The Digital Transformation Agency is yet to decide which agency will be entrusted as the federal government’s sole identity provider for the whole-of-gov Govpass digital identity platform even as testing of the new verifier begins.
The decision to select a single identity provider at the federal level was revealed earlier this year, despite criticism from stakeholders who viewed the centralised model as reminiscent of the failed Australia Card proposal.
One of the reasons the DTA gave for this in Govpass' initial privacy impact assessment was that it would allow security efforts to be focused in “one place instead of having to fund separate teams maintaining multiple instances”.
The single provider of identity for government would be responsible for new digital identitiers as well as existing ones that would be migrated across from other services.
It would use the identity exchange technology built by the DTA, dubbed the ‘Exchange Hub’, to allow other agencies to verify details about a citizen’s identity without accumulating personal data.
However, while the agency has not altered its approach in the intervening months, a spokesperson told iTnews no decision had yet been made on who would become the government’s single identity provider.
But it has whittled the choice down to the ATO and DHS – who both already provide whole-of-government identity services – as well as the Attorney-General’s Department and Department of Industry, Innovation and Science, which the agency says it is working closely with on the “next steps” of the digital identity platform.
The ATO has already begun testing Govpass on its new online tax file number application service – a process that is currently only possible by visiting an Australia Post or Centrelink shopfront or by posting documents to the ATO, and takes around 40 days to complete.
The digital identity is also understood to be under testing with a small number of other services, but the DTA spokesperson would not provide detail. The agency will use the private beta phase to add new features and functionality to the platform, while fixing any issues and integrating it with other services.
Several state government agencies and private sector entities are also expected to add to Govpass, and Australia Post has indicated it will seek accreditation to be the first identity provider outside of the Commonwealth, the DTA spokesperson revealed.
AusPost partnered with the DTA in May to tack its Digital ID identification verification service onto GovPass.
How Govpass will work?
A first look at how citizens will apply for the optional digital identity was outlined in a DTA video last week, which showcased the front-end of what will replace the more than 30 separate logins currently used to access federal government digital services.
"I would like to see a point where we can do away with all those usernames and passwords, that need to continue to be updated, when you login to a service,” digital transformation minister Angus Taylor said.
Govpass will require citizens to provide either a birth certificate, passport or drivers licence and a Medicare card - or the same documentation required for a 100 point identity check - in addition to completing a two-factor authentication process to confirm their identity.
The personal documents are verified in real time with the department that has responsibility for the credential - such as the Department of Human Services for Medicare cards and the Department of Foreign Affairs and Trade for passports - using the document verification service.
Govpass will also be capable of accessing the camera on a user’s device to confirm the image against a passport or drivers licence using the one-to-one image matching service known as the face verification service (FVS).
This will include liveness tests to prevent against an individual using another person’s photograph, the DTA spokesperson said.
The government also expects the digital identity to be used to access services at other levels of government as well as within the private sector over time.