Trusted Digital Identity Framework

The Trusted Digital Identity Framework (TDIF) is a set of rules and standards that accredited members of the digital identity federation must follow. It makes sure everyone has a safe, secure, consistent and reliable way to use government services online. 

The framework is evolving and currently consists of 19 documents including an overview and glossary.

These documents set the rules and standards for:

  • how personal information is handled by participating government agencies and organisations
  • the usability and accessibility of identity services
  • how the identity system is secured and protected against fraud
  • how identity services are managed and maintained
  • how this framework will be managed

Framework documents

Overview and Glossary

The Overview and Glossary (PDF 1.1 MB)  provides a high-level overview of the TDIF. It outlines the relationship between the documents included in the framework and defines the key terms (updated April 2019).

Accreditation Process

The Accreditation Process (PDF 740 KB) defines the requirements to be met by government agencies and organisations in order to achieve TDIF accreditation for their identity service (updated April 2019).

Architecture Overview

The Architecture Overview (PDF 1.4 MB) provides an architecture overview that describe the functions of the TDIF participants and how they interact (released April 2019)

Attribute Profile

The Attribute Profile (PDF 555 KB) outlines which attributes are shared between identity providers and digital services. It also includes the rules for how attributes are shared and what technical specifications they must meet (updated April 2019).

Attribute Provide Requirements

The Attribute Provider Requirements (PDF 296 KB) define requirements for Applicants who undergo TDIF accreditation as an Attribute Provider (released April 2019)

Authentication Credential Requirements

The Authentication Credential Requirements (PDF 348 KB) set out the authentication and credential requirements that government agencies and organisations need to meet to be accredited as Credential Service Providers under the TDIF (updated September 2018).

System Governance Interim Memorandum of Understanding

The System Governance Interim Memorandum of Understanding (PDF 372 KB) is an agreement between the Digital Transformation Agency, Australian Taxation Office and Department of Human Services that sets out the interim governance and administration arrangements in relation to the TDIF (released September 2018).

Fraud Control Requirements

The Fraud Control Requirements (PDF 398 KB) set out the TDIF fraud control requirements that government agencies and organisations need to meet in order to be accredited under the TDIF (updated September 2018).

Identity Proofing Requirements

The  Identity Proofing Requirements (PDF 633 KB) set out the identity proofing requirements that government agencies and organisations need to meet to be accredited as Identity Service Providers under the TDIF (updated September 2018).

OpenID Connect 1.0 Profile

The OpenID Connect 1.0 Profile (PDF 946 KB) provides the OpenID Connect 1.0 Profiles for interactions between:

  • a relying party and an identity exchange
  • an identity provider and an identity exchange

(updated April 2019)

Privacy Requirements

The Privacy Requirements (PDF 345 KB) set out the TDIF privacy requirements that government agencies and organisations need to meet in order to be accredited under the TDIF. These requirements incorporate the Privacy Act 1988 and the Australian Privacy Principles, state-based privacy legislation and privacy best practice (updated April 2019).

Protective Security Requirements

The Protective Security Requirements (PDF 277 KB) set out the TDIF protective security requirements that government agencies and organisations need to implement in order to be accredited under the TDIF (updated April 2019).

Protective Security Reviews

The Protective Security Reviews (PDF 524 KB) outline the protective security reviews that will be performed on an identity service as part of the TDIF accreditation process (updated September 2018).

Risk Management Requirements

The Risk Management Requirements (PDF 290 KB) set out the TDIF risk management requirements that government agencies and organisations need to meet in order to be accredited under the TDIF. This document also explains an approach to risk management that agencies and organisations can use to meet the requirements (updated April 2019).

SAML 2.0 Profile

The SAML 2.0 Profile (PDF 540 KB) provides the SAML 2.0 Profile for for interactions between:

  • a relying party and an identity exchange
  • an identity provider and an identity exchange

(updated April 2018)

Service Operations Testing Requirements

The Service Operations Testing Requirements (PDF 269 KB) set out the TDIF operational testing requirements that government agencies and organisations need to meet in order to be accredited under the TDIF. These requirements include service design, service transition and service operations (released September 2018).

    Technical Integration Testing Requirements

    The Technical Integration Testing Requirements (PDF 354 KB) set out the TDIF integration testing requirements that government agencies and organisations need to meet in order to be accredited under the TDIF. These requirements include the processes needed to run an effective technical integration testing program (released September 2018).

    Technical Requirements

    The Technical Requirements (PDF 682 KB) serve as the key reference for the technical requirements and technical integration standards for Accredited Providers in the identity federation (released April 2019).

    User Experience Requirements

    The User Experience Requirements (PDF 328 KB) define the usability and accessibility requirements that government agencies and organisations need to meet in order to be accredited under the TDIF. These requirements ensure that identity services are simple and easy to use (updated April 2019).

    Consultation

    During the development of the framework we consulted with privacy advocates, industry experts and the public and received almost 2,000 comments. We’ve responded to this feedback and updated the framework.

    There have been three rounds of consultation so far. These documents summarise the feedback received:

    The next part of the framework was released for consultation in January 2019. It will create the rules and standards which will allow an individual to interact with government on behalf of a business. A further part of the framework is planned for consultation in 2019 which will allow individuals to interaction on behalf of other individuals.

    The TDIF replaces the following policies and they no longer apply:

    Get in touch

    If you have any questions you can get in touch with us at identity@dta.gov.au