Forgot your password?
New user?
Document Actions
Identity and Authentication Case Study - New Zealand
In June 2006, the government of New Zealand issued an Evidence of Identity Standard. The standard provides guidance for government agencies about the required process for initial establishment of an individual's identity.
The process applies to government services where confidence in the individual’s identity is required because of the types of risk contained within those services.
New Zealand’s policy starts with a sound premise: Many online services delivered by government agencies are anonymous and require no evidence of identity (such as when someone downloads a form from an agency's website). Other online services have low levels of identity-related risk, so users can be authenticated using minimal levels of evidence of identity requirements and a username and password for ongoing confirmation of identity. PKI-based authentication is desirable only for a smaller class of services.
The June 2006 standard sets out a detailed framework for assessing the type of authentication needed in a particular application, up to and including PKI. Further context is found in the government’s “Best Practice Framework for Authentication" (2004).
A corollary to digital signatures has been the introduction of digital identity cards, which can also serve as online authentication devices. See Sweden’s Electronic ID site. However, even digital identification methods are subject to risks of theft, loss, and misrepresentation, and they raise serious privacy issues. A balanced approach to on-line identity should account for security and privacy.
<<Previous: E-Documents and E-Signatures
The process applies to government services where confidence in the individual’s identity is required because of the types of risk contained within those services.
New Zealand’s policy starts with a sound premise: Many online services delivered by government agencies are anonymous and require no evidence of identity (such as when someone downloads a form from an agency's website). Other online services have low levels of identity-related risk, so users can be authenticated using minimal levels of evidence of identity requirements and a username and password for ongoing confirmation of identity. PKI-based authentication is desirable only for a smaller class of services.
The June 2006 standard sets out a detailed framework for assessing the type of authentication needed in a particular application, up to and including PKI. Further context is found in the government’s “Best Practice Framework for Authentication" (2004).
A corollary to digital signatures has been the introduction of digital identity cards, which can also serve as online authentication devices. See Sweden’s Electronic ID site. However, even digital identification methods are subject to risks of theft, loss, and misrepresentation, and they raise serious privacy issues. A balanced approach to on-line identity should account for security and privacy.
<<Previous: E-Documents and E-Signatures