Digital identity system
The digital identity system is a network of digital identity service providers, users wanting to access a service, and service providers needing information to offer their service. Information will not be held in a central database and using the system will not be compulsory.
Information will be shared as needed in a decentralised way. Transactions will be governed by existing legislation such as the Privacy Act, privacy and security enhancing rules, and driven by a user request.
In 2018, the New Zealand government committed to a 2-year programme to investigate the requirements for a new and improved approach to digital identity. Read more about its background and research undertaken.
Understanding the digital identity system
Digital identity allows people and organisations to use their information, such as income, date of birth or proof of eligibility, to access services online. These pieces of personal or organisational information are also known as attributes.
Digital identity services rely on relationships between individuals or users and service providers, as part of a ‘digital identity system’.
The digital identity system is the collection of all the participants, the roles they play and the actions they undertake to allow users to share information in a trusted and secure way.
Read more about digital identity and permission to share attributes — What is digital identity?
Modernising the digital identity system
The digital identity environment has changed significantly over the years. Globally and in New Zealand digital identity services have emerged, offering new ways for people to access and share their information.
The proposed Digital Identity Services Trust Framework will provide people with greater choice and innovation in the provision of trusted and secure digital identity services.
For those benefits to be realised the existing digital identity system needs to change, to reflect current digital identity expectations. In June 2021, Cabinet directed the Department of Internal Affairs (DIA) to complete a detailed business case for investment options to modernise digital identity infrastructure.
Proposed digital identity system
The Digital Identity Programme aims to create a trusted, coherent and sustainable digital identity system.
This proposed system uses rules to define how the participants in any transaction work together to consent to share or validate a user’s information.
Defined rules and a governing trust framework mean that:
- people can access the services they need
- people can have greater trust and confidence in how their personal and organisational information is used online
- service providers know the information they get is correct and belongs to the right entity
- all participants can operate in a trusted, sustainable and coherent digital identity system in New Zealand.
The following typical transaction steps 1 to 4 and Diagram 1 outline how a typical transaction flow might occur in a future digital identity system.
Typical transaction steps
Note: These steps can happen in a different order, or might not involve all the parties. It depends on what is authorised, what information is needed, and which providers are involved.
A user wants to initiate a transaction or gain access to a service from a relying party such as a bank, government, age restricted services, travel or transport.
- A service provider, known as a relying party, requires certain information to offer their service. This interaction goes back and forth.
- The requirements are communicated to users.
- The user gives permission for their information to be shared in a secure way.
- An information provider that holds the user’s information, such as government, a bank, an individual or utility company, supplies the user’s information.
- The credential provider works with other infrastructure providers to validate the information is being packaged safely and securely, through binding and authentication processes. The outcome may be a reusable package of information called a credential.
- A facilitation provider helps the user to share their credential, and access the service or complete the transaction with the relying party.
Diagram 1 shows how a typical transaction flow might occur in a future digital identity system.