Client:OASIS/Identity Ecosystem Steering Group
Date:January 01, 2018

IDEF Registry

I led user testing for the Identity Ecosystem Framework (IDEF) Registry as part of the National Strategy for Trusted Identity in Cyberspace (NSTIC), a White House initiative. The IDEF Registry, a digital identity standard assessment tool, launched its alpha version on June 6, 2016. Because development of the alpha version of the attestation form was ongoing, I was brought into an agile process with the goal to iterate improvements after the public launch. I worked directly with a contracted project manager, third party marketing and design companies, the Chair of the IDESG User Experience Committee and members of the IDEF Registry working group.

IDEF Registry Screen shot

The goal of the user study was two-fold: first, to ensure that the assessment form was understandable to those users who wish to list their products and that it included sufficient and expected information needed to complete the form accurately, and second, to ensure that the registry listing itself was usable and understandable to users who are seeking identity solutions.

Test participants for the first goal included IDESG members and observers who provide identity services, including certification, authentication, authorization, registration and transaction intermediation, or who rely on identity services in their own internal systems and commercial products. We selected expert users because we expect that those who will be completing the attestation form have a high level of understanding of the privacy, security, interoperability and usability of their own products.

Tests included needs assessment interviews of 12 prospective users, followed by additional user tests of seven users. For the needs assessment, I interviewed 12 prospective study participants about their needs for identity standards assessment and how the current IDEF Registry assessment tool compares to similar industry and government standards. I wanted to understand if the IDEF tool addressed all of their concerns about privacy, security, interoperability and usability and to get a sense of whether the planned registry served their needs. General findings were presented in a Google slide presentation showing typical responses to eleven study questions, suggested improvements and the impact on the user expereince. These were discussed over two, 2- hour meetings of the IDEF Registry Working Group.

After delivering my findings to the development team, I began to design usability tests. I employed an observational walkthrough of proposed and completed designs, an expert heuristics review, user surveys and follow-up interviews with seven registry users. I utilized card sorts, preference tests, cognitive walkthrough of wireframes and a live website, as well as observations and survey feedback of seven alpha site users as they completed the attestation form on the alpha website to develop recommendations for improvements.

I engaged four members of the User Experience Committee, all useability experts, to participate in a heuristic analysis using Neilsen-Norman Group’s 10 usability heuristics and Abby Covert’s IA Heuristics. These expert users primarily evaluated the assessment form, but also provided input on the usability of the registry listings themselves, as a proxy for typical registry listing users.

Since Usability was a major component of the assessment, I also developed a set of user experience guidelines and metrics for service providers to use in evaluating usability requirements of the attestation. These will be incorporated into the Usability section of the assessment guidance documents.


UPDATE (2/06/2018): Deliverables have been released on the public wiki. SOW for development phase in process.

UPDATE (5/22/2017): As of late Spring 2017, nine companies have completed assessments. The website remains in alpha with my recommendations set for implementation when the next round of grant funding is approved. Should I be reengaged, the next studies will include user tests of participants seeking identity services.

UPDATE (12/31/2017): In Fall 2017 I was reengaged to complete a user research study of the language in the standard requirements. This included telephone and in-person interviews of six IDEF Registry participants. NIST funding for this project was cut deeply by the current administration, and the IDESG is responding by restructuring the committees. The User Experience Committee will continue it’s work. The guidelines I created are now available on the wiki.

Note: I signed a Non-Disclosure Agreement and am unable to share any images aside from those made public at and Detailed information about the project, the assessment and the User Experience Committee is available on the public IDESG Wiki. Some of the documents including a draft rewrite of the Usability Guidelines and Metrics have been made public at:

The IDEF Registry: an open invite to commit to trusted digital identity solutions

Identity Ecosystem Steering Group (IDESG)
IDEF Registry
Identity Ecosystem Framework – Baseline Functional Requirements