Skip to content.
|Networking government in New Zealand.
 

Appendix 4: Areas Identified for Resolution

The following issues (for resolution in detailed design) have been identified during the development of this preliminary assessment. To resolve and provide fully (or even partly) documented solutions to each of the models is not practical at this stage in the development of a proposed solution based on the four models developed by the Online Authentication Project.

The issues recorded are acknowledged as needing attention. They will be addressed when there is more certainty about the proposed solution and there is appropriate resource available to prepare fully informed discussion and solution proposals.

This cannot occur until the results of the public consultation have been considered, but is scheduled for completion before the recommended online authentication solution is presented to Cabinet in June 2003.

1. Use, disclosure and retention of information

1.1. Enrolment

The process will be similar to that currently used by the Department of Internal Affairs (Identity Services, the Passport Office). Base level information will be requested from people who choose to use online authentication.

It is envisaged that information listed below will be used to establish identity. Most of this is already held by government agencies with which individuals already have a working relationship. With the prior agreement of the individual, this will be used to populate the authentication database - whichever storage option is chosen. If agreed, this information would be 'copied across' to the authentication database. The timing of this process is important.

This information must be from pre-agreed agencies that have retained evidence that their data is 'clean'. During the process, applicants would be formally asked to confirm the data and be given an opportunity to challenge / update any field (with appropriate confirmation of the changed data). This information will also be supported by a binding confirmation of identity (possibly in the form of an Affidavit) from an agreed trusted referee. There will be a need to create a standard around the information required. Examples of information to be gathered are:

Identity information to be held:

  • Formal Name: Family, Given (First, Second, Third)

  • Alternative Name: Family, Given (First, Second, Third)

  • Preferred Name: ('known as' or nickname)

  • Date of Birth (dd/mmm/yyyy)

  • Gender

  • Status - Citizen, Permanent Resident, Visa

  • Shared secrets (up to 10 to be held; covering a mix of questions AND responses)

Personal information to be held (at the choice of the individual):

  • Physical Address: (Street Number, street name, street qualifier [road, avenue etc], suburb, city)

  • Other Address: (email, PO Box, Private Bag)

  • Contact numbers: (telephone, cell phone, fax)

OTHER Personal information to be held. This information is personal but transaction oriented. What the information is depends on the model being applied - ie models 1, 3 and 4 all require more personal detail to be held by the authentication authority than that in model 2. The information passed MUST be relevant to the service sought by the individual. The following are examples only:

  • Income (possibly in ranges)

  • Number of dependents

  • Accommodation (eg rented, owned)

Administration information would be created or derived and also held on the database:

  • Authentication Identifier (an identification number assigned at enrolment)

  • Trusted referee proof of identity (agency name and date of proof)

  • Date of enrolment

  • Administration fields covering date of last access, ID of last access (audit trail controls)

Standards are to be established to address the following:

(a) A list of agencies that are accepted as providers of 'clean' data. This would include standards as to the agency itself covering things like:

  • Period of existence of the agency

  • Relationship of the agency to the person.

Initially it is expected that the following agencies may qualify as providers of base Identity or Personal information:

  • DIA - the Passport office, the Registrar of Births Deaths and Marriages,

  • LINZ (Landonline data)

  • MSD (CYRAS data)

  • IRD

  • ACC

In addition, other non central government agencies, e.g. Local Authorities, may be included.

(b) A list of agencies (or individuals) that will be acceptable to Government as trusted referees (third party providers/confirmers of confirmation). It is expected that the trusted referee will have to put their confirmation in writing (to an agreed form - possibly of an 'affidavit' type and standard) stating that they have know the person for a period (say five years). The following are examples of groups that may qualify:

  • Any one of the above agencies that has not provided the base data

  • Registered medical practitioners (doctors) including specialist areas (eg: surgeons, psychiatrists, physiologists, etc.)

  • Chartered accountants

  • The legal profession (Judges, JPs, Notary Public officers, etc)

  • Banks

  • Welfare societies (eg Southern Cross, Barnados)

  • Clergy

  • Kaitiaki, Kamatua

(c) In respect of the information to be gathered, we acknowledge the following need to be addressed, including establishing (in consultation with appropriate groups) workable resolutions:

(a) What information is to be checked?

(b) How is the information it to be checked? What actual checks are undertaken - by reference to other information, to what level of detail?

(c) What is to be kept during the check, and how is it to be kept?

(d) What details of the results are to be made available to the person being checked - particularly if there is a problem?

(e) What happens when information does not check out? Which agencies / people are advised?

(f) In respect of the 'shared secrets', how will these be constructed? Who will maintain them? How will they be used? What is the format to be for the questions?

1.2. Information storage

Each of the storage options will require consistent standards of operation. Responses or position papers to each of the following are to be prepared as a model (or parts of a model) is chosen. The work will include preparing standards to address at least the following:

  • After the check of identity information is complete, is the information stored? How is it stored? What archiving facilities are maintained?

  • The removal from agencies (authentication or service) of any personal information held?

  • The physical requirements of the processing unit (the authentication agency)

  • Technology related issues - what equipment? how configured? what use of the internet?

  • Who has access to the information (Police, SIS, IRD etc)? For what reason? Who is told? When? Should Court orders (warrants of search) be allowed to operate under normal circumstances or should special conditions apply to the granting of such access?

  • Encryption - of the data stored (level of complexity etc), of transmissions across agencies as requests for identity are made.

  • Should an Escrow function be established - for trusted referees, service agencies, authentication agencies?

  • How is non-repudiation of transactions (individual and /or agency) to be enforced?

  • Backup processes including online real-time (hot site) storage and off-site (overseas?) third level backup?

  • The independent review function - the funding / operation of / reporting lines for the 'authentication appeal authority'

  • The audit function (what layers are needed, to whom should the auditors report [the CEO, the Minister, Parliament?])

  • The help desk function - Where is it to reside? What support processes can be automated? What information can viewed by help desk personnel? What logging of such activity should there be and who would review/have access to this?

  • What are the reporting lines of the storage authority - to a Minister for ~, Minister Responsible for ~, to Parliament (similar to a Statutory Officer of Parliament - Ombudsman or Auditor-General like)?

1.3. Transaction authorisation

The issues to be addressed here relate to the following:

  • How should credential checking (from service agency to authentication agency - including the response) be undertaken? A decision (probably at service agency level) will need to be made to assess the need for 'instant' confirmation of identity or transaction related data. Options include:
    • in an online environment - immediate checking
    • in an over night batch process - delayed checking.
  • Can the service agency refuse to accept a valid credential?
  • How is a 24-hour a day, seven-day a week authentication service to be provided? What will happen if the service is not available?
  • After the check is complete,
    • what information is stored?
    • how is it stored?
    • who can access that information?
    • what archiving facilities are maintained?
  • How will transaction logging be undertaken? How are the results stored? Who will have access to the log?
  • How will 'consent' be obtained from the individual for each transaction? Which agency will store the information? Who will have access to it?


[ Previous | Next ]