Digital Identity - early days in the Discovery process

Digital Identity is having the ability for the government to trust that you are who you say you are. Rachel Dixon explains what the DTO is doing to develop a Trusted Digital Identity Framework.

Around the world, governments, businesses and individuals are increasingly moving toward providing products and services online. For some transactions (though not all), it is necessary to know the identity of the person involved. This is particularly true where money is changing hands or sensitive data is involved.

Research suggests there are strong economic benefits to be gained from moving government transactions online. So we can more effectively and confidently transact with government online, we are investigating different ways to manage online digital identity. Currently users have to identify themselves again and again when they interact with different government departments, and we want to find a solution that fixes this problem.

Let’s address the question that’s most often asked: “what does digital identity mean?” Identity is better thought of as the ability to have trust online. It’s having the ability for the government to trust that you are who you say you are. And for you to trust that the government will deal with you in a fair and protective way. It’s possible you already have some kinds of digital identities - a Facebook identity, for example. We’re not suggesting the government wants to start linking to your social media profiles - some online identities are trusted more than others. But the purpose of a digital identity is to provide some way for you to assert your existence online with some degree of trust in both directions.

What we’re doing

The first question is, what is the problem we are trying to solve? The second one is, what are the tools we will use to do this? Giving users the choice to establish their digital identity once is our basic aim. But it’s how that can be achieved and applied in a trusted manner that’s important. In Discovery, we’re considering a range of ‘use cases’ to better understand the user needs and implications of various designs, on both the product and the framework.

Building an Alpha

There are two parts to the Alpha product that we are focussing on immediately.

Building a product to verify your identity

The first element, assurance or trust, is similar to the scope of the project undertaken by the UK GDS’s Verify team. We’re building a product to verify the identity of consumers to a level that’s sufficient for them to access government services. Verify UK uses a Federated Identity model. In our Discovery process, we are assessing the pros and cons of this model in relation to user needs.

A credential or login

The second element of the Alpha product is a credential or login that you create, or one that is issued to you when you verify your identity, which allows you to login to access secure government services.

Developing a Trusted Digital Identity Framework

Our project also involves developing a Trusted Digital Identity Framework (TDIF). We will work with a wide range of public and private sector stakeholders to develop a broader framework for trusted digital identities better enabling the DTO and other agencies and governments to work together. Work on this Framework will be informed by the outcomes of the Discovery and Alpha product process. A prototype of the Trust Framework will be published coinciding with the release of the product Alpha in August.

In developing this Trust Framework, we’ll be considering different models, including for example, a Trust Vectors model being developed by the Internet Engineering Taskforce. This model is attractive in terms of the ability to fine-tune the levels of trust needed for different elements of the identification and authentication process. At the same time, we’re trying to work out whether this introduces too much complexity for the consumer, in terms of understanding how such a model works or whether it can be implemented.

Is there a market for identity provision in Australia?

In some other countries, the private sector has been heavily involved in identity verification. In Australia however, some identity provision services are already provided by government, and there’s a question as to whether or not this impacts the commercial market for identity provision.

We’ve commissioned research to validate the size of the market for identity, and determine whether there is a role for the DTO to play in developing this market. This may be addressed in a subsequent iteration of the product.

Government data

Government wants to know who it is dealing with online; but the degree to which this is useful to the user depends upon context, and in particular on the use case for each transaction. Consumers also need to know that the process of establishing this trust is warranted, and that the government isn’t going to breach it, or impose onerous demands upon the consumer in order to establish this trust. A good deal of the thinking in the identity space has been based around jumping to technological solutions, before the user needs have been properly established.

We also know that one of the more contentious issues in this space is the treatment of personal data. We’re very conscious of the principle of privacy by design and will be providing more information on our plans with regard to this soon. There’s value in having trusted identities in transactions, especially where sensitive data or money is involved.

As with everything else at the DTO, we always return to our fundamental values: what is the user need, and what can we do to make their life easier?

What do you think?

Please feel free to ask questions and share your thoughts in the comments below.

We may not be able to answer all your questions yet, since we’re in the Discovery process and not having preconceptions is an important part of that process. But we also have a principle of openness and we believe this will be crucial to the success of any government project in this space.