September 8, 2016 -
The Digital Transformation Office (DTO) has unveiled plans for a national identity system, signalling the growing importance of identity in Australia’s cybersecurity debate, according to a report by ComputerWeekly.com.
Speaking last month at ForgeRock’s Identity Summit 2016 in Sydney, DTO head of identity Rachel Dixon said the verification framework approved by the Commonwealth identity service requires “well anchored” biometrics to help support it.
Dixon said the biometric verification framework could be a tough sell, stating that “people don’t want a national identity – they just want to get stuff done.”
Australia hasn’t had a lot of success with government identity systems in the past, following the disappointment of the proposed Australia Card.
Despite the new identity management platform being an optional service, Australian Privacy Foundation vice chair Kat Lane said that a comprehensive public consultation was necessary or the government could have potentially faced a public backlash.
“People freak out a little at the idea of the government knowing anything,” said Lane. “One of the interesting things to me was the degree to which people would seize on every little thing in a blog post and say, ‘That’s Orwellian, you can’t do that’. We’re not trying to be Orwellian, we are trying to be completely privacy respecting.”
DTO will soon unveil more details about Australia’s identity access management framework. Dixon said that the framework will be based on open standards and will initially be offered to federal and state governments, as well as banks.
She added that there would be well-defined standards regarding the use of the system, and participants in the identity federation would have to endure regular audits.
“We want to make sure identity providers in the ecosystem are audited annually so there is absolute trust that this identity player is playing by the same rules as this identity provider and the standard of proofing is consistent,” Dixon said.
Additionally, the DTO will develop an application programming interface (API) and software development kit (SDK) to support smaller agencies looking to use the identity platform.
The DTO is expected to soon approach a few organizations to respond to a request for proposal, with plans for a public beta test of the unnamed service set for July 2017.