Digital identity ecosystem
The Australian Government is delivering digital identity, a program that will allow more government services to be available to people and businesses online at any time.
Digital identity includes everything from the policy and processes to the technology and systems.
We are leading the system and delivering it in partnership with the Australian Taxation Office (ATO), Department of Human Services (DHS), Department of Home Affairs (Home Affairs) and the Department of Foreign Affairs and Trade (DFAT).
Creating and using a digital identity is voluntary, it is a personal choice. People can still access government services through other means, such as over the phone or in person at a government shopfront.Back to top
How it works
In Australia, we have taken the best bits of what others have done and learned from their experience to create an Australian digital identity ecosystem which is:
- has a central government identity provider
- uses a Facial Verification Service
- represents a whole-of-economy solution
Australia’s digital identity ecosystem is made up of agencies, private sector businesses and systems working together to deliver a secure way to prove someone’s identity online to access services – a federation.
The digital identity ecosystem has 6 key parts:
- The Australian Government accredited identity service provider, myGovID run by the ATO.
- Multiple Identity Service Providers (IDPs) to give users a choice of who they use to verify their identity. There will be opportunities for other commercial identity service providers to become part of the federation in the future. Australia Post’s accredited identity service provider, Digital iD is available to a small number of users through a pilot in 2019–20.
- The Australian Government accredited identity exchange, run by DHS. The identity exchange ensures the identity service provider can’t see what service the user is accessing, and digital services can’t see someone’s personal information.
- Attribute verification services such as document and biometric verification services.
- Government digital services that will use the system to confirm a person’s identity.
- Attribute Service Providers that allow people to act on behalf of others, such as the ATO’s Relationship Authorisation Manager.
The Trusted Digital Identity Framework (TDIF) sits across all accredited elements of the program and ensures all providers meet standards for usability, accessibility, privacy protection, security, risk management, fraud control and more.
This ecosystem is based on the core principles:
- Privacy – the identity system was designed with consent at every step, with Privacy Impact Assessments conducted throughout the development of the ecosystem.
- Security – embedded in the system design, participants are TDIF accredited and require ongoing assessment. To date there has been 3 iterations of Trusted Digital Identity Framework in consultation with stakeholders.
- Integrity – it is governed by an Oversight Authority responsible for operational system assurance to ensure the system is being used as intended.
Digital identity service providers
The first accredited identity service providers are the government provider myGovID, operated by the ATO, and Digital iD, operated by Australia Post. There will be others as the system matures.
myGovID is a simple and safe digital identity solution that will make it possible to prove who you are online. This means more services can be accessed without needing to visit a government shopfront.
It should not be confused with myGov which is the Australian Government’s secure online portal managed by DHS.
Digital identity will replace the multiple logins people have for different government agencies and services. Having a secure digital identity will make getting things done with government easier and faster.Back to top
Digital identity is designed so that individuals control their personal information. It is like a 100-point ID check but instead of having to go into a government shopfront with identity documents, the whole process can be completed online.
A digital identity protects a person’s privacy by only sharing as much as necessary during transactions. Users will also be required to provide consent on what information is shared.
myGovID will remember a person’s name, date of birth, mobile number and email address. It will not store any of their personal identity documents or photograph once their identity is confirmed.
myGovID does not know what services a person is accessing, and services do not see personal identity documentation.Back to top