New Zealand’s new Digital Identity Services Trust Framework (DISTF) rules are part of the country’s larger push to roll out a suite of digital identity services, which are expected to include a digital driving licence, bank ID and trade certification, accessible through accredited digital ID wallets or apps.
The rules, which apply to Trust Framework providers and the accredited services they provide, are intended to ensure privacy and security, and give users more control over their data. As such, the document published by the Trust Framework Authority lists various requirements for service providers to meet information and authentication standards under the Identification Standards, the Privacy Act and other legislation.
The new rules and accreditation system officially took effect on November 8, 2024. The Authentication Assurance Standard that sets the rules for biometrics went live on October 1.
According to Global Government Forum, Minister for Digitizing Government Judith Collins says the announcement of the updated Digital Identity Services Framework “paves the way for safe future digital identity services,” particularly in terms of centering user consent.
“Using accredited digital identity services makes it easier to securely share your information, helps protect from identity theft, and gives New Zealanders greater control over their own information.” Users who opt-in to digital ID will be in control of “what information they share, and who they share it with.”
In this, the system aims for the kind of data minimization and selective sharing that is a key concept of digital identity – a credential that can be used securely and repeatedly, controlled by the owner, specific uses of which both the issuing authority and verifying party are unaware. Per the rules, “credential presentation must only present attributes the user has authorized to present,” and “credential verification activity must not be tracked or correlated by the Trust Framework providers.”
Credentials can comply with W3C VC, ISO/IEC 18013-5 mDL models
Posting on X, Otto Mora of Privado ID notes that the section on credentials allows compliance with either the W3C Verifiable Credential Data Model or the ISO/IEC 18013-5 mobile driving licence (mDL) application. Mora says leaving the door open for experimentation with both models is the right step when it comes to privacy.
Article Topics
digital government | digital identity | Digital Identity Services Trust Framework (DISTF) | digital wallets | government services | mDL (mobile driver’s license) | New Zealand | trust framework
