Story image

Australia's Digital ID framework is now one step closer to reality

05 Mar 2018

Australia’s Trusted Digital Identity Framework is one step closer to being a reality. The framework (TDIF) is part of the Australian Government Digital Transformation Agency’s mission to boost accreditation standards for organisations that want to provide digital identity services.

“We believe that it should be safe and easy for everyone to prove who they are. This means giving people a secure option to verify their identity online rather than needing to visit an office or shopfront,” DTA explains.

The Digital Transformation Agency (DTA) consulted with privacy advocates, digital identity experts, the financial sector and the public to develop the accreditation standards.

The Agency received more than 1000 comments from public consultation and these were used to help shape the framework, DTA says.

The concept of a digital identity model for supporting Australia’s economic growth was first suggested in 2014 for by the Financial System Inquiry. It believed the model would best meet cost, efficiency, flexibility and innovation requirements driven by Australia’s digital economy.

TDIF outlines requirements for digital identities in six different areas: security; usability; privacy protection; accessibility; fraud protection; and risk management.

There are ten documents that outline various components and DTA says it must work closely with stakeholders under common standards and using common tools. Those documents fit under the categories mentioned above.

The documents cover accreditation; authentication credentials; fraud control; identity proofing; privacy; proactive security; risk management; usability and accessibility; proactive security reviews; and community and industry feedback.

Applicants that wish to start the accreditation process should be able to complete TDIF accreditation within 12 months of starting. They should have a fully operational identity service prior to application. They will be evaluated according to the nine other documents.

DTA says that the ultimate success of the framework will be evident when people are able to establish a secure digital identity through a provider and reuse their identity to transact with the government and private sector.

DTA is also working on adding offline management for creating digital identities and adding capabilities for individuals to act on behalf of a business.

“These components will help remove the barriers for people who do not have the required documentation to create their digital identity online. It will also simplify the interactions business people have to have with government to get their work done.”

The TDIF replaces the National e-Authentication Framework and the Third Party Identity Services Assurance Framework.

Read more about the DTA’s Trusted Digital Identity Framework and its ten components on the Digital Transformation Agency’s website

ESET researchers break down latest arsenal of the infamous Sednit group
At the end of August 2018, the Sednit group launched a spear-phishing email campaign, in which it distributed shortened URLs that delivered first-stage Zebrocy components.
Container survey shows adoption accelerating while security concerns remain top of mind
The report features insights from over 500 IT professionals.
Google 'will do better' after G Suite passwords exposed since 2005
Fourteen years is a long time for sensitive information like usernames and passwords to be sitting ducks, unencrypted and at risk of theft and corruption.
Who's watching you? 
With privacy an increasing concern amongst the public, users should be more aware than ever of what personal data companies hold.
Fake apps on Google Play scamming users out of cryptocurrency
Fake cryptocurrency apps on Google Play have been discovered to be phishing and scamming users out of cryptocurrency, according to a new report from ESET.
Managing data to comply with privacy regulations - Micro Focus
It’s crucial for organisations to be able to access, understand, and accurately classify the data they have so they know how to treat it.
Hackbusters! Reviewing 90 days of cybersecurity incident response cases
While there are occasionally very advanced new threats, these are massively outnumbered by common-or-garden email fraud, ransomware attacks and well-worn old exploits.
SEGA turns to Palo Alto Networks for cybersecurity protection
When one of the world’s largest video game pioneers wanted to strengthen its IT defences against cyber threats, it started with firewalls and real-time threat intelligence from Palo Alto Networks.