Trusted Digital Identity Framework (TDIF)

Hands typing on a laptop keyboard

The Trusted Digital Identity Framework (TDIF) is an accreditation framework for Digital Identity services. It sets out the requirements that applicants need to meet to achieve accreditation. The TDIF also includes guidance material and templates to support providers to meet TDIF requirements.

TDIF accreditation

Organisations and government agencies can apply for TDIF accreditation and undergo a series of assurance evaluations for their Digital Identity service. To become a TDIF accredited provider, applicants are required to demonstrate how their Digital Identity service meets requirements for:

  • accessibility and usability
  • privacy protection
  • security and fraud control
  • risk management
  • technical integrity and more.

This includes the need for:

  • an independent privacy impact assessment
  • an independent security assessment
  • ICT penetration test
  • organisational policies and practices that demonstrate alignment with the Australian Government Protective Security Policy Framework, the Information Security Manual, the Australian Privacy Principles and the Privacy Code.

The requirements defined in the framework build on the baseline of the Australian Cyber Security Centre’s Essential Eight cyber security mitigations.

Once accredited, providers need to continually demonstrate they meet their TDIF obligations by undergoing annual assessments.

The TDIF supports 4 accreditation roles.

Accredited providers

The TDIF Accreditation Authority has granted accreditation to the services listed below.

Identity providers

An identity provider can create, maintain or manage information about a person’s identity, and offer identity-based services. Relying parties need to be confident that the person they provide a service to is who they say they are. The level of confidence they need depends on the type of service they are providing, and the consequences if they provided it to the wrong person. Identity providers help boost relying parties’ confidence in a person’s digital identity by collecting, verifying, and validating attributes that confirm a person’s identity to an appropriate identity proofing level (IP).

Service name Provider Service type  Accredited identity proofing levels Verification type  Accreditation date Accreditation status
Digital iD Australia Post Mobile application IP2 (Standard) Reusable identity 17 May 2019 Active
myGovID Australian Tax Office Mobile application IP1, IP2 (Basic, Standard) Reusable identity 30 May 2019 Active
OCR Labs OCR Labs Mobile application IP2 (Standard) One-off verification 8 July 2021 Active
myGovID Australian Tax Office Mobile application IP3 (Strong) Reusable identity, biometric enabled 30 August 2021 Active

Credential providers

Credential providers can generate, bind and distribute credentials to individuals or can bind and manage credentials generated by individuals. For services in which return visits are applicable, a successful authentication provides risk-based assurances that the individual accessing the service today is the same individual who accessed the service previously. The robustness of this confidence is described by a credential level (CL) categorisation.

Service name Provider Service type Accredited credential levels Accredited credential types  Accreditation date Accreditation status
Digital iD Australia Post Mobile application CL2 Multi-factor AuthN 17 May 2019 Active
myGovID Australian Tax Office Mobile application CL2 MF Crypto Software 30 May 2019 Active

Identity exchange

Identity exchanges convey, manage and coordinate the flow of identity attributes and assertions between members (identity providers, credential providers, attribute providers and relying parties) of an identity federation.

Service name Provider Interoperability statement Accreditation date Accreditation status
Exchange Services Australia The exchange is able to connect to other digital identity federations using OpenID Connect 1.0 and SAML.  13 May 2019 Active
connectID eftpos The exchange brokers authentication and identity requests using OpenID Connect 1.0 15 September 2021 Active

Attribute providers 

Attribute providers generate and manage attributes and claims about an individual, business or organisation that are provided to relying parties to support their decision-making processes. An attribute provider represents an authoritative source for a selected set of authorisation, qualification, self-asserted, entitlement, or platform attributes under the TDIF.

Service name Provider Accredited attribute class Attributes Accreditation date Accreditation status
Relationship Authorisation Manager (RAM) Australian Tax Office Authorisation Business authorisations 20 June 2019 Active
myGov Services Australia Platform myGov LinkID 25 August 2021 Active

TDIF documents

The TDIF is currently made up of 13 policies. Additional policies will be added as required and as we learn more about user needs.

(Note: We aim to meet the Australian Government’s web accessibility requirements with the documents below. However, if you require a more accessible version, please contact us.)

01 – Glossary of abbreviations and terms [PDF, 624KB] includes a list of acronyms and defines the key abbreviations and terms used in the TDIF.

02 – Overview [PDF, 815KB] provides a high-level overview of the TDIF.

03 – Accreditation process [PDF, 1MB] sets out the process and requirements an applicant is required to complete to achieve TDIF accreditation.

04 – Functional requirements [PDF, 881KB] outlines requirements applicable to the accredited roles, including fraud control, privacy, protective security, user experience and technical testing. It also includes a series of functional assessments to be undertaken by the applicant to achieve TDIF accreditation, including a privacy impact assessment (PIA), privacy assessment, security assessment, penetration test and an accessibility assessment against the Web Content Accessibility Guidelines.

04A – Functional Guidance [PDF, 844KB] provides guidance to applicants on meeting the requirements set out in the TDIF 04 Functional requirements.

05 – Role requirements [PDF, 1.2MB] includes user terms and lifecycle management requirements applicable to the accredited roles.

05A – Role Guidance [PDF, 971KB] provides guidance to applicants on meeting requirements set out in the TDIF 05 Role requirements.

06 – Federation Onboarding Requirements [PDF, 803KB] outlines the requirements to be met when an applicant’s identity system is approved to onboard to the Australian Government’s identity federation. This document includes functional requirements, technical integration testing requirements, operating obligations and the accreditation requirements for an identity exchange.

06A – Federation Onboarding Guidance [PDF, 1.37MB] provides guidance to applicants on meeting requirements set out in the TDIF 06 Federation onboarding requirements.

06B – OpenID Connect 1.0 Profile [PDF, 1.3MB] describes how OpenID Connect 1.0 is used within the Australian Government’s identity federation.

06C – SAML 2.0 Profile [PDF, 957KB] describes how SAML 2.0 is used within the Australian Government’s identity federation.

06D – Attribute profile [PDF, 996KB] describes the attributes used within the Australian Government’s identity federation and how these are mapped in the OpenID Connect 1.0 Profile and SAML 2.0 Profile.

07 – Annual Assessment [PDF, 604KB] sets out the process and requirements an accredited provider is required to complete by the anniversary of their initial accreditation date to remain TDIF accredited.

Accreditation templates

The following templates are provided as guidance for applicants and can help support their accreditation effort.

TDIF Accreditation Requirements – template [XLS, 619KB] includes all TDIF requirements.

TDIF Application for Accreditation Letter – template [docx, 64KB] a template for the TDIF accreditation letter as required in the TDIF 03 accreditation process.

TDIF Statement of claims [PDF, 511KB] to be completed and submitted with the TDIF Application for Accreditation Letter as required in the TDIF 03 accreditation process.

TDIF Fraud Control Plan – template [docx, 283KB] sets out the standard assessment requirements to be covered by an applicant’s Fraud Control Plan.

TDIF Functional Assessments (generic) – template [docx, 281KB] sets out the standard assessment requirements to be covered by an applicant’s functional assessment.

TDIF Privacy Impact Assessment (PIA) – template [docx, 324KB] sets out the standard assessment requirements to be covered by an applicant’s privacy impact Assessment.

TDIF Privacy Assessment (functional assessment) [docx, 299KB] sets out the specific assessment requirements to be covered by an applicant’s privacy assessment.

TDIF Technical Test Plan – template [docx, 282KB] sets out the requirements to be covered by an applicant’s Technical Test Plan and report.

TDIF Cryptographic Key Management Plan - template [docx, 280KB] sets out the requirements to be covered by an applicant’s Cryptographic Key Management Plan.

TDIF Exemption request form [docx, 93KB] to be used by an applicant when submitting an exemption request to the DTA.

TDIF Usability Test Plan and Report - template [docx, 281KB] sets out the requirements covered by the Applicant's usability test plan, testing and report.

TDIF Attestation Letter (Annual Assessment) [docx, 48KB] a template for the TDIF attestation letter as required by the TDIF 07 Annual Assessment requirements.

TDIF changes

The next scheduled review of the TDIF will occur by July 2022. Any changes made to the document suite before this date will be recorded in a TDIF change management document and will be made available on our website. All changes to the TDIF will occur in accordance with the TDIF Variation Standard Operating Procedure.

All changes made to the TDIF are published in accordance with the TDIF Variation Standard Operating Procedure. All changes to the TDIF documents are recorded in the TDIF Change Log, available below.

TDIF Variation Standard Operating Procedure [PDF, 440KB] sets out the procedure for implementing requested changes to the TDIF.
TDIF Change Request Form [PDF, 149KB] use this form to request any changes to the TDIF.
TDIF Change Log – October 2021 [XLS, 304KB] records any changes made to the TDIF before July 2022.

Set it up once, and then reuse it whenever you are asked to prove who you are.

How to create your Digital Identity
Hands holding a smartphone that is displaying a key on the screen
Back to top