Digital Identity system
The Australian Government is delivering Digital Identity – a program that will allow more services to be available to people and businesses online at any time.
What Digital Identity does
Digital Identity provides Australian people and businesses with a single, secure way to access government and other services online. The Digital Identity system includes everything from the policy and processes governing the system, to the technology and systems that allow it to work.
A secure Digital Identity replaces the need for multiple logins across a range of government services, making getting things done with government easier and faster.
The DTA is managing this whole-of-government program, delivering it in partnership with the Australian Taxation Office (ATO), Services Australia, Department of Home Affairs (Home Affairs) and the Department of Foreign Affairs and Trade (DFAT). The system will expand over time to include more government agencies and private sector organisations.
Creating and using a Digital Identity is voluntary and a personal choice. People can still access government services other ways, such as on the phone or in person at a government shopfront.Back to top
How it works
We have taken the best of what others have done and learned from their experience to create an Australian Digital Identity system which:
- is optional
- is a network of trusted and accredited organisations
- has a central government identity provider
- uses a Facial Verification Service
- represents a whole-of-economy solution.
Australia’s Digital Identity system is made up of agencies, private sector businesses and systems working together to deliver a secure way to prove someone’s identity online to access services. It is governed by the Interim Oversight Authority.
The Digital Identity system includes 4 types of accredited participants:
- Identity service providers – help you set up and manage your Digital Identity account. If you choose to create and use a Digital Identity, then your identity provider will be your gateway into the Digital Identity system. Face Verification Service and Document Verification Service are sometimes used by your identity service provider to verify your identity online. myGovID is the government identity provider. There will more as the system develops.
- Attribute service providers – verify specific attributes relating to entitlements or characteristics of an individual (for example, that you have a particular qualification). The ATO’s Relationship Authorisation Manager (RAM) is an example of an attribute service provider.
- Credential service providers – play a critical role in keeping the system secure and safe. They take care of all credentials such as passwords and other forms of access restrictions used in the system.
- Identity exchange – acts like a switchboard, transferring information, with your consent, between relying parties, identity service providers and attribute service providers, in a way which is secure and respects your privacy.
Another type of participant are relying parties, which are not accredited Trusted Digital Identity Framework (TDIF) participants, like the 4 types. They participate in the Digital Identity system by providing online digital services to people with a Digital Identity. Relying parties could include government or private sector services.
To fulfil identity proofing requirements under the TDIF, identity service providers will use attribute verification services to verify a person’s name, date of birth and other details on personal documents. The Department of Home Affairs’ Document Verification Service and Face Verification Service are the 2 attribute verification services that identity service providers may use.
The TDIF makes sure all providers meet all rules and standards for usability, accessibility, privacy protection, security, risk management, fraud control and more.
This system is based on the core principles:
- Privacy – the Digital Identity system needs consent at every step, with Privacy Impact Assessments conducted throughout.
- Security – participants must be TDIF accredited and require ongoing assessment. Security is embedded in the design of the system. So far there has been 3 iterations of TDIF developed in consultation with stakeholders.
- Integrity – the system is governed by an oversight authority responsible for operational system assurance, so that the system is used as intended.
Digital Identity service providers
The first accredited identity service providers (IDPs) are:
- the government provider myGovID, operated by the ATO
- Digital iD, operated by Australia Post.
There will be others as the system develops.
myGovID is a simple and safe Digital Identity solution that makes it possible to prove who you are online. This means more services can be accessed without needing to visit a government shopfront.Back to top
Australia’s Digital Identity system is designed so Australians control their personal information. It is like a 100-point ID check that is completed online.
Digital Identity protects a person’s privacy by only sharing the minimum amount of personal information needed during transactions. Users can see what information is passed to relying parties and consent to the transaction.Back to top