Date:
6 March 2018
Author:
Salsa Digital

History

The DTA has been working on bringing a digital identity system to Australia. In October last year in the context of a GovPass update, and said we’d keep you informed...well here’s an update. This time, it’s around the Trusted Digital Identity Framework (TDIF), which underpins Australia’s digital identity system.

The new identity system will affect us all as Australian citizens, but will also have a significant flow-on effect in the public sector.

First component released

On 21 February, the DTA released the first component of the Trusted Digital Identity FrameworkExternal Link (TDIF). The TDIF covers the requirements for security, usability, privacy protection, accessibility, fraud protection and risk management.

The first component addresses the standards for identity services for individuals. It consists of ten documents:

  1. Overview and glossaryExternal Link

  2. Accreditation processExternal Link

  3. Authentication credential requirementsExternal Link

  4. Fraud control requirementsExternal Link

  5. Identity proofing requirementsExternal Link

  6. Privacy requirementsExternal Link

  7. Protective security requirementsExternal Link

  8. Risk management requirementsExternal Link

  9. Usability and accessibility requirementsExternal Link

  10. Protective security reviewsExternal Link

For those of you still getting up to speed with the digital identity framework, we thought we’d highlight some of the key messages from the overview.

The system for Australia

The overview defined the two types of possible identity systems — syndicated or federated. In the syndicated model, one identity credential is issued (usually by the government) and is then used to sign on to government and private sector services. The federated model is decentralised, and citizens choose their preferred identity providers from a pool of authorised providers.

Australia is going for the federated model, and so one of the key audiences for the TDIF is the potential providers.

The trust framework

The overview lists four main elements of the ‘trustworthiness of a trust framework’:

  • Functionality — the framework provides specifications, rules and agreements aimed to ensure the federated identity system operates as it should, and is compliant.

  • Trustworthiness — the framework’s specifications, rules and agreements deliver a system that is trustworthy enough to meet the needs of participants including managing risk and being legally certain and predictable, while also being transparent.

  • Content — the trust framework defines operational roles and functions of the identity system.

  • Binding — the trust framework is legally binding for participants (e.g. identity providers).

The final system

There’s a nice little section in the overview on what success will look like once the system’s in place. “Successful implementation of the TDIF will be evident when people are able to simply and securely establish a digital identity through an identity provider of their choice, and safely reuse that identity to transact across all tiers of government and with the private sector, with their privacy assured.”

The guiding principles

There are eight guiding principles outlined in the overview document. They are:

  • Use centric — the service should be easy to use with users able to choose their preferred provider.

  • Voluntary and transparent — users choose whether to participate, and they control their digital identities.

  • Service delivery — participation is cost-effective for public and private sectors, and users are given access to highly reputable providers.

  • Privacy enhancing — follows privacy laws and good privacy practices.

  • Collaborative — active collaboration between government, private sectors and the broader community to deliver the system.

  • Interoperable — robust systems to ensure interconnectedness with other identity services nationally and internationally.

  • Innovative — uses innovative technology and business models, and is adaptable so it can evolve with changing technology.

  • Secure and resilient — minimum standards and accreditation for identity providers, and threats/risks identified and managed.

Where to next?

There are more components of the TDIF coming. These additional documents are being drafted and will be released for public consultation in April. Then in July the DTA will release the third component, which will address business identity.

Salsa Digital’s take

There’s a lot going on in digital identity at the moment. It’s an extremely large project with far-reaching repercussions across all levels of government...although many of these changes won’t be felt for a while. As always, we’ll keep you up to date on this important issue for Australian digital transformation in government.

Subscribe to DTIG

Subscribe to our Digital Transformation in Government series to keep up with how technology is transforming government. 

Subscribe