Application of this standard

This standard applies to individuals, organisations or groups that create mechanisms that facilitate the presentation of 1or more Credentials. This includes where a Credential Provider takes an active part in facilitating the presentation of their own Credential/s.

The role used in this standard is Facilitation Provider (FP). The FP is accountable for controls stated in this standard, even if they have employed or contracted aspects to other parties.

Application of the controls in this standard will contribute to the reduction of identity theft, entitlement fraud, misrepresentation of abilities and the impacts that result.

The scope of the requirements in this standard is explicitly related to the identification aspects of facilitation mechanisms. It does not include controls for security or other implementation matters.

For more information on the interpretation of each control and how it can be applied, see the related implementation guide.

Implementing the Federation Assurance Standard

Effective date and versions

This standard is effective from 1 May 2026 and replaces Parts 2 and 3 of the Federation Assurance Standard.

Version 1 (current version) — separation from the requirements for Credential Providers.

Historic versions of the Identification Standards — Department of Internal Affairs

Before applying this standard

Facilitation

Facilitation involves the establishment and use of a mechanism that can facilitate the presentation of 1 or more Credentials (fully or partially) in response to a request from a Relying Party.

These mechanisms include exchanges, hubs (for example RealMe®) and digital wallets.

A mechanism ‘holder’ refers to the individual Entity with whom the mechanism was first established— the rightful holder.

A Facilitation Provider refers to the party accountable for the establishment and operation of a facilitation mechanism.

Document structure

This standard divides requirements into 2 parts:

• Part 1 — Requirements for Facilitation Providers establishing facilitation mechanisms
• Part 2 — Requirements for the presentation of Credentials by Facilitation Providers.

Part 1 — Requirements for Facilitation Providers establishing facilitation mechanisms

The requirements in this section apply to the establishment of facilitation mechanisms. Establishment of a mechanism includes confirming the relationship between the Entity and their Credentials and any new Authenticators associated with the mechanism.

The numbering for these objectives and controls follow on from the Credential Service Standard as they are a component part any digital Credential.

Use of a facilitation mechanism to present 1 or more Credentials is covered in Part 2 — Requirements for presentation of Credentials by Facilitation Providers.

Objective 6 — Facilitation mechanism risk is understood

Rationale

For holders to trust facilitation mechanisms, they need to be sure that when they use a facilitation mechanism to present their Credentials, it is being adequately protected from unauthorised access and use. This is especially so when multiple Credentials can be linked through a single facilitation mechanism.

As increasing numbers of Credentials can be linked, care needs to be taken with the accumulation of information. This includes the attributes that are accessible by the facilitation mechanism regardless of any limitation made during presentation.

Facilitation Providers may also need to achieve specific levels of assurance determined by contracts and/or legislation.

FA6.01 Control

The FP MUST carry out an assessment of the risk posed by the facilitation mechanism before offering it.

Additional information — While any risk assessment process can be used, specific guidance is available on assessing identification risk.

FA6.02 Control

The FP MUST evaluate the risk of all information available to a holder, viewing or managing their facilitation mechanism, and apply a corresponding level of assurance for authentication that complies with the latest version of the Authentication Assurance Standard.

Objective 7 — Binding assurance is maintained

Rationale

For Relying Parties and holders to trust a Facilitation Provider and their mechanisms, there needs to be certainty that there has not been a reduction in the binding assurance levels of the individual Credentials when they are connected. Certain conditions need to be met when Credential(s) are connected by a facilitation mechanism.

FA7.01 Control

The FP MUST provide 1 or more Authenticators for the facilitation mechanism.

Additional information — If a Credential Provider is facilitating presentation of their own Credential, this can be the same Authenticator as is used for that Credential.

FA7.02 Control

The FP MUST ensure the Authenticator has an equivalent level of assurance to the Authenticators of the Credentials being connected to it, using identification processes that conform with the latest versions of the following standard:

Authentication Assurance Standard

Additional information — If a Credential Provider is facilitating presentation of their own Credential, this can be the same Authenticator as is used for that Credential.

FA7.03 Control

The FP MUST ensure that the Entity proves control of the Authenticator for any given Credential before it is connected to a facilitation mechanism.

Objective 8 — Facilitation mechanism is privacy-preserving

Rationale

A holder using a facilitation mechanism potentially enables the building of profiles and tracking of the holder’s transactions. The availability of such data makes it vulnerable to uses that may not be anticipated or desired by the holder and could inhibit adoption of federated services.

Where a facilitation mechanism is used to connect multiple Credentials there is an increased potential to expose Entities to privacy risks arising from the expanded volume of available attributes.

FA8.01 Control

The FP MUST ensure the holder has given permission to make each Credential available to the facilitation mechanism.

FA8.02 Control

The FP MUST enable the holder to select which Credential subject information is added to the facilitation mechanism, where the Credential Provider allows for partial Credentials.

FA8.03 Control

The FP MUST inform the holder of any correlation or analysis of the use of their facilitation mechanism or the Credentials connected to it, undertaken for the purposes of detecting fraud or misuse.

FA8.04 Control

The FP MUST, except for the purpose given in FA8.03, only correlate or analyse a holder’s use of their facilitation mechanism or the Credentials connected to it, with the permission of the holder.

Additional information — It is expected that Facilitation Providers will at a minimum correlate or analyse this information for the purposes of detecting fraud or misuse. However, any other services offered to Entities or Relying Parties that also involve the use of this information, require the knowledge and choice of the holder.

Objective 9 — Facilitation mechanism is maintained

Rationale

Once a facilitation mechanism is established there are several activities that maintain its relevance and integrity.

FA9.01 Control

The FP MUST provide the means for the holder to add or remove any partial or full Credentials from a facilitation mechanism.

FA9.02 Control

The FP MUST provide the means for the holder to cancel a facilitation mechanism.

FA9.03 Control

The FP MUST provide the means for the holder to report the loss or compromise of a facilitation mechanism and receive support.

FA9.04 Control

The FP MUST provide the means for addressing holder complaints or problems arising from facilitation mechanism establishment and maintenance.

FA9.05 Control

The FP MUST log all activity within the system, including but not limited to:

• who did the action
• when the action occurred
• what the action was — gave permission, created, read, updated or deleted
• what was changed by the action — before and after.

FA9.06 Control

The FP MUST support additional confidence in the integrity of the facilitation mechanism by taking preventative measures including but not limited to:

• auditing logs
• monitoring activities for adverse behaviours
• undertaking counter fraud measures.

Additional information — Refer to guidance on counter fraud measures.

Counter fraud techniques

FA9.07 Control

The FP MUST provide notifications to the holder that allow them to self-detect potential compromise, including but not limited to:

• the last time the holder accessed their facilitation mechanism (where applicable)
• any change made to the holder’s facilitation mechanism.

Additional information — If the change is to contact information, notification needs to be sent to the contact information prior to the change or to an alternative contact.

Part 2 — Requirements for the presentation of Credentials by Facilitation Providers

The requirements in this section apply to the facilitated presentation of 1 or more Credentials or parts of Credentials to a Relying Party. This includes CPs who are facilitating the presentation of their own Credential(s).

Objective 10 — Presentations are consistent and recognised

Rationale

For Relying Parties to trust the integrity of information from Credentials they need to know they have been established and presented in a consistent and recognised way.

This includes knowing the Credentials are genuine and the levels of assurance they provide.

FA10.01 Control

The FP MUST make level(s) of assurance for the Credential subject information available to the Relying Party.

Additional information — Level of assurance is an expression representing the assurance level achieved by each of the 3 elements — information, binding and authentication. There can be a separate expression for each attribute in the Credential subject information.

FA10.02 Control

The FP MUST declare the lowest assurance level, where the presentation is not able to express individual levels of assurance.

FA10.03 Control

The FP MUST make the following additional Presentation information available to a Relying Party, where the presentation allows:

• Transaction identifier: A unique identifier for the presentation
• Issuance: A timestamp indicating when the Credential was established (updated)
• Expiration: A timestamp indicating when the Credential is expected to expire
• Credential validity: Information and/or mechanisms for determining the validity of Credentials, including if they have been revoked.
• Audience identifier: An identifier for the Relying Party that requested the presentation.

Additional information — Some Presentation information applies to the whole presentation, some to each value in the presentation.

Objective 11 — Presentations are privacy-preserving

Rationale

The presentation of Credential(s) should not expose any holder to a reduction in privacy. Active application of privacy principles such as data minimisation and providing permission contribute to good identification management practice and reduce identity theft and its impacts.

FA11.01 Control

The FP MUST ensure the holder has given permission to make Credential subject information available to the Relying Party.

FA11.02 Control

The FP MUST enable the holder to remove Credential subject information from the presentation, where the facilitation mechanism allows.

FA11.03 Control

The FP MUST only make available the Credential subject information that has been requested by the Relying Party.

Additional information — The Relying Party can request derived, inferred or estimated values from the Credential subject information, in which case the Credential Provider does not make available the full value.

FA11.04 Control

The FP SHOULD NOT make available Credential subject information to a Relying Party that cannot provide a purpose for collecting it.

FA11.05 Control

The FP MUST only release Presentation information and Facilitation information that are applicable to the Credential subject information the holder has given permission to be made available.

FA11.06 Control

The FP MUST reduce the ability for Relying Parties to correlate holders by not making available the same persistent identifiers in Credential subject information, Presentation information or Facilitation information, to multiple Relying Parties, except where allowed for by law.

Additional information — Providing each Relying Party with different identifiers for the holder prevents correlation between Relying Parties but will still allow a single Relying Party to track the activity of 1 holder within its context.

FA11.07 Control

The FP MUST, in response to a request for an anonymous presentation by a Relying Party, preserve the anonymity of the holder by not making available any persistent identifiers.

FA11.08 Control

The FP MUST take measures to ensure the information made available is not observed or disclosed to an unauthorised entity during presentation.

Objective 12 — Presentation content is unaltered

Rationale

Once a Credential holder has given permission for the Credential subject information to be made available to a Relying Party, they both need to be able to trust that the same information is received by the Relying Party.

FA12.01 Control

The FP MUST take measures to ensure the information made available during presentation is not altered.

FA12.02 Control

The FP MUST establish secure communication channels between all parties, where more than 1 party is required to complete a process.

Additional information — This refers only to where multiple parties are delivering the presentation of Credentials, not to the Entity or the Relying Party.

Objective 13 — Presentation can be investigated

Rationale

An important element of trust in any identification process is the ability for an Entity or Relying Party to question a process or presentation. While various controls allow for anonymity, pseudonymity and blinding of various parties in the Credential presentation process, none of these should prevent the investigation of a suspicious transaction.

FA13.01 Control

The FP MUST make available contact information to holders and Relying Parties, for the purposes of initiating a query about the presentation.

FA13.02 Control

The FP MUST collect the following information, where the presentation allows:

• Transaction identifier: A unique identifier for the presentation event
• Timestamp: A timestamp of when the presentation occurred
• Holder identifier: An identifier for the Entity that the presentation is about
• Audience identifier: An identifier for the Relying Party intended to receive the presentation
• Credential subject information: Values and references that describe the Credential subject information that was presented
• Credential Provider identifier: An identifier for the member of a multi-party Credential Provider who is the accountable party
• Presentation Information: Information about the integrity mechanisms used
• Facilitation information: Values and references that describe the facilitation information that was exchanged.

Contact

Government Digital Delivery Agency (GDDA)
Email: idmstandards@gdda.govt.nz