Design and Implementation

The 2014 Financial System Inquiry Report to the Australian Government recommended the development of a federated system that was user centric with privacy and security at the core of its design. The Trusted Digital Identity Framework (TDIF) provides the framework for participation in the Australian Government’s Digital Identity System (AGDIS), ensuring that the Government’s primary agenda for users to interact voluntarily with a Digital Id online in a secure, convenient and inclusive way is met.

Technology Architecture

The Australian Government Digital ID System is a federated system with an ID Exchange:

myGovID operated by the Australian Tax Office (ATO) which is the Government’s Digital ID provider.
an ID Exchange (operated by Services Australia) which facilitates the use of Digital ID across connected services and providers in the system.
attribute providers such as the Relationship Authorisation Manager (operated by the ATO) which links a person’s myGovID with the business(es) they are authorised to represent.
relying parties which use Digital ID for identity verification in the various online services which they provide (there are currently 38 Government Agencies (relying parties) which use myGovID in providing 130 relying services).

Governance Mechanism

The Interim Oversight Authority provides interim governance functions which include(but are not exhaustive) managing fraud and cyber incidents, risks to the integrity of the AGDIS, onboarding requests, accreditation requests and technical onboarding of service providers. Entities that wish to provide identity related services within the AGDIS must undergo the Trusted Digital Identity Framework (TDIF) accreditation first. The TDIF accreditation scheme is voluntary for entities providing identity services in the private sector.

Use Cases

Digital Identity can be tailored to the strength identity an individual wants. The choices are Basic (IP1, IP1+), Standard (IP2, IP2+) to Strong (IP3).

Services that have a higher level of identity risk, require a stronger Digital Identity.

Basic - The individual is only required to provide an email address or phone number, and in some instances, one identity document to prove name and date of birth. This level of identity proofing may be comparable to single-factor or multi-factor authentication. For example, joining a social sporting club.

Standard - The individual is required to provide at least two identity documents to prove their identity, and these documents are often verified with an authoritative source. This is often considered equivalent to providing copies of birth certificates, drivers licences etc. for verification. For example, an application for working with vulnerable people registration.

Strong- In addition to providing at least two identity documents that are verified against an authoritative source, the individual must also prove that they are the same person as shown on the identity document. This level of proofing is usually required to access government services, for example when applying for an Australian tax file number online.