Building a clear digital identity
Mark Perry: There are still a lot of unknowns in Australia's digital ID program
The Commonwealth’s Digital Transformation Agency has been given the job of creating a digital identity framework for Australia. This Trusted Digital Identity Framework (TDIF) has several factors that will define its success, according to the DTA.
This includes the ability to simply and securely establish a digital identity through a provider of choice, as well as the ability to reuse that identity to transact across all levels of government as well as the private sector, with privacy assured.
The questions that remain to be answered about the TDIF are how well the program is being conducted, and what the TDIF will look like when it is eventually released to the public.
Ping Identity regional director Geoff Andrews says that while there is still work to be done on the TDIF, Australia has a solid foundation in comparison to other like-nations when it comes to the formulation and establishment of digital identity.
“There is still the opportunity to solidify an overarching vision of what getting digital identity right is going to mean in Australia,” he said.
Ping’s Asia-Pacific chief technology officer Mark Perry agrees that the groundwork has been put in, and that everything in terms of standards has been well-defined.
“Some of the major issues for digital identity at a government level are having a value proposition for citizens, and making the process of establishing and using a digital identity as frictionless and easy as possible, while enabling privacy,” Mr Perry said.
He said that where digital identity has had limited success in the past, such as with MyGov, there have been issues with identity processes not being well developed. It’s for this reason that identity federation and consent are such major issues when it comes to the establishment of the TDIF.
In terms of federation, said Mr Perry, existing digital identity services such as Service NSW could also be used to authenticate into the Australian government identity service.
However, consumers may not wish to use a state-based identity service, which is why it’s important for the DTA and the TDIF to look at other providers that also have a high level of identity verification.
Organisations such as Australia Post and the banks, as well as telcos, energy companies and other utilities could potentially federate into the national system as Identity Service Providers, and allow people to use the identities they have established with those providers.
“The key is not forcing people to use one identity,” said Mr Perry. “Instead, they should be able to compartmentalise online interactions using the identity they want to use to interact with government services.”
Geoff Andrews said that a successfully federated system needs to be open, modular and standards-based. Lack of an agreed set of standards will invite failure of adoption. “Imagine if standards were not followed in, for example, the electricity network; it’d be completely unworkable.”
“We don’t know today what pieces of information will be useful in the future for delivery of a certain service,” Mr Andrews said. “With a good federated system, the framework becomes more efficient.”
However, the idea of identity federation between government entities is still in its early stages, he said, adding that we are already seeing it happen between major corporations such as telcos and banks, and that Australia Post has played a major role in identity verification. “Federation is happening, but it’s happening in pockets,” he said.
The other issue that is critical is the notion of consent, said Andrews. He noted that there is nuance to consent, and that it needs to be informed. Citizens are often confused about what is happening with their data in terms of who has it, and how it is being used.
“With that confusion can come blanket resistance, or blanket acquiescence,” he said, and added that mechanisms for consent still have a long way to go today before they are ready for mass consumption.
Mr Perry said that a lot of the work around open banking and the consumer data right will inform consent as the TDIF model develops. It’s also vital to look at what’s being done overseas in terms of the GDPR and other consumer rights, and how they can inform an Australian model of consent.
The final element that needs to be addressed is consumer education. “There’s no silver bullet,” said Mr Perry. “We need to do a lot of work on the flows that link different types of accounts.
“We need to make digital identity simple in terms of things like account recovery, and to make it easy for citizens to work with services that they don’t use often,” he said.
Ping Identity has partnered with InnovationAus.com to present the Civic Nation 2018 forum in Sydney on September 27 and will lead the National Identity and Cyber Security policy strategy session. You can reserve your seat for the Civic Nation plenary sessions here.