Skip to content.
|Networking government in New Zealand.

FAQs

Why have the standards been developed?
The authentication standards will enable government agencies to deliver a wider range of online services with greater confidence in the identity of individuals they transact with.  This will, in turn, assist agencies to achieve the Networked State Services Development Goal of transforming the operation of government through the use of the Internet.
Are the standards mandatory?
The standards will be incorporated into the New Zealand E-government Interoperability Framework (e-GIF) and will become mandatory for Public Service departments and Non-Public Service departments once there is a track record of proven successful implementation.
How were the standards developed?
The standards were developed using the NZ e-GIF development process.  This process uses working groups comprising representatives from a range of government and non-government stakeholder groups to develop draft standards.  The working groups then consider feedback from consultation on the draft standards before finalising the standards.
What standards have been developed?
The following standards have been developed:
Note that the Evidence of Identity Standard, developed by the Department of Internal Affairs, is applicable to all services, regardless of whether or not they are delivered through an online channel.
Two supporting documents have also been developed:
In what order should I read the standards?
The Guide to Authentication Standards for Online Services should be read first as it provides an entry point and navigational tool for the suite of standards. The remaining standards provide detailed guidance for a range of technical areas and assume their readers possess in-depth knowledge of these areas.
Why should I read the standards?
Recent media coverage has highlighted an increase in both the frequency and sophistication of attacks on online services.  Furthermore, there is growing evidence that the use of passwords or other forms of shared secrets alone is becoming increasingly vulnerable to attack from both local and global sources.
The authentication standards are based on an assessment of the identity-related risks associated with the delivery of services.  In view of the increasingly challenging online environment, it is recommended that government agencies should assess the identity-related risks for their current and planned online services.
In the event that this assessment concludes that there is a need for a greater level of protection than passwords or other forms of shared secrets, agencies should note that the Authentication Programme will provide a cost-effective solution in the form of the Government Logon Service during late-2006.
What is the relationship of the standards to the all-of-government authentication services?
The authentication standards support the all-of-government authentication services.  Some of the technical standards are required to be implemented when adopting specific all-of-government services. Further information on these services can be obtained from the e-government web site's authentication home page. Others, like the Guide to Authentication Standards for Online Services, can be used to help clarify risks for agencies’ use of online transactions whether or not all-of-government authentication services are used.
Will the standards require government agencies to collect more personal information than at present?
No. Government agencies that implement the authentication standards must have due regard to their existing legislative obligations relating to the collection, use, and disclosure of personal information. These obligations include compliance with relevant New Zealand laws and regulations, such as the Privacy Act 1993, the Human Rights Act 1993 and any authorising legislation for the particular service or agency.