Guidance and Resources

End Matter

Working Group representation

The following organisations contributed representatives to the Secure Messaging Working Group that developed this Standard:

  • Accident Compensation Corporation
  • Government Communications and Security Bureau
  • Inland Revenue Department
  • Information Technology Association of New Zealand (represented by IBM NZ Ltd)
  • Land Transport New Zealand
  • Ministry of Agriculture and Forestry
  • Ministry of Education
  • Ministry of Health
  • Ministry of Social Development
  • New Zealand Police
  • New Zealand Qualifications Authority
  • RSA Security Inc.
  • State Services Commission

Acknowledgement

The State Services Commission gratefully acknowledges the contribution of time and expertise from all those involved in developing this Standard, with particular acknowledgement to the subject matter experts and reviewers Enspier Technologies, Inc. (a Protiviti Government Services company) and RSA, the Security division of EMC. The Secure Messaging Working Group wish to particularly acknowledge the extensive contribution of Robert Philpott, immediate past co-Chair of the OASIS Security Services (SAML) Technical Committee and Sampo Kellomäki, Chief Architect, Symlabs, Inc.

Copyright

This document is subject to Crown copyright. The material may be used, copied and re-distributed free of charge in any format or media, provided that the source and copyright status are acknowledged (i.e. this material was produced by the State Services Commission © Crown copyright 2008).

Referenced documents

Joint Australian/New Zealand Standards

  • [HB231Risk] SAA/NZS HB 231:2004 - Information Security Risk Management Guidelines (Australian/New Zealand handbook) www.standards.co.nz
  • [HB436Risk] SAA/NZS HB 436:2004 - Risk Management Guidelines Companion to AS/NZS 4360:2004 (Australian/New Zealand handbook) www.standards.co.nz
  • [S17799Code] AS/NZS ISO/IEC 17799:2006 - Information Technology Security Techniques Code of Practice for Information Security Management www.standards.co.nz
  • [S27001Reqs] AS/NZS ISO/IEC 27001:2006 - Information Technology Security Techniques Information Security Management Systems Requirements www.standards.co.nz
  • [S4360Risk] AS/NZS 4360:2004 Risk Management (Australian/New Zealand Standard) www.standards.co.nz

Other

  • [AuthFrame] State Services Commission 2004 - Authentication for E-government: Best Practice Framework for Authentication www.ict.govt.nz
  • [AEG] State Services Commission 2005 - Authentication for E-government: Government Logon Service www.ict.govt.nz
  • [AKSS] State Services Commission 2006 - Authentication Key Strengths Standard v1.0 www.ict.govt.nz
  • [CIQ] OASIS 2006 - Customer Information Quality V3.0 www.oasis-open.org/committees/ciq
  • [DFIRS] State Services Commission 2006 - Data Formats for Identity Records Standard v1.0 www.ict.govt.nz
  • [DGSS] State Services Commission 2005 - Development Goals for the State Services www,ict.govt.nz
  • [EOIS] Department of Internal Affairs - Evidence of Identity Standard v1.0 www.dia.govt.nz
  • [GASOS] State Services Commission 2006 - Guide to Authentication Standards for Online Services v1.0 www.ict.govt.nz
  • [GMFA] State Services Commission 2006 - Guidance on Multi-Factor Authentication www.ict.govt.nz
  • [GLSMS] Messaging Specification v1.0 Available on request from GLS - authentication@dia.govt.nz
  • [LSDO] State Services Commission - Logon Service Design Overview www.ict.govt.nz
  • [NZeGIF] State Services Commission 2008 - New Zealand E-government Interoperability Framework(NZ e-GIF)v3.3 www.ict.govt.nz
  • [NZGWSR] State Services Commission March 2007 - New Zealand Government Web Standards and Recommendations V1.0 www.ict.govt.nz
  • [NZSIT402] Government Communications Security Bureau June 2007 - New Zealand Government Information Technology Security Manual NZSIT 402
  • [PS] State Services Commission 2006 - Password Standard v1.0 www.ict.govt.nz
  • [PSM] New Zealand Security Intelligence Service 2002 - Protective Security Manual
  • [RFCReqLev] Bradner, S. March 1997 - Key Words for Use in RFCs to Indicate Requirement Levels (RFC 2119) www.ietf.org
  • [SAMF] State Services Commission 2006 - Security Assertion Messaging Framework www.ict.govt.nz
  • [SAML2] OASIS 2005 - Security Assertion Markup Language v2.0 www.oasis-open.org
  • [SAMLBind] Oasis Standard 15.3.2005 - Bindings for the OASIS Security Assertion Markup Language (SAML) v2.0 saml-bindings-2.0-os
  • [SAMLConf] Oasis Standard 15.3.2005 - Conformance Requirements for the OASIS Security Assertion Markup Language (SAML) v2.0 saml-conformance-2.0-os
  • [SAMLContext] Oasis Standard 15.3.2005 - Authentication Context for the OASIS Security Assertion Markup Language (SAML) v2.0 saml-authn-context-2.0-os
  • [SAMLCore] Oasis Standard 15.3.2005 - Assertions and Protocols for the OASIS Security Assertion Markup Language (SAML) V2.0 saml-core-2.0-os
  • [SAMLGlossary] Oasis Standard 15.3.2005 - Glossary for the OASIS Security Assertion Markup Language (SAML) v2.0 saml-glossary-2.0-os
  • [SAMLMeta] Cantor, Moreh, Philpott, Maler, eds. - Oasis Standard 15.3.2005 - Metadata for the OASIS Security Assertion Markup Language (SAML) v2.0 saml-metadata-2.0-os
  • [SAMLProf] Oasis Standard 15.3.2005 - Profiles for the OASIS Security Assertion Markup Language (SAML) v2.0 saml-profiles-2.0-os
  • [SAMLSecurity] Oasis Standard, 15.3.2005 - Security and Privacy Considerations for the OASIS Security Assertion Markup Language (SAML) V2.0 saml-sec-consider-2.0-os
  • [SIGS] Department of the Prime Minister and Cabinet 2002 - Security In the Government Sector
  • [XMLEnc] Donald Eastlake et al. - World Wide Web Consortium Recommendation December 2002 - XML Encryption Syntax and Processing
  • [XMLSig] Donald Eastlake et al. - World Wide Web Consortium Recommendation February 2002 - XML-Signature Syntax and Processing

New Zealand legislation

  • Privacy Act 1993

Related websites

Latest revisions

This Standard is to be reviewed from time to time by the Working Group to keep it up to date with changes in technology and business requirements in the sector. Users should ensure they access the latest revisions of the NZ e-GIF authentication standards including amendments (if any). These can be found at www.e.govt.nz. Users should also access the latest revisions of the documents included in the list of referenced documents already set out in this standard.

Review of standards

Suggestions for improvement of this Standard will be welcomed. They should be sent to the Manager, e-GIF Operations, State Services Commission, PO Box 329, Wellington. Alternatively, suggestions can be sent by email to e-gif@dia.govt.nz

Page last updated: 19/12/2017