20. Authentication

20.1.1 Standards to comply with if requesting user authentication

It is strongly recommended that you comply with the relevant standards, for all instances of requests for users to authenticate themselves in a web site that are not utilising either the Government Logon Service (GLS) and/or the Identity Verification Service (IVS).

Refer to e-Government Standards for authentication http://www.e.govt.nz/standards/e-gif/authentication/

Guide to this recommendation

This recommendation is only where either the Government Logon Service (GLS) and/or the Identity Verification Service (IVS) are not being used for authentication purposes. Any instances where one or both of these services are utilised for authentication, the agency must comply with the standards of these services as mandated in standard 20.1 - Requesting users to authenticate themselves.

Rationale for this recommendation

When two-way transactions are taking place on NZ government agency web sites, agencies need to be confident of the identity of those with whom they are transacting, and the users of these services need to be confident that any pseudonymous details they submit about themselves are secure.

The NZ government recognises the importance and significance of identity and security, and does not wish to compromise in this area.