1. Introduction

You are viewing an ARCHIVED version of this document. Please see the latest version here.

This Standard is one of the NZ e-GIF authentication standards. These standards outline current accepted good practice for the design (or re-design) of the authentication component of online services that require confidence in the identity of parties transacting with government agencies. Implementation of these standards by agencies will reduce the possibility of misuse and abuse of identity arising from services being delivered online.

The authentication process consists of establishing and confirming the established identity over time. Establishing identity requires verified evidence of a person’s identity, so that he or she can be set up as an online service customer. The ongoing confirmation of identity requires the use of an ‘authentication key’, such as a username and password combination, to authenticate identity across the Internet.

The suite of authentication standards comprises:

• Guide to Authentication Standards for Online Services
• Evidence of Identity Standard
• Authentication Key Strengths Standard
• Data Formats for Identity Records Standard
• Password Standard
• Other authentication key standards (to be developed)
• New Zealand Security Assertion Messaging Standard (in preparation)
• Guidance on Multi-factor Authentication
• Security Assertion Messaging Framework.

The Guide to Authentication Standards for Online Services should be read before reading the Data Formats for Identity Records Standard, as it provides a high-level overview of the suite of authentication standards.

In the course of routine business and Evidence of Identity processes, agencies collect, record and, in some cases, exchange identity-related elements as part of a customer record. The Data Formats for Identity Records Standard specifies a set of data formats for a range of uses such as identity verification, authorised data matching and information sharing.

A clear distinction between this Standard and the New Zealand Security Assertion Messaging Standard (in preparation) should be noted. There is no direct relationship between the Standards. The Data Formats for Identity Records Standard supports the Evidence of Identity Standard processes of collecting, recording and establishing the identity of individuals, “after the fact” of a person self-reporting it. The New Zealand Security Assertion Messaging Standard is the format for conveying, in real-time, assertions and other security message types in a person’s online logon session, in the course of ongoing authentication, authorisation and identity verification.

Where agencies:

• use one or more elements specified in this Standard, they SHOULD use the syntax specified in this Standard
• exchange one or more elements specified in this Standard, they MUST use the syntax specified in this Standard.

The data formats in this Standard are specified using an industry standard that is designed to represent customer information such as name and address, date and place of birth, and other identifying information.

Implementing this Standard will enable agencies to:

• improve interoperability between agencies under data matching agreements authorised by Parliament and monitored by the Office of the Privacy Commissioner
• reduce duplicated effort such as re-keying and mapping data
• clarify agency requirements in Request for Proposal (RFP) documents, in turn helping vendors propose consistent customer management system solutions.

As a technical standard, this document describes both policy and technical issues. Together with the Foreword, sections 1 to 4 provide information on the context, application, scope and rationale for this Standard. These sections are of more interest to readers with policy responsibilities. Sections 5 to 7 provide the technical content of the Standard. These sections are of more interest to readers with technical responsibilities.

Agencies should note that they need to ensure there is adequate business continuity planning (BCP) for their online services.