20. Authentication

20.1 Requesting users to authenticate themselves

All instances of requests for users to authenticate themselves in a web site utilising either the Government Logon Service (GLS) and/or the Identity Verification Service (IVS) must comply with the standards for these services, as set by the All-of-government Authentication Programme unit of the SSC.

Refer to http://www.e.govt.nz/standards/e-gif/authentication/ for these standards.

Guide to this standard

Refer to e-Govt Standards for authentication http://www.e.govt.nz/standards/e-gif/authentication/

Rationale for this standard

When two-way transactions are taking place on NZ government agency web sites, agencies need to be confident of the identity of those with whom they are transacting, and the users of these services need to be confident that any pseudonymous details they submit about themselves are secure.

The NZ government recognises the importance and significance of identity and security, and does not wish to compromise in this area.