After a long process of research and
consultation that began in 2004, the New Zealand government today
released its authentication standards for e-government.
State Services Minister Annette King and Internal Affairs Minister Rick Barker will launch the standards in Wellington tonight. They are designed to provide uniform experience and secure transactions with government agencies.
The standards are designed to support the establishment and
on-going confirmation of identity. Agencies are tasked to apply a
risk management approach to developing their online
authentication systems, firstly by determining the level risk for
each service they provide. This risk level will in turn determine
the level of confidence needed to establish an individual's
identity and the appropriate business process, technology and
data standards for on-going identity verification.
High-risk transactions require at least a hardware-based
two-factor authentication key or token requiring local activation
for each session through a password or biometric technology.
The standards release is part of a drive by the government to
move beyond one-way provision of information via the internet to,
by a target date of 2010, delivering two-way transactions. It is
expected that this will also cut the cost of service
The documents released today cover standards for the
establishment of identity, authentication key strengths, data
formats, password and messaging standards. They apply only to
services that deal with information graded unclassified,
in-confidence or sensitive and not to high-security
They are designed to support agency-specific services as well
as all-of-government authentication systems such as the
Government Log-on Service and the Identity Verification
A draft of the standards was released last December and
submissions on it closed in February.