A single governance body will monitor adherence to the Trusted Digital Identity Framework – the bedrock of the Digital Transformation Agency’s (DTAs) Whole-of-Government (WofG) digital identity “ecosystem”.
Now available in draft form, the long-awaited set of legally-enforceable specifications, rules, and agreements will be overseen by a centralised governance structure, as stated in documents released today.
Setting out a nationally consistent approach to how digital identity will be managed, the framework sits alongside the Govpass technology platform, which is currently in private beta.
The identity system governance body “envisaged” by the DTA will operate as “a single representative governance body operating within a legislative framework”.
Supported by “a secretariat and a series of working groups that provide specialist advice to the governance body in areas such as technology, privacy, security etc.”, the unit will be well-equipped to take on operational responsibility for the identity federation on a “day to day basis”.
A key task for the body will be accrediting “verifiers” – organisations and government agencies that have achieved compliance with the trust framework and are subsequently able to “vouch for you”. The body will also grant entry to entities reliant on verified identity to provide digital services.
The trust framework is a set of specifications, rules, and agreements that are enforceable by the law, and agreed to by all members of the system. Also described as “system rules,” “scheme rules,” “operating regulations,” or “common operating rules”, the framework is grounded in a risk mitigation approach.
By clearly outlining the obligations of all participants that choose to plug into the identity federation, all stakeholders, including end users, can have confidence and trust in the system. This is unlike traditional identity systems, which often lack transparency, and are frequently based on a “network of bilateral agreements or loosely-coupled Service Level Agreements (SLAs)”.
The framework supports the government’s preferred “federated” style of identity which, unlike a traditional “syndicated” identity system, decentralises identity provision so that individuals can access public and private sector services through the identity provider of their choice.
A syndicated model typically relies on a single identity credential, usually provided by government, to provide single sign-on access to public and private sector services.
Benefits of the aspirational digital identity model were outlined in the 2014 Financial System Inquiry report: “A national strategy based on a federated-style model best balances the attainment of network benefits with ongoing innovation in digital identity solutions, contributing to overall financial system efficiency. It draws on the strengths of the public and private sectors and facilitates the best use of technology. It enhances consumer choice and convenience and, with appropriate design, could enhance privacy and security”.
Included in the collection of draft documents (14 in total) is the Trusted Digital Identity Framework Digital Identity Proofing Standard (IdP). This document provides standards for collecting biometric data and using facial images for identity matching.
The government is accepting feedback on its documents until December 8.
The national digital identity project is gaining momentum. Details about how users will engage with the Govpass platform have also been recently announced. The system will match up information on an individual, that are already held by various government entities, with the user's photograph, as well as Medicare, driver's licence, and birth certificate details.
Cloud services provider Vault Systems has recently been selected to supply the platform for the Govpass digital identity solution.