Trusted Digital Identity Framework

The Trusted Digital Identity Framework (TDIF) is a set of rules and standards that accredited members of the digital identity federation must follow. It makes sure everyone has a safe, secure, consistent and reliable way to use government services online. 

The framework consists of 16 documents including an overview and glossary.

These documents set the rules and standards for:

  • how personal information is handled by participating government agencies and organisations
  • the usability and accessibility of identity services
  • how the identity system is secured and protected against fraud
  • how identity services are managed and maintained
  • how this framework will be managed

Framework documents

Overview and Glossary — updated September 2018 (PDF 615 KB)

This document provides a high-level overview of the TDIF. It outlines the relationship between the documents included in the framework and defines the key terms.

Accreditation Process — released February 2018 (PDF 595 KB)

This document defines the requirements to be met by government agencies and organisations in order to achieve TDIF accreditation for their identity service.

Attribute Profile — released September 2018 (PDF 410 KB)

This document outlines which attributes are shared between identity providers and digital services. It also includes the rules for how attributes are shared and what technical specifications they must meet. 

Authentication Credential Requirements — updated September 2018 (PDF 348 KB)

This document sets out the authentication and credential requirements that government agencies and organisations need to meet to be accredited as Credential Service Providers under the TDIF.

System Governance Interim Memorandum of Understanding — released September 2018 (PDF 372 KB)

An agreement between the Digital Transformation Agency, Australian Taxation Office and Department of Human Services that sets out the interim governance and administration arrangements in relation to the TDIF.

Fraud Control Requirements — updated September 2018 (PDF 398 KB)

This document sets out the TDIF fraud control requirements that government agencies and organisations need to meet in order to be accredited under the TDIF.

Identity Proofing Requirements — updated September 2018 (PDF 633 KB)

This document sets out the identity proofing requirements that government agencies and organisations need to meet to be accredited as Identity Service Providers under the TDIF.

OpenID Connect 1.0 Profile — released September 2018 (PDF 1MB)

This document provides the OpenID Connect 1.0 Profiles for interactions between:

  • a relying party and an identity exchange
  • an identity provider and an identity exchange

Privacy Requirements — released February 2018 (PDF 332 KB)

This document sets out the TDIF privacy requirements that government agencies and organisations need to meet in order to be accredited under the TDIF. These requirements incorporate the Privacy Act 1988 and the Australian Privacy Principles, state-based privacy legislation and privacy best practice.

Protective Security Requirements — released February 2018 (PDF 440 KB)

This document sets out the TDIF protective security requirements that government agencies and organisations need to implement in order to be accredited under the TDIF.

Protective Security Reviews – updated September 2018 (PDF 524 KB)

This document outlines the protective security reviews that will be performed on an identity service as part of the TDIF accreditation process.

Risk Management Requirements — released February 2018 (PDF 580 KB)

This document sets out the TDIF risk management requirements that government agencies and organisations need to meet in order to be accredited under the TDIF. This document also explains an approach to risk management that agencies and organisations can use to meet the requirements.

SAML 2.0 Profile — released September 2018 (PDF 764 KB)

This document provides the SAML 2.0 Profile for for interactions between:

  • a relying party and an identity exchange
  • an identity provider and an identity exchange

Service Operations Testing Requirements — released September 2018 (PDF 269 KB)

This document sets out the TDIF operational testing requirements that government agencies and organisations need to meet in order to be accredited under the TDIF. These requirements include service design, service transition and service operations.

Technical Integration Testing Requirements — released September 2018 (PDF 354 KB)

This document sets out the TDIF integration testing requirements that government agencies and organisations need to meet in order to be accredited under the TDIF. These requirements include the processes needed to run an effective technical integration testing program.

Usability and Accessibility Requirements — released February 2018 (PDF 274 KB)

This document defines the usability and accessibility requirements that government agencies and organisations need to meet in order to be accredited under the TDIF. These requirements ensure that identity services are simple and easy to use.

Consultation

During the development of the framework we consulted with privacy advocates, industry experts and the public and received almost 2,000 comments. We’ve responded to this feedback and updated the framework.

There have been two rounds of consultation so far. These documents summarise the feedback received:

The next part of the framework will be released for consultation in December 2018. It will create the rules and standards which will allow an individual to interact with government on behalf of a business.  A further part of the framework is planned for consultation in 2019 which will allow individuals to interaction on behalf of other individuals.

The TDIF replaces the following policies and they no longer apply:

Get in touch

If you have any questions you can get in touch with us at identity@dta.gov.au