“When signing
up to the platform for the first time, users will be asked to provide their
name, email address, and phone number, and verify their details via email or
SMS. They will then be asked to provide information from three identity
documents, which goes through the exchange to the identity provider for verification.
The exchange receives encrypted details back which it passes on to the
government service the user wants to reach, which then grants the user access.” [IT News, 20 March 2015]
IT
News, 8
February 2018:
The Department of Human
Services looks set to become the federal government's exclusive manager of
digital identities after being selected to build the identity provider solution
that will be used for the Govpass platform.
The Govpass framework is
a decentralised identity model that allows individuals
to choose their identity provider - an organisation that issues identity
documents, like Australia Post or the ATO - and access a range of public and
private sector services through a single digital identity credential.
There is no limit on the
number of identity providers outside of the Commonwealth that can be accredited
for Govpass; Australia Post has already indicated it will seek to become
the first non-government identity provider, using its Digital iD platform.
Several state and
territory government agencies and private sector entities are also expected to
become identity providers over time.
However, the federal
government last year made the decision that only one
identity provider would operate for the entire Commonwealth.
The Digital
Transformation Agency revealed the decision following meetings with existing
Commonwealth identity service providers, DHS and the ATO. Its rationale for the
move was to focus security efforts in one place and avoid complex
administrative structures.
iTnews revealed in
October that the DTA was yet to make up its mind up on which of the two
agencies would serve as the federal government’s sole identity provider for
GovPass, even as testing
of the new platform was taking place with the ATO’s new online tax
file number application service.
Instead the DTA said it
was working closely with the ATO and DHS on the “next steps” for the platform.
But in response to
questions on notice from recent estimates hearings, DHS revealed it had been
instructed to develop the federal government’s single identity provider
platform, to be known as myGov IdP.
“The department was
commissioned by the DTA to build the identity provider (IdP) for the
whole-of-government,” it said.
“The myGov IdP will
enable citizens to verify their identity online and use it to apply for
government services.”
iTnews has made
several attempts to clarify the statements with the DTA and DHS, but
both refused to comment on the build and DHS’ apparent position as the
single government identity provider.
The ATO similarly
redirected questions about its involvement with Govpass, including whether it
had also been asked by the DTA to build an identity provider solution, to the
DTA.
Selecting DHS as the
sole government identity provider would be an obvious choice for the DTA -
the agency is the government’s current defacto whole-of-gov identity provider
through the myGov digital services platform.
A private beta release
of myGov IdP is currently planned for later this month.
Identity providers on
Govpass will use the DTA-built identity exchange – and in turn the document
verification service (DVS) and facial verification service (FVS) – to verify an
individual’s credentials without revealing their identity to service providers.
[my yellow bolding]Note: The Face Identification Service (FIS) is a one-to-many, image-based identification service that can match a photo of an unknown person against multiple government records to help establish their identity. FIS is also available to police, security services, Dept. of Immigration and Dept. of Foreign Affairs. [Australian Attorney-General's Department, October 2017]
No comments:
Post a Comment