FAQs

Why have the standards been developed?

The All-of-government Authentication services and standards will enable government agencies to deliver a greater range of secure online services with greater confidence in the identity of individuals they transact with.  This will provide citizens and others using government services with a wider range of online services delivered in a more private, convenient and consistent manner. This will, in turn, assist agencies to achieve the e-government goal of transforming the operation of government through the use of the Internet by June 2010.

Are the standards mandatory?

When finalized, the standards will be incorporated into the New Zealand E-government Interoperability Framework (NZ e-GIF).  Cabinet has made use of the NZ e-GIF mandatory for all Public Service departments and Non-Public Service departments.  Cabinet has encouraged organisations in the wider State sector to adopt the e-GIF, and invited local authorities to also adopt it.

How were the standards developed?

The standards were developed using the NZ e-GIF development process.  This process uses working groups comprising representatives from a range of government and non-government stakeholder groups to develop draft standards.  The working groups then consider feedback from consultation on the draft standards before finalising the standards. The consultation process is now underway.

What standards have been developed?

The following standards have been developed:

• Guide to Authentication Standards for Online Services 
• Evidence of Identity Standard [Department of Internal Affairs]
• Authentication Key Strengths Standard
• Data Formats for Identity Records Standard
• Password Standard 
• Security Assertion Messaging Standard (in development)

Note that the Evidence of Identity Standard, developed by the Department of Internal Affairs, is applicable to all services, regardless of whether or not they are delivered through an online channel.  A companion document providing guidance on agency use of multi-factor authentication is also being developed.

In what order should I read the standards?

The Guide to Authentication Standards for Online Services should be read first as it provides an entry point and navigational tool for the suite of standards. The remaining standards provide detailed guidance for a range of technical areas and assume their readers possess in-depth knowledge of these areas.

What is the relationship of the standards to the all-of-government authentication services?

The authentication standards support the all-of-government authentication services.  Some of the technical standards are required to be implemented when adopting specific all-of-government services. Further information on these services can be obtained from the e-government website's authentication home page. Others, like the Guide to Authentication Standards for Online Services, can be used to help clarify risks for agencies’ use of online transactions.

Will the standards require government agencies to collect more personal information than at present?

No. Government agencies that implement the authentication standards must have due regard to their existing legislative obligations relating to the collection, use, and disclosure of personal information. These obligations include compliance with relevant New Zealand laws and regulations, such as the Privacy Act 1993, the Human Rights Act 1993 and any authorising legislation for the particular service or agency.