​We’re from the government. Who are you?

We all suffer multiple personality disorder. Visiting a bank or government agency, or even logging on to social media requires that you identify yourself using some sort of credential.

Rachel Dixon is the Head of Identity for the Digital Transformation Office – an executive agency that was established in 2015 and forms part of the Prime Ministers ministerial portfolio. She spoke at the recent technology in Government conference held at Canberra’s National Convention Centre.

Dixon’s remit sounds simple – create a single identity that people can use to access government services through the MyGov portal. This has led Dixon and her team through a process to develop the Trusted Digital Identity Framework (TDIF). This is a product to verify the identity of consumers to a level that’s sufficient for them to access government services.

The vision is to create a genuinely whole of government digital identity solution based on extensible, open standards.

DTO is working with a wide range of public and private sector stakeholders to develop a broader framework for trusted digital identities. There’s a three step processes DTO is undertaking.

“The genesis of this project is the government is complicated to deal with and there’s a realisation that people in the community want to do more online,” says Dixon. The impetus for looking at a federated identity model stemmed from the Financial Services Industry report that was released in 2014 and led by David Murray AO.

“The issue is that people don’t want a digital identity,” says Dixon. “People just want to get stuff done. The only want a digital identity in the context of trying to achieve something. Which means that depending on the task you might be prepared to wear a certain amount of pain to prove who you are.”

Doing this for the whole of government is, of course, a challenge. Dixon notes that while there are many services which are “whole of government” many have quite limited contexts. In many cases, it might be about a specific function that perhaps only a handful of agencies actually share. That’s not whole of government she says.

“Whole of government means business. It means government agencies. It means individuals. It means people who are authorized to do various things. It means a platform that all of government can use.”

This meant the approach Dixon and her team took had to be different to other projects because the cost of onboarding needed to not be a disincentive to smaller agencies. Dixon observed that many initiatives were championed by larger agencies but missed on bringing smaller entities along because of costs.

“We’re trying to be as consultative as we possibly can,” says Dixon.

Work started with a Discovery process and was followed by the release of an Alpha version of the TDIF. Dixon says all of the code written in developing the Alpha will be thrown out as it was intended to demonstrate capability rather than represent a specific mode of software development.

Later this month, on 29 August 2016, Dixon will be showing off the TDIF at a roadshow event. The plan is to then release the TDIF in a public beta in July 2017. All the source code and documentation for the project – other than that which is commercial in confidence – will be released into the public domain through GitHub.

Her team is conducting research right across the country and talking with agencies, private companies and individuals. The project is also looking to leverage existing state-based identification systems so people who have already established an identity with their state government can be easily verified for a national digital identity. Similarly, they are looking for ways for a federal identity to also be used for state-level services and for it to be portable so when someone moves from one state to another they don’t need to re-establish their identity.

Importantly, Dixon says the platform she is building “is only about identity- it has nothing to do with transactions. It’s about what make you different to someone else. How do I know you are you?”.

As more and more services are offered online, the issue of having a secure online identity becomes more important. This is why Dixon’s team has spent considerable effort conducting research, to understand what people actually do when they are online and access services. In particular, Dixon notes that while many people say password security is important, their actions don’t always reflect this.

“We try to design things based on what people do, not what they say they will do”.

The system will be based on a federation hub that will connect the Commonwealth identity provider, state services, federal services and other identity providers. The hub will be built using standards that mean the onboarding of new agencies won’t rely on coding changes.

Join the CSO newsletter!

Error: Please check your email address.

Tags credentialsSnapSendSolve@techingovauTechnology In GovernmentSeeClickFixcyber security#techingovauAnthony CaruanaTech in GovAnthony CaruanaAuthorisationopen datacanberraopen governmentgovernmentTechinGovAUCSO AustraliaOutware Mobileidentity management

More about Alpha

Show Comments

Featured Whitepapers

Editor's Recommendations

Solution Centres

Stories by Anthony Caruana

Latest Videos

  • 150x50

    CSO Webinar: The Human Factor - Your people are your biggest security weakness

    ​Speakers: David Lacey, Researcher and former CISO Royal Mail David Turner - Global Risk Management Expert Mark Guntrip - Group Manager, Email Protection, Proofpoint

    Play Video

  • 150x50

    CSO Webinar: Current ransomware defences are failing – but machine learning can drive a more proactive solution

    Speakers • Ty Miller, Director, Threat Intelligence • Mark Gregory, Leader, Network Engineering Research Group, RMIT • Jeff Lanza, Retired FBI Agent (USA) • Andy Solterbeck, VP Asia Pacific, Cylance • David Braue, CSO MC/Moderator What to expect: ​Hear from industry experts on the local and global ransomware threat landscape. Explore a new approach to dealing with ransomware using machine-learning techniques and by thinking about the problem in a fundamentally different way. Apply techniques for gathering insight into ransomware behaviour and find out what elements must go into a truly effective ransomware defence. Get a first-hand look at how ransomware actually works in practice, and how machine-learning techniques can pick up on its activities long before your employees do.

    Play Video

  • 150x50

    CSO Webinar: Get real about metadata to avoid a false sense of security

    Speakers: • Anthony Caruana – CSO MC and moderator • Ian Farquhar, Worldwide Virtual Security Team Lead, Gigamon • John Lindsay, Former CTO, iiNet • Skeeve Stevens, Futurist, Future Sumo • David Vaile - Vice chair of APF, Co-Convenor of the Cyberspace Law And Policy Community, UNSW Law Faculty This webinar covers: - A 101 on metadata - what it is and how to use it - Insight into a typical attack, what happens and what we would find when looking into the metadata - How to collect metadata, use this to detect attacks and get greater insight into how you can use this to protect your organisation - Learn how much raw data and metadata to retain and how long for - Get a reality check on how you're using your metadata and if this is enough to secure your organisation

    Play Video

  • 150x50

    CSO Webinar: How banking trojans work and how you can stop them

    CSO Webinar: How banking trojans work and how you can stop them Featuring: • John Baird, Director of Global Technology Production, Deutsche Bank • Samantha Macleod, GM Cyber Security, ME Bank • Sherrod DeGrippo, Director of Emerging Threats, Proofpoint (USA)

    Play Video

  • 150x50

    IDG Live Webinar:The right collaboration strategy will help your business take flight

    Speakers - Mike Harris, Engineering Services Manager, Jetstar - Christopher Johnson, IT Director APAC, 20th Century Fox - Brent Maxwell, Director of Information Systems, THE ICONIC - IDG MC/Moderator Anthony Caruana

    Play Video

More videos

Blog Posts