Rationale
With the advent of govuk-one-login/authentication-frontend replacing both existing authentication systems at findapprenticeship.service.gov.uk/signin and augmenting existing services without authentication systems, it seems very strange that a service as integral and widely-used as the petitions system requires a user to enter credentials that they must remember every time they wish to sign a petition.
This is problematic because a good-faith actor must record:
-
Which petitions they have signed, so that they do not sign them multiple times.
-
Which credentials they have added to which petitions, so that they know which to e-mail accounts to check for updates, lest they re-sign the petition with new credentials.
This massively incentivises fraud for incredibly mundane and sensical reasons.
Instead, were we to implement an account system, a user could easily replace the e-mail address for all petitions that they are subscribed to via a single form, as well as the name that is applied to them (there are some who definitely do not wish to be reminded of past names, and we should cater for this).
Implementation
If certain information must be retained at time of signage unmodified, I suggest that the signature_name and signature_postcode fields at least be auto-filled with the data inherited from the account, and that signature_email remain modifiable retroactively.
Rationale
With the advent of
govuk-one-login/authentication-frontendreplacing both existing authentication systems atfindapprenticeship.service.gov.uk/signinand augmenting existing services without authentication systems, it seems very strange that a service as integral and widely-used as the petitions system requires a user to enter credentials that they must remember every time they wish to sign a petition.This is problematic because a good-faith actor must record:
Which petitions they have signed, so that they do not sign them multiple times.
Which credentials they have added to which petitions, so that they know which to e-mail accounts to check for updates, lest they re-sign the petition with new credentials.
This massively incentivises fraud for incredibly mundane and sensical reasons.
Instead, were we to implement an account system, a user could easily replace the e-mail address for all petitions that they are subscribed to via a single form, as well as the name that is applied to them (there are some who definitely do not wish to be reminded of past names, and we should cater for this).
Implementation
If certain information must be retained at time of signage unmodified, I suggest that the
signature_nameandsignature_postcodefields at least be auto-filled with the data inherited from the account, and thatsignature_emailremain modifiable retroactively.