Digital Identity is an Australian Government program that enables people and businesses to prove who they are to access online services at a time that suits them.
What Digital Identity does
Digital Identity provides Australian people and businesses with a single, secure way to access government and other services online. The Digital Identity system includes everything from the policy and processes governing the system, to the technology and systems that allow it to work.
A secure Digital Identity replaces the need for multiple logins to access different services and makes getting things done with government faster and easier. The system will expand over time to include more government agencies as well as private sector organisations.
Creating and using a Digital Identity is not compulsory and is your choice to make. People can still access government services in other ways, such as on the phone or in person at a government shopfront.
How it works
Guided by learnings from other countries we have created an Australian Digital Identity system which:
- is optional
- is a network of trusted and accredited organisations
- has a central government identity provider
- uses a Facial Verification Service
- represents a whole-of-economy solution.
The Digital Identity system includes 4 types of accredited participants:
- Identity service providers - help you set up and manage your Digital Identity account. If you choose to create and use a Digital Identity, then your identity provider will be your gateway into the Digital Identity system. Face Verification Service and Document Verification Service are sometimes used by your identity service provider to verify your identity online. myGovID is the government identity provider. There will be more introduced as the system develops.
- Attribute service providers - verify specific attributes relating to entitlements or characteristics of an individual (for example, that you have a particular qualification). The ATO’s Relationship Authorisation Manager (RAM) is an example of an attribute service provider.
- Credential service providers - play a critical role in keeping the system secure and safe. They take care of all credentials such as passwords and other forms of access restrictions used in the system.
- Identity exchange - acts like a switchboard, transferring information, with your consent, between relying parties, identity service providers and attribute service providers, in a way which is secure and respects your privacy.
Relying parties are also participants but are not accredited Trusted Digital Identity Framework (TDIF) participants, like the 4 types listed above. Relying parties participate in the Digital Identity system by providing online services to people with a Digital Identity. They could be from government agencies or the private sector.
Trusted Digital Identity Framework
To meet identity proofing requirements under the TDIF, identity service providers will use attribute verification services to verify a person’s name, date of birth and other details on personal documents. The Department of Home Affairs’ Document Verification Service and Face Verification Service are the 2 attribute verification services that identity service providers may use.
The TDIF makes sure all providers meet strict rules and standards for usability, accessibility, privacy protection, security, risk management, fraud control and more.
This system is based on the core principles:
- Privacy – the Digital Identity system needs consent at every step, with Privacy Impact Assessments conducted throughout.
- Security – participants must be TDIF accredited and require ongoing assessment. Security is embedded in the design of the system. So far there have been 3 iterations of TDIF developed in consultation with stakeholders.
- Integrity – the system is governed by an oversight authority responsible for operational system assurance, so that the system is used as intended.
Digital Identity service providers
The first accredited identity service providers (IDPs) are:
- the government provider myGovID, operated by the ATO
- Digital iD, operated by Australia Post.
There will be other IDPs added as the system develops.
myGovID is a simple and safe Digital Identity solution that makes it possible to prove who you are online. This means you can access more services without needing to visit a government shopfront.
Australia’s Digital Identity system is designed so Australians control their personal information. It protects a person’s privacy by only sharing the minimum amount of personal information needed during transactions. Users can see what information is passed to relying parties and must consent to the transaction.