The Government Logon Service

The Government Logon Service (GLS) is being developed as part of the New Zealand All-of-government Authentication Programme. The Programme will standardise online authentication for New Zealand government services. The GLS will provide a common logon service for people using government services over the Internet. The GLS will allow customers to logon to different agency services using the same authentication key, or with multiple keys, in a secure and private manner.

Different types of authentication keys will be used depending on the level of identity-related risk. The Evidence of Identity Standard defines four service risk categories: No or Negligible, Low, Moderate and High [31]. These relate to the potential for harm if an error is made in attributing identity. The minimum authentication keys required for each service risk category are given in Table 4 below.

Table 4 - Minimum authentication keys required for service risk categories

Service risk category

Minimum authentication key requirements

Nil or negligible

No requirement. Agencies are able to select their own authentication solution. If a password is used, this should be different from the password required for services in the Low service risk category.

Low

Requires a one-factor authentication key in the form of a password conforming to the Password Standard [32].

Moderate

Requires a two-factor authentication key that is at least one of the following:

  • a one-time password system combined with a password
  • a one-time password device requiring per-session local activation (with a password or biometric*)
  • a software token requiring per-session local activation (with a password or biometric*).

High

Requires a two-factor authentication key that is at least a hardware token requiring per-session local activation (with a password or biometric*).

* Currently, authentication solutions that incorporate the exchange of biometric data between a customer and verifier have been excluded. Review of biometric authentication is continuing and their future use will be considered.

The GLS will support authentication keys for the Low, Moderate and High service risk categories. The GLS currently supports password authentication, and support for a two-factor key is being developed. The advantages are that the customer will be able to use a single password, single software token, etc., to use online services with agencies that use the GLS. The GLS provides service customers with greater convenience in logon management since the GLS username and password (or other authentication key) can be re-used by the customer across different agencies. The design of the GLS protects the privacy of customers by not collecting any identity-related customer information.

The Identity Verification Service (IVS) is also being developed by the Programme. The IVS will allow service customers to establish their identity details, using the Evidence of Identity Standard, and to record them in the form of an electronic Identity Verification Credential (IVC). They can release the IVC to agencies to confirm their identity when transacting electronically with the government. The IVS is currently in the design phase. Figure 3 depicts the various communications.

More information on the GLS can be found in [33].

Figure 3 - The GLS and IVS

[Image not found]

Page last updated: 13/09/2016