The Trusted Digital Identity Framework (TDIF) is an accreditation framework for digital ID services.
It sets out the requirements that applicants need to meet to achieve accreditation.
The accreditation framework and process ensures all identity providers meet strict rules and standards for usability, accessibility, privacy protection, security, risk management, fraud control and more.
Building on the existing TDIF, a Digital ID Bill and draft Accreditation Rules have been developed to detail the requirements for Digital ID service providers to become accredited and maintain their accreditation if Digital ID legislation passes parliament. See Legislation | Digital Identity for a summary of the Digital ID Bill and a copy of the draft Accreditation Rules.
We provide guidance material to support organisations to meet TDIF requirements, which can be found here.
TDIF accreditation program
Government providers that offer digital ID services can apply to be accredited under the TDIF.
The Australian Government is also running a pilot accreditation program, under which private sector businesses can apply to be accredited under the TDIF to test the readiness for its use to be expanded beyond government.
Accreditation demonstrates that their digital ID services are trusted, safe and secure and built to the standards set by the Australian Government.
Accredited entities
The entities listed below have an active TDIF accreditation status.
Accredited entities operating in the Australian Government's Digital ID system:
Accredited entity |
Service name |
Role |
Service description |
Initial and variation accreditation date |
---|---|---|---|---|
ABN 51 824 753 556 |
myGovID | Identity provider |
|
30 May 2019 Varied on 30 August 2021 to include IP3 and biometrics |
Credential provider |
|
30 May 2019 | ||
RAM | Attribute provider |
|
20 June 2019 | |
ABN 90 794 605 008 |
Exchange | Exchange provider |
|
13 May 2019 |
myGov | Attribute provider |
|
25 August 2021 |
Accredited entities operating outside the Australian Government's Digital ID system:
Accredited entity |
Service name |
Role |
Service description |
Initial and variation accreditation date |
---|---|---|---|---|
ABN 28 864 970 579 |
Digital iD, but excluding
Relying parties and individuals considering use of excluded features should seek an appropriate level of assurance over attached risks to inform their decision. |
Identity provider |
|
17 May 2019 |
Credential provider |
|
17 May 2019 | ||
IDVerse, the trading name of OCR Labs Pty Ltd ABN 20 603 823 276 |
IDKit, when specifically ordered by the customer as a TDIF-accredited service and so configured, which cannot be changed. | Identity provider |
|
8 July 2021 Varied on 7 March 2022 to include IP3 and biometrics |
ABN 95 108 603 345 |
ID | Identity provider |
|
21 July 2022 |
Credential provider |
|
21 July 2022 | ||
Exchange |
|
10 June 2022 | ||
eftpos Digital Identity Pty Ltd ABN 80 648 970 101 |
ConnectID Exchange services |
Exchange |
|
15 September 2021 Varied on 5 January 2023 |
ABN 35 168 163 666 |
RatifyID | Identity provider |
|
20 October 2023 |
Credential provider |
|
20 October 2023 |
Identity providers
Identity providers help you set up and manage your Digital ID so you can prove who you are online. Using a secure Digital ID with a trusted identity provider helps keep your information safe and helps services have confidence that they’re interacting with the right person.
Identity providers can apply to be accredited at various identity proofing levels.
Identity exchanges
An identity exchange acts like a switchboard, transferring information, with your consent, between relying parties, identity providers and attribute service providers, in a way which is secure and respects your privacy.
Attribute providers
Attributes are additional information about you such as entitlements or characteristics of an individual (for example, that you have a particular qualification). Attribute providers generate and manage attributes and claims about an individual, business or organisation that are provided to relying services.
Credential providers
A credential is a password or other forms of authentication. Credential providers can generate, bind and distribute credentials to individuals or can bind and manage credentials generated by individuals. The robustness of this confidence is described by a credential level (CL) categorisation.
Before submitting your application, we ask that you request a pre-engagement meeting with the Department of Finance by emailing digitalid@finance.gov.au, including a description of your organisation and the identity system proposed for accreditation.
Our Accreditation/Engagement team will contact you to organise a meeting which will include next steps, how to submit a formal application and when we expect to commence the next round of accreditation prioritisation.
Guidance material to support organisations to meet TDIF requirements can be found here.
To become a TDIF accredited provider, applicants are required to demonstrate how their Digital ID service meets requirements for:
- accessibility and usability
- privacy protection
- security and fraud control
- risk management
- technical integrity and more.
As a final step, all applicants are required to enter into an accreditation governance agreement or deed with the Department of Finance that sets out their ongoing obligations under the TDIF.
For more information about the accreditation process, go to TDIF 03 Accreditation Process.
Once accredited, providers need to continually demonstrate they meet their TDIF obligations by undergoing annual assessments. For more information, go to TDIF 07 Maintain Accreditation.