sydney identity summit: compound eye: an approach to a national identity ecosystem
TRANSCRIPT
DigitalTransformationOffice
Rachel DixonHead of Identity@rachel_dtoForgerock Identity Summit Sydney, Tuesday 9th August 2016
dto.gov.au
dto.gov.au
2/ Scope
Identity in Australia is not just about individuals, and it’s not just about transactions
dto.gov.au
2/ Scope
… except insofar as governments want to know who they are giving entitlements to (so they can make sure they’re eligible)
dto.gov.au
3/ Problem
Most national identity platforms in Western democracies have struggled to find broad acceptance
dto.gov.au
3/ Problem
Australian governments have a lot of use cases that have been assessed as requiring LoA3
dto.gov.au13
4/ Principles
Good service design comes from watching people do things (not from asking them what they think)
dto.gov.au
5/ Vision
A genuinely whole-of-government digital identity solution, based on open standards
dto.gov.au
6/ Vision
To achieve the vision, we will create a federation involving the Commonwealth, the states, and banks
dto.gov.au
6/ Vision
Some of these entities may not join at the outset, but the system will be open to new entrants over time
The Hub
Commonwealth services
State services
Commonwealth identity provider
(verification, authentication)
Other identity providers
1
2
8/ Products
1. Federation Hub2. Commonwealth IDP
dto.gov.au
The Hub
• The Federation Hub is a platform to allow interoperability of identity providers & relying parties via APIs based on open standards
• The Hub is easy to integrate with & it doesn’t require code changes to onboard new agencies (relying parties)
• Privacy by design - “double-blind” privacy enhancing model with limited user attributes shared upon user consent
• Developed to DSS, governed by TDIF
8/ Products
dto.gov.au
Identity provider
(verification, authentication)
• Verify identity online once, use the credential repeatedly to access services across government
• Identity verification is based on TDIF and doesn’t require change in legislation
• Verification to IP2 and IP3
• Designed around user needs - guiding, giving users options, designed for people with different abilities
• Verified, Claimed, Authorised attributes
• Developed to DSS, governed by TDIF
8/ Products
dto.gov.au
Trusted Digital Identity
Framework
• Privacy Core Service Requirements
• Protective Security Core Service Requirements
• Accessibility, Usability & Inclusive Design Core Service Requirements
• Standards (e.g. ISO/IEC 19794 Information technology — Biometric data interchange formats — Part 5)
• Independent Audit Process
8/ Framework
dto.gov.au
9/ Research, Design and Development
What we call it is still for discussion. We continue to test with consumers, business users and agencies across Australia