North curl curl beach headland by Dassana Wijesekara

Deciphering Australian Digital ID Bill 2024

Dassana Wijesekara
4 min readMay 21, 2024

--

The Digital ID Bill together with Digital ID Bill (Transitional and Consequential Provisions) Bill 2024 has now passed the House of Representatives on 16th March 2024.

As Australians increasingly transact online, our identities are vulnerable in new ways. Recent cyber incidents have highlighted the need for a secure, voluntary, convenient and inclusive way to verify our ID online, and to re-use our Digital ID to access other services we have confidence and trust in.

The legislation strengthens a voluntary accreditation scheme for providers of Digital ID services, building on the existing Trusted Digital Identity Framework. Legislation is required to provide strong privacy safeguards for people creating and using Digital IDs from accredited providers. These build upon the protections in the Privacy Act 1988 (Cth) with penalties for accredited providers if they fail to protect privacy and security as their accreditation requires.

Australians who use these accredited service providers to create and re-use a Digital ID can have confidence knowing that their personal information is private, safe and secure. Legislation is required to enable phased expansion of the Australian Government Digital ID System (AGDIS) as shown below.

Through this system Australians can currently use the Australian Government’s accredited Digital ID provider, myGovID, to access more than 140 Commonwealth, state and territory government services. While many Australians are benefitting from these government services, the phased expansion will enable more Australians to create and use their Digital ID to verify who they are and provide access to additional state and territory and private sector services. Legislation will provide Australians with greater choice in which accredited state and territory Digital ID providers they use to access Commonwealth services, and vice versa.

The Trusted Digital Identity Framework (TDIF)

The Trusted Digital Identity Framework (TDIF) is an accreditation framework for digital ID services. It sets out the requirements that applicants need to meet to achieve accreditation.

The accreditation framework and process ensures all identity providers meet strict rules and standards for usability, accessibility, privacy protection, security, risk management, fraud control and more.

Building on the existing TDIF, a Digital ID Bill and draft Accreditation Rules have been developed to detail the requirements for Digital ID service providers to become accredited and maintain their accreditation if Digital ID legislation passes parliament. Folowing roles are being accredited in to the TDIF.

Identity providers

Identity providers help you set up and manage your Digital ID so you can prove who you are online. Using a secure Digital ID with a trusted identity provider helps keep your information safe and helps services have confidence that they’re interacting with the right person.

Identity providers can apply to be accredited at various identity proofing levels.

Identity exchanges

An identity exchange acts like a switchboard, transferring information, with your consent, between relying parties, identity providers and attribute service providers, in a way which is secure and respects your privacy.

Attribute providers

Attributes are additional information about you such as entitlements or characteristics of an individual (for example, that you have a particular qualification). Attribute providers generate and manage attributes and claims about an individual, business or organisation that are provided to relying services.

Credential providers

A credential is a password or other forms of authentication. Credential providers can generate, bind and distribute credentials to individuals or can bind and manage credentials generated by individuals. The robustness of this confidence is described by a credential level (CL) categorisation.

The Australian Government’s Digital ID system is delivered by a number of organisations who work together to provide a safe, secure and convenient way to prove who you are online.

The system is delivered by Services Australia, the Australian Taxation Office, Attorney General’s Department and the Department of Finance and is used by many government services to verify their users.

References

  1. Digital ID bill passes in parliament — Department of Finance
  2. Digital ID bill
  3. Digital ID Service Provider Accreditation

--

--

Dassana Wijesekara

Technology evangelist, enterprise software architect many years spent designing world class mission critical software. Pilot, artist, musician and photographer.