Trusted Digital Identity Framework (TDIF)

Hands typing on a laptop keyboard

TDIF

The Trusted Digital Identity Framework (TDIF) is an accreditation framework for Digital Identity services.

It sets out the requirements that applicants need to meet to achieve accreditation. The TDIF also includes guidance material and templates to support providers to meet TDIF requirements.

On this page

The current TDIF accreditation program

The Australian Government provides two options for TDIF accreditation: 

  • to only seek accreditation under TDIF; or 
  • to seek accreditation under TDIF and participate in the Australian Government Digital Identity System (the System). Note: Currently only government agencies and government digital identity services can be onboarded to the System. 

Accredited provider 

Entities may choose to be accredited under TDIF. This demonstrates that their digital identity services are trusted, safe and secure and built to the standards set by the Australian Government. These services are not, however, onboarded to the System. 

Accredited participant  

To provide digital identity services in the System, entities must be accredited under TDIF and onboarded to the System.  

Current options for identity services to engage with the System: 

Diagram depicting the current differences between a non-participant, an accredited provider, and an onboarded and accredited provider.

Accreditations

The Australian Government is accrediting a number of businesses under the TDIF as a part of testing the readiness of the Australian Government Digital Identity System to expand beyond the Australian Government. This is an exciting next step in the roll out of the Digital Identity program.

TDIF accreditation has been granted to the services listed below.

Identity providers

An identity provider can create, maintain or manage information about a person’s identity, and offer identity-based services. Relying parties need to be confident that the person they provide a service to is who they say they are. The level of confidence they need depends on the type of service they are providing, and the consequences if they provided it to the wrong person. Identity providers help boost relying parties’ confidence in a person’s digital identity by collecting, verifying, and validating attributes that confirm a person’s identity to an appropriate identity proofing level (IP).

Service name Provider Service type  Accredited identity proofing levels Verification type  Accreditation date Accreditation status
Digital iD Australia Post Mobile application IP2 (Standard) Reusable identity 17 May 2019 Active
myGovID Australian Tax Office Mobile application IP1, IP2 (Basic, Standard) Reusable identity 30 May 2019 Active
OCR Labs OCR Labs Mobile application IP2 (Standard) One-off verification 8 July 2021 Active
myGovID Australian Tax Office Mobile application IP3 (Strong) Reusable identity, biometric enabled 30 August 2021 Active
OCR Labs OCR Labs Mobile application IP3 (Strong) One-off verification, biometric enabled 7 March 2022 Active
ID Mastercard Mobile application IP1+ (Basic) Reusable identity 21 July 2022 Active

Credential providers

Credential providers can generate, bind and distribute credentials to individuals or can bind and manage credentials generated by individuals. For services in which return visits are applicable, a successful authentication provides risk-based assurances that the individual accessing the service today is the same individual who accessed the service previously. The robustness of this confidence is described by a credential level (CL) categorisation.

Service name Provider Service type Accredited credential levels Accredited credential types  Accreditation date Accreditation status
Digital iD Australia Post Mobile application CL2 Multi-factor AuthN 17 May 2019 Active
myGovID Australian Tax Office Mobile application CL2 MF Crypto Software 30 May 2019 Active
ID Mastercard Mobile application CL2 MF Crypto Software 21 July 2022 Active

Identity exchange

Identity exchanges convey, manage and coordinate the flow of identity attributes and assertions between members (identity providers, credential providers, attribute providers and relying parties) of an identity federation.

Service name Provider Interoperability statement Accreditation date Accreditation status
Exchange Services Australia The Exchange supports relying parties using OpenID Connect 1.0 or SAML. 13 May 2019 Active
connectID eftpos The exchange brokers authentication and identity requests using OpenID Connect 1.0 15 September 2021 Active
ID Mastercard The exchange brokers authentication and identity requests using OpenID Connect 1.0 10 June 2022 Active

Attribute providers 

Attribute providers generate and manage attributes and claims about an individual, business or organisation that are provided to relying parties to support their decision-making processes. An attribute provider represents an authoritative source for a selected set of authorisation, qualification, self-asserted, entitlement, or platform attributes under the TDIF.

Service name Provider Accredited attribute class Attributes Accreditation date Accreditation status
Relationship Authorisation Manager (RAM) Australian Tax Office Authorisation Business authorisations 20 June 2019 Active
myGov Services Australia Platform myGov LinkID 25 August 2021 Active

Applying for TDIF accreditation

Thanks for your interest in TDIF accreditation. We welcome organisations and government agencies interested in being accredited under the TDIF.  
 
Before submitting your application, we ask that you request a pre-engagement meeting with the Digital Transformation Agency by emailing digitalidentity@dta.gov.au, including a description of your organisation and the identity system proposed for accreditation. 

Our Accreditation/ Engagement team will contact you to organise a meeting which will include next steps and how to submit a formal application.  

To become a TDIF accredited provider, applicants are required to demonstrate how their Digital Identity service meets requirements for: 

  • accessibility and usability
  • privacy protection
  • security and fraud control
  • risk management
  • technical integrity and more.

For more information about the accreditation process, go to TDIF 03 Accreditation Process.

Once accredited, providers need to continually demonstrate they meet their TDIF obligations by undergoing annual assessments. For more information, go to TDIF 07 Maintain Accreditation.

 

TDIF policy documents

The TDIF is currently made up of 13 policies. Additional policies will be added as required and as we learn more about user needs.

(Note: We aim to meet the Australian Government’s web accessibility requirements with the documents below. However, if you require a more accessible version, please contact us.)

01 – Glossary of Abbreviations and Terms [PDF, 882KB] includes a list of acronyms and defines the key abbreviations and terms used in the TDIF.

02 – Overview [PDF, 821KB] provides a high-level overview of the TDIF.

03 – Accreditation Process [PDF, 1MB] sets out the process and requirements an applicant is required to complete to achieve TDIF accreditation.

04 – Functional Requirements [PDF, 986KB] outlines requirements applicable to the accredited roles, including fraud control, privacy, protective security, user experience and technical testing. It also includes a series of functional assessments to be undertaken by the applicant to achieve TDIF accreditation, including a privacy impact assessment (PIA), privacy assessment, security assessment, penetration test and an accessibility assessment against the Web Content Accessibility Guidelines.

04A – Functional Guidance [PDF, 997KB] provides guidance to applicants on meeting the requirements set out in the TDIF 04 Functional requirements.

05 – Role Requirements [PDF, 1.2MB] includes user terms and lifecycle management requirements applicable to the accredited roles.

05A – Role Guidance [PDF, 1.4MB] provides guidance to applicants on meeting requirements set out in the TDIF 05 Role requirements.

06 – Federation Onboarding Requirements [PDF, 810KB] outlines the requirements to be met when an applicant’s identity system is approved to onboard to the Australian Government’s identity federation. This document includes functional requirements, technical integration testing requirements, operating obligations and the accreditation requirements for an identity exchange.

06A – Federation Onboarding Guidance [PDF, 1.42MB] provides guidance to applicants on meeting requirements set out in the TDIF 06 Federation onboarding requirements.

06B – OpenID Connect 1.0 Profile [PDF, 1.3MB] describes how OpenID Connect 1.0 is used within the Australian Government’s identity federation.

06C – SAML 2.0 Profile [PDF, 957KB] describes how SAML 2.0 is used within the Australian Government’s identity federation.

06D – Attribute Profile [PDF, 1MB] describes the attributes used within the Australian Government’s identity federation and how these are mapped in the OpenID Connect 1.0 Profile and SAML 2.0 Profile.

07 – Maintain Accreditation [PDF, 860KB] sets out the process and requirements an accredited provider is required to complete by the anniversary of their initial accreditation date to remain TDIF accredited.

Accreditation templates

The following templates are provided as guidance for applicants and can help support their accreditation effort.

TDIF Accreditation Requirements – template [XLS, 927KB] includes all TDIF requirements.

TDIF Application for Accreditation Letter – template [docx, 93KB] a template for the TDIF Accreditation Letter as required in the TDIF 03 Accreditation Process.

TDIF Application for Variation of Accreditation Letter – template [docx, 100KB] a template for the TDIF Accreditation Letter as required in the TDIF 03 Accreditation Process.

TDIF Statement of Claims - form [PDF, 395KB] to be completed and submitted with the TDIF Application for Accreditation Letter or Application for Variation of Accreditation Letter as required in the TDIF 03 accreditation process.

TDIF Attestation Letter (Initial Assessment) – template [docx, 59KB] a template for the TDIF Qualifying Attestation Letter as required in the TDIF 03 Accreditation Process.

TDIF Attestation Letter (Annual Assessment) – template [docx, 58KB] a template for the TDIF Qualifying Attestation Letter as required by the TDIF 07 Maintain Accreditation requirements.

TDIF Fraud Control Plan – template [docx, 116KB] sets out the standard assessment requirements to be covered by an applicant’s Fraud Control Plan.

TDIF Cryptographic Key Management Plan – template [docx, 96KB] sets out the requirements to be covered by an applicant’s Cryptographic Key Management Plan.

TDIF Privacy Impact Assessment (PIA) Report – template [docx, 146KB] sets out the standard assessment requirements to be covered by an applicant’s PIA Functional Assessment Report.

TDIF Privacy Assessment Report – template [docx, 141KB] sets out the specific assessment requirements to be covered by an applicant’s Privacy Assessment Functional Assessment Report.

TDIF Penetration Test Report – template [docx, 105KB] sets out the standard assessment requirements to be covered by an applicant’s Penetration Test Functional Assessment Report.

TDIF Security Assessment Report – template [docx, 166KB] sets out the specific assessment requirements to be covered by an applicant’s Security Assessment Functional Assessment Report.

TDIF Accessibility Assessment Report – template [docx, 107KB] sets out the standard assessment requirements to be covered by an applicant’s Accessibility Assessment Functional Assessment Report.

TDIF Exemption Request Form [docx, 244KB] to be used when submitting an exemption request as required by TDIF 03 Accreditation Process.

Test report – PAD Algorithm – template [docx, 390KB] sets out a standard test report as required for applicants that undergo PAD capability biometric testing as part of Online Biometric Binding.

Test report – Biometric Matching Algorithm – template [docx, 389KB] sets out a standard test report as required for applicants that undergo biometric testing as part of the Technical Biometric Binding.

TDIF changes

All changes made to the TDIF are published in accordance with the TDIF Variation Standard Operating Procedure. All changes to the TDIF documents are recorded in the TDIF Change Log, available below.

TDIF Variation Standard Operating Procedure [PDF, 440KB] sets out the procedure for implementing requested changes to the TDIF.
TDIF Change Request Form [PDF, 149KB] use this form to request any changes to the TDIF.
TDIF Change Log – June 2022 [XLS, 1MB] records any changes made to the TDIF before July 2022.

Set it up once, and then reuse it whenever you are asked to prove who you are.

Icon of a phone with tick
Back to top