NZ govt settles authentication standards

State Services Minister Annette King and Internal Affairs Minister Rick Barker will launch the standards in Wellington tonight. They are designed to provide uniform experience and secure transactions with government agencies.

The standards are designed to support the establishment and on-going confirmation of identity. Agencies are tasked to apply a risk management approach to developing their online authentication systems, firstly by determining the level risk for each service they provide. This risk level will in turn determine the level of confidence needed to establish an individual's identity and the appropriate business process, technology and data standards for on-going identity verification.

High-risk transactions require at least a hardware-based two-factor authentication key or token requiring local activation for each session through a password or biometric technology.

The standards release is part of a drive by the government to move beyond one-way provision of information via the internet to, by a target date of 2010, delivering two-way transactions. It is expected that this will also cut the cost of service delivery.

The documents released today cover standards for the establishment of identity, authentication key strengths, data formats, password and messaging standards. They apply only to services that deal with information graded unclassified, in-confidence or sensitive and not to high-security information.

They are designed to support agency-specific services as well as all-of-government authentication systems such as the Government Log-on Service and the Identity Verification Service.

A draft of the standards was released last December and submissions on it closed in February.