The fourth iteration of the Trusted Digital Identity Framework (TDIF) will set out the rules for any commercial organisations like banks that seek the tick of approval for their own digital proof-of-identity applications in future.
The TDIF is a set of standards organisations can follow when developing digital identity products or services in order to be labelled as trustworthy.
The Digital Transformation Agency will lead consultation for the TDIF’s new version, hearing from individuals, community groups and corporations over the next three months in what the government argues is a “foundational step toward developing a true whole-of-economy solution”.
Consultations will also aim to align the TDIF with other similar trust-mark systems like the Australian Payments Council’s TrustID Framework.
Cross-recognition of digital identities created in New Zealand and Singapore identity programs, and expanding the TDIF to support organisations and agencies that choose to undergo accreditation will also be considered.
The Department of Human Services, the Australian Taxation Office and Australia Post have already been accredited under earlier iterations of the trust framework to play various roles in digital identity. On May 13 DHS was approved as the provider of an identity exchange, which allows organisations to verify a person’s identity digitally without receiving their personal information.
Australia Post was accredited as an “Identity Service Provider and Credential Service Provider” for its Digital iD product on May 17, and on May 30 the ATO met the standard to play the same role for the federal government’s own digital identity app, myGovID. The TDIF recognises four main roles:
- “Identity Service Providers (IdP) are accredited to undertake the functions of identity management.
- “Credential Service Provider (CSP) are accredited to undertake the functions of authentication credential management.
- “Attribute Service Providers (AP) are accredited to undertake the functions of attribute management which are specific to entitlements, qualifications, relationships or other characteristics of people and non-person entities.
- “Identity Exchanges (IdX) are accredited to convey, manage and co-ordinate the flow of attributes, claims and assertions between members of an identity federation.”
The ATO was also accredited as a “Relationship Authorisation Manager” on June 20, meaning it is trusted to verify relationships between individuals and businesses, according to the official digital identity glossary.
Minister for Government Services Stuart Robert said the consultations would be valuable to development of the fourth iteration, commenting on government service delivery despite the next version of the TDIF being focused on prospective identity providers in the private sector.
“Australians rightly expect government services to be simple, seamless and safe,” he said.“The standards established through this framework will enable government to meet this expectation, ensuring Australians have secure and reliable access to digital government services.”
In collaboration with other government agencies and private sector bodies, the DTA has been developing the TDIF to guide a national federated digital identity system since 2015.
“Digital identity, underpinned by this framework, will enable faster, simpler services for government and the digital economy,” said Robert. “Whether through implementing new data sharing arrangements or through improving the Trusted Digital Identity Framework, we are driving improvements right across government service delivery and putting in place the building blocks for Services Australia,” he said.
The fourth iteration of the TDIF is expected to be released in early 2020, following the consultation.