Your browser currently has JavaScript turned off, which means that Govt.nz might not display properly on your device. It's easy to turn JavaScript on - find out how to enable JavaScript in your browser.

Contact

Department of Internal Affairs

Government Enterprise Architecture

GEA@dia.govt.nz

Authentication Standards

The Authentication Standards are being updated. They promote best practice design of authentication components, and consistency in the way identity is validated.

Authentication Standards framework

The original framework was published between 2006-2009 and much of the advice has been superseded. The information listed as ‘current standards, guidance and tools’ in the following table is the best advice that we have available at the moment.

Note:

Several of these standards will be superseded by the new Identification Management Standards.

About the identification standards.

If you are implementing authentication services you should consult with the GEA team to make sure you are referencing the correct services, documents, NZ and international standards, and cabinet mandates.

**Table 1:** Current standards, guidance and tools
Current standards, guidance and tools	Currency	Compliance requirement
Evidence of Identity Standard (EOI)	To be superseded by the new Identification management standards.	Standard This is applicable to all services, regardless of whether or not they are delivered through an online channel.
RealMe login service RealMe Verified Identity service	Replaced the Government Logon Service and the Identity Verification Service.	Services that support the Evidence of Identity Standard. Agencies are required to use the RealMe system rather than developing new authentication systems.
New Zealand Security Assertion Messaging Standard v1.0	Current	Standard for RealMe integration. For OAuth and OpenIDConnect guidance refer to the Part B of the API standard.
New Zealand Information Security Manual Chapter 16 Access control Chapter 17 Cryptography	Replaced: Password Standard The new standards will replace this Password Standard, which is still relevant for organisations not subject to compliance with the New Zealand Information Security Manual.	Standard
Authentication Key Strengths Standard	To be superseded by the new identification management standards.	Standard
Guidance on multi-factor Identification	To be superseded by the new identification management standards.	Standard
New Zealand Government OASIS CIQ Profiles	Current	New Zealand Government OASIS CIQ Profiles Guidance on representation of customer names, addresses, roles and relationships. For JSON representations of these elements contact GEA@dia.govt.nz

Related advice

Is there something wrong with this page?

Page last updated: 18 March 2021

Contact

Authentication Standards

Authentication Standards framework

Table 1: Current standards, guidance and tools

Related advice

Print

Have your say about this page

Last Updated