Development of the Project

7. Significant changes have been proposed since the initial PIA was completed in December 2003. A phased approach has now been recommended which excludes the development of a 'full build' scheme including a formal shared Credential, at least in the immediate future. Consideration was given to two other options, being accredited standards only, and an Initial Implementation. This latter option is recommended by the EGU for government approval in the near future.

8. The Initial Implementation (II) option consists of five components [The following description of the five II components has been provided by the Project Team] :

1. Accredited Standards

This comprises work to prepare all-of-government Online Authentication Standards. It includes tasks related to identifying and developing standards, consulting with agencies, establishing governance and management routines, and a formal accreditation process.

2. Evidence of Identity (EOI) and Credential investigation

This comprises work mostly, but not entirely, to be undertaken by the Department of Internal Affairs (DIA) to consider all-of-government Evidence of Identity processes. The component includes tasks related to:

• reviewing the current Passports application process;
• identifying possible synergies that may arise from combining existing internal EOI processes (eg Births, Deaths and Marriages and the Passports Office) or from leveraging other agencies EOI processes (eg Department of Labour - Immigration Service); and
• researching and analysing evolving international trends (including the use of biometrics and 'in person proofing').

Work is also to be undertaken on preparing for potential future development of an all-of-government identity Credential.

3. Policy Development

This component supports the development of policy to support the standards; associated governance and oversight arrangements; legal processes around the potential for future legislation and legal certainty (non-repudiation and legislative compliance) and legal liability; tikanga issues; and the extent to which authentication needs for business can be met by the same means as authentication for individuals.

4. Review Bodies and Privacy Impact Assessment

This component will assist in developing transparency and accountability in the authentication process. Support both for and from the Offices of the Privacy Commissioner and the Ombudsmen is to be addressed. This includes providing and receiving input into the developing process and the adoption of an education, monitoring and complaints resolution process.

An update or extension to the existing PIA is to be part of the next stage of this development.

5. Shared Keys

The next phase of this development is to construct and trial a Shared Keys system between 2 - 3 agencies. This will not involve the sharing of or reliance upon Credentials between the agencies involved. It will be an operational system and will require ongoing support.

9. Since December 2003, the Hight Level Technical Design (HLTD) has been further revised. [High Level Technical Design, v.1.0 18 February 2004] If the 'full-build' had been recommended, this PIA Update would have looked in more detail at this Design. However, the Initial Implementation will almost certainly lead to significant further developments and changes to the technical design of any longer term centralised authentication scheme. In this context it seemed wasteful to review the HLTD in more detail at this stage. Some references have been made to it where appropriate.