On
Feb 21, Australia has released
the first component of the Trusted Digital Identity Framework — an important
milestone in the development of a digital identity solution for Australia.
According
the Digital Transformation Agency of Australia (DTA), the framework outlines
the robust accreditation standards organisations must meet in order to be
accredited to provide digital identity services.
The Trusted
Digital Identity Framework replaces the National e-Authentication Framework and
Third Party Identity Services Assurance Framework.
As reported
last November, the Australian Government launched a public consultation and
released a draft of the Trusted Digital Identity Framework.
The Trusted
Digital Identity Framework outlines requirements for security, usability,
privacy protection, accessibility, fraud protection and risk management.
Providing a standard for digital identity in Australia, it aims to make sure
all users have a safe and secure way to connect with government services
online.
During
the public consultation, the DTA received over 1,000 comments from the
financial sector, privacy advocates, digital identity experts and the public
which helped to develop the standards shape the framework.
This
set of 10 newly released component of the framework outlines the standards for
identity services for individuals, covering issues like: (1) accreditation
process, (2) authentication credential requirements, (3) fraud control
requirements, (4) identity proofing requirements, (5) privacy requirements, (6)
protective security requirements, (7) risk management requirements, (8)
usability and accessibility requirements, (9) protective security reviews, and
(10) community and industry feedback.
The Trust
Framework Accreditation Process includes a number of accreditation
activities and involves a combination of documentation, independent evaluations
and operational testing that the applicant must complete to the satisfaction of
the Trust Framework Accreditation Authority in order to achieve accreditation.
According
to the Authentication
Credential Requirements, there are 3 Authentication Credential Levels depending
on level of assurance. Each of the Authentication Credential Level has a
different set of authentication protocol.
The
other part of the digital identity system is the verification and
authentication technology which is currently in beta development.
Later
this year, the Australian Government will release additional components which
will manage an offline option for creating a digital identity and standards to
authorise individuals to act on behalf of a business.
These
components will help remove the barriers for people who do not have the
required documentation to create their digital identity online. It will also
simplify the interactions business people have to have with government to get
their work done.
DTA is working with government agencies, the
private sector and the public to design and implement a digital identity
solution for Australia. Other than the Trusted Digital Identity Framework, the
DTA also manages the Gatekeeper Public Key Infrastructure Framework which
governs the use of digital certificates by Australian Government agencies.