are:
- Authorizing is something that people do together in a conversation with each other and the interface has to connect to that;
- The chosen architecture should support both central and decentralized empowerment;
- With a central authorization register, a thematic categorization works better than a categorization by organization;
- Working together with a group of enthusiastic students helps to find innovative solutions.
We are sorry that this post was not useful for you!
Let us improve this post!
Tell us how we can improve this post?