Authentication standards
The Authentication standards and related guidelines were created to support the establishment and on-going confirmation of identity; and were used in the development of the Government Logon Service(GLS) and an Identity Verification Service (IVS). RealMe® services from the New Zealand government and New Zealand Post replaced the GLS and IVS. RealMe® is currently mandated for customer to government use.
The Authentication standards provide a framework that promotes consistent authentication of identity by government agencies, regardless of whether agencies use the mandated RealMe® shared services or implement their own solutions.
For each service they provide, agencies must determine the level of identity-related risk. This level corresponds to a level of confidence required to establish an individual's identity and to an authentication key that provides on-going verification of identity. Other standards define data formats for identity-related data and message formats for confirmation of identity. The following standards have been developed:
- Guide to Authentication Standards for Online Services
- Evidence of Identity Standard [Department of Internal Affairs]
Note that the Evidence of Identity Standard, developed by the Department of Internal Affairs, is applicable to all services, regardless of whether or not they are delivered through an online channel. - Authentication Key Strengths Standard
- Guidance on Multi-factor Identification
- Data Formats for Identity Records Standard v1.1 [Deprecated - superseded by the New Zealand Government OASIS CIQ Profiles]
- Password Standard [Deprecated - refer to the NZISM chapter 16]
- New Zealand Security Assertion Messaging Standard v1.0
In accordance with the provisions of the Authentication Standards, the Authentication Standards for Online Services Working Groups may from time to time agree to minor corrections, additional explanations, amendments or revisions of these standards. Such changes will also be included in any subsequent re-printings of the Standards concerned:
The authentication standards are now managed by Government Enterprise Architecture, Department of Internal Affairs on behalf of the Government Chief Information Officer (GCIO). Email GEA@dia.govt.nz to contact Government Enterprise Architecture.
A set of Frequently Asked Questions (FAQs) provides more information about the authentication standards.
-
Amendments to Authentication Standards
-
Updates to the HTML versions of the Authentication Standards
-
Review of the Authentication Standards
-
Frequently Asked Questions
-
Guide to Authentication Standards for Online Services
-
Authentication Key Strengths Standard
-
Guidance on Multi-factor Identification
-
Data Formats for Identity Records Standard - Deprecated
-
Password Standard - Deprecated
-
New Zealand Security Assertion Messaging Standard