Third release of the Trusted Digital Identity Framework
10 April 2019
We’ve released the third part of the Trusted Digital Identity Framework (TDIF). TDIF sits across all elements of the Digital identity program to ensure a consistent approach to usability, accessibility, privacy protection, security and more.
Taking people on the journey through regular consultation is an important part of how we’re developing the TDIF. At this stage, we have heard from:
- federal, state and territory governments
- privacy advocates
- digital identity experts
- the financial sector
- industry groups
- standards bodies
- users and members of the public
As a result, the TDIF is constantly evolving based on feedback, user research and changes to government policy and legislation. We received approximately 230 pieces of feedback on the third part of the TDIF. In total, we have received more than 2100 pieces of feedback on parts 1, 2 and 3 of the TDIF to-date.
Following the consultation period in January, we’re releasing part 3 of the TDIF, which includes 3 new documents and updates to 9 existing documents.
The main updates in this release include:
- an architectural overview that describes the functions of the TDIF participants and how they interact.
- requirements for government agencies and organisations that wish to be accredited as attribute providers (this is a new type of accreditation class).
- technical requirements for government agencies and organisations that wish to be accredited as identity providers and attribute providers.
- updates to the accreditation process to include the ongoing accreditation obligations for TDIF participants. This includes the annual assessment and the conditions when re-accreditation will be required.
- updates to the protective security requirements to ensure they align with the current edition (2018) of the Australian Government Protective Security Policy Framework and Information Security Manual.
- updates to the attribute profile to allow the sharing of additional identity attributes under certain situations (for example, to investigate instances of fraud).
As the program develops and we learn more about our users, we will continue to iterate the TDIF. The next release will focus on authorisations and the needs of people who act on behalf of others when interacting with government.
You can read more about how we’re developing the TDIF in a blog post from the director of digital identity policy, Shannon Peterson.