Authentication Standards
Authentication Standards
Standards are important because they provide a framework that promotes consistent authentication of identity by government agencies, regardless of whether agencies use the shared services being developed by the Authentication Programme or implement their own solutions.
The authentication standards support the establishment and on-going confirmation of identity. For each service, agencies must determine the level of identity-related risk. This level corresponds to a level of confidence required to establish an individual's identity and to an authentication key that provides on-going verification of identity. Other standards define data formats for identity-related data and message formats for confirmation of identity.
The following standards have been developed:
- Guide to Authentication Standards for Online Services
- Evidence of Identity Standard [Department of Internal Affairs]
- Authentication Key Strengths Standard
- Data Formats for Identity Records Standard
- Password Standard
- New Zealand Security Assertion Messaging Standard (in development)
In accordance with the provisions of the Authentication Standards, the Authentication Standards for Online Services Working Groups may from time to time agree to minor corrections, additional explanations, amendments or revisions of these standards. Such changes will also be included in any subsequent re-printings of the Standards concerned:
Note that the Evidence of Identity Standard, developed by the Department of Internal Affairs, is applicable to all services, regardless of whether or not they are delivered through an online channel.
Two supporting documents have also been developed:
A set of Frequently Asked Questions (FAQs) provides more information about the authentication standards.
