Overview of the Identification Standards
The New Zealand Identification Standards work together to provide assurance that an organisation has the right information about the right entities, helping minimise the risk of identity fraud.
Who these standards are for
These standards are intended for use by public and private sector organisations and individuals who:
- enrol Entities as a Relying Party
- issue Credentials as a Credential Provider
- facilitate the presentation of Credentials as a Facilitation Provider.
These standards are technical and require an understanding of identification concepts, assurance practices and related technologies.
If you’re new to this area, develop your skills and capability through the guidance and training options available under Identification management.
Read the detailed description of diagram
This diagram depicts the roles, artefacts, relationships and processes that ensures there are controls for parties that provide credentials on which others rely.
Roles
- Entity: An example of an Entity is a person. An Entity enrols with a Credential Provider to get 1 or more Credentials.
- Credential Provider(s): A Credential Provider is a party that provides an Entity with 1 or more Credentials that meet appropriate identification requirements.
- Relying Party: A Relying Party provides a service to an Entity and may need Credentials to establish certain information that will enable the provision of that service.
- Facilitation Provider: A Facilitation Provider is a party that facilitates the presentation of 1 or more Credentials to a Relying Party.
Artefacts
- Credentials: A Credential contains information and an Authenticator that has been bound to an Entity.
Processes
- Enrolment: When an Entity enrols with a Relying Party to get a service.
- Credential Enrolment: A specific instance of Enrolment when an Entity enrols with a Credential Provider to get 1 or more Credentials.
- Establish Credential(s): When a Credential Provider establishes 1 or more Credentials for an Entity.
- Facilitation Provider: A Facilitation Provider is a party that facilitates the presentation of 1 or more Credentials to a Relying Party.
- Holds Credential(s): When an Entity is bound by an Authenticator to 1 or more Credentials.
- Credential Presentation: When a Credential held by an Entity is presented to a Relying Party as evidence. This may be done directly or facilitated by a Facilitation Provider.
Enrolling Entities as a Relying Party
Organisations or individuals collect, store and maintain information about an Entity to carry out activities such as providing entitlements, care, services, employment, and education.
This includes issuing or utilising authenticators — such as a swipe cards, pin numbers or passwords — to recognise the Entity when they return in the future.
Within identification management, the organisation or individual accountable for this is called a Relying Party.
Table 1 describes the 3 standards applicable to Relying Parties and the aspect of identification they relate to.
| Standard | Description |
|---|---|
| Information Assurance | The process to establish the quality and accuracy of Entity Information. |
| Binding Assurance | The process to bind the Entity to their Entity Information. |
| Authentication Assurance | The process to ensure an Authenticator remains solely in control of its holder. |
Issuing Credentials as a Credential Provider
When a Relying Party issues Credentials, they become a Credential Provider. Credentials, such as documents, licences and authenticators, are used in identification processes across multiple contexts.
In addition to the standards in Table 1, Table 2 describes an additional standard for Credential Providers.
| Standard | Description |
|---|---|
| Credential Service | Additional steps undertaken to maintain the integrity, security and privacy of a credential used in many contexts |
Presenting Credentials as a Facilitation Provider
Traditionally, physical Credentials such as documents and cards are presented to Relying Parties by the holder of the Credential. However, with the rise of digital credentials an intermediary service is needed to facilitate the presentation.
These facilitation mechanisms can be in the form of hubs, exchanges or digital wallets.
The providers of these facilitation mechanisms are called Facilitation Providers and could include the Credential Provider providing this service themselves.
Table 3 describes the standards for Facilitation Providers.
| Standard | Description |
|---|---|
| Facilitation Service | The actions to be undertaken to maintain the integrity, security and privacy of a credential during presentation. |
| Authentication Assurance | The process to ensure an Authenticator remains solely in control of its holder. |
Design principles for the standards
The Identification Standards have been developed using the following overarching principles.
- Risk-based — balancing the effort put into processes with the risks posed by the service of the product being delivered to the incorrect person.
- Objective-based controls — objectives represent threats and the controls are the mitigations for those threats. Grouping them this way ensures that the overarching intent of each control is known and enables multiple and evolving ways to meet them.
- Channel and technology neutral — creating an environment where rules can be applied at a consistent level across delivery channels where environments and technologies change rapidly.
- Privacy centric — supporting minimal data collection and consent-based information sharing.
- No National ID — supports New Zealanders’ position regarding National ID.
Updating the standards
The Government Digital Delivery Agency (GDDA) is responsible for the New Zealand Identification Standards and continuously monitors developments in the field in order to identify business risks and improved practices.
If significant changes are identified, research may be undertaken, additional controls identified, and implementation timeframes specified.
Less significant changes and improvements may be addressed in updated guidance.
We welcome suggestions for how to improve these standards and guidance. Email your suggestions to idmstandards@gdda.govt.nz.
