Tdif 01 Glossary - Release 4.8 - Finance 1
Tdif 01 Glossary - Release 4.8 - Finance 1
Tdif 01 Glossary - Release 4.8 - Finance 1
01 Glossary of
Abbreviations and Terms
PUBLISHED VERSION
OFFICIAL
OFFICIAL
This work is copyright. Apart from any use as permitted under the Copyright Act 1968
and the rights explicitly granted below, all rights are reserved.
Licence
With the exception of the Commonwealth Coat of Arms and where otherwise noted,
this product is provided under a Creative Commons Attribution 4.0 International
Licence. (http://creativecommons.org/licenses/by/4.0/legalcode)
This licence lets you distribute, remix, tweak and build upon this work, even
commercially, as long as you credit Finance for the original creation. Except where
otherwise noted, any reference to, reuse or distribution of part or all of this work must
include the following attribution:
Conventions
References to TDIF documents, abbreviations and key terms (including the words
MUST, MUST NOT, and MAY) are denoted in italics are to be interpreted as
described in this document.
Contact us
OFFICIAL
Department of Finance — TDIF 01 – Glossary of Abbreviations and Terms iii
OFFICIAL
Document management
Document review
All changes made to the TDIF are published in the TDIF Change Log which is
available at https://www.digitalidentity.gov.au/tdifdocs.
OFFICIAL
Department of Finance — TDIF 01 – Glossary of Abbreviations and Terms iv
OFFICIAL
Contents
A ........................................................................................................................................................... 8
B ......................................................................................................................................................... 14
C ......................................................................................................................................................... 15
D ......................................................................................................................................................... 19
E ......................................................................................................................................................... 21
F.......................................................................................................................................................... 23
G, H, I ................................................................................................................................................. 25
K, L ..................................................................................................................................................... 29
M ......................................................................................................................................................... 31
N ......................................................................................................................................................... 33
O ......................................................................................................................................................... 33
P, Q..................................................................................................................................................... 35
R ......................................................................................................................................................... 38
S ......................................................................................................................................................... 40
T.......................................................................................................................................................... 42
U ......................................................................................................................................................... 45
V, W, X, Y, Z ....................................................................................................................................... 46
Glossary of abbreviations
Term Meaning
OFFICIAL
Department of Finance — TDIF 01 – Glossary of Abbreviations and Terms 2
OFFICIAL
Term Meaning
CL Credential Level
CP Certificate Policies
OFFICIAL
Department of Finance — TDIF 01 – Glossary of Abbreviations and Terms 3
OFFICIAL
Term Meaning
ID Identity
IP Internet Protocol
OFFICIAL
Department of Finance — TDIF 01 – Glossary of Abbreviations and Terms 4
OFFICIAL
Term Meaning
MF Multi-Factor
OA Oversight Authority
OFFICIAL
Department of Finance — TDIF 01 – Glossary of Abbreviations and Terms 5
OFFICIAL
Term Meaning
OR Operating Rules
RP Relying Party
RSA Rivest-Shamir-Adleman
OFFICIAL
Department of Finance — TDIF 01 – Glossary of Abbreviations and Terms 6
OFFICIAL
Term Meaning
SF Single Factor
SP Special Publication
OFFICIAL
Department of Finance — TDIF 01 – Glossary of Abbreviations and Terms 7
OFFICIAL
Glossary of terms
A wide variety of terms are used in the realm of identity management. While the
definition of many of these terms are sourced from existing government policies and
international standards, the definition of some terms has been modified to meet the
needs of the TDIF. Where this occurs, the source is listed as TDIF.
Access control. The process of granting or denying requests for access to systems,
applications and information. Can also refer to the process of granting or denying
requests for access to facilities. Source: ISM.
Access token. A JSON Web Token or equivalent that acts as proof of authorisation to
access a service. Source: OpenID Connect Core 1.0
OFFICIAL
Department of Finance — TDIF 01 – Glossary of Abbreviations and Terms 8
OFFICIAL
Accredited Roles. The four accreditation classes supported under the TDIF, including
Attribute Service Providers, Credential Service Providers, Identity Exchange and
Identity Service Providers. Source: TDIF.
Acquired Image. An image of the User’s face that is used as the sample for biometric
matching. Source: TDIF.
APP entity. Has the same meaning as in the Privacy Act 1988.
Applicant. Organisations that undergo the TDIF Accreditation Process in the role of an
Attribute Service Provider, Credential Service Provider, Identity Service Provider,
Identity Exchange or a combination of these. Source: TDIF.
Applicant Capability. The product serviced by the Applicant and used by the User for
the purposes of Identity Proofing and Biometric Binding. Source: TDIF.
Application. The Identity Proofing process which involves Biometric Binding. Source:
NIPG.
OFFICIAL
Department of Finance — TDIF 01 – Glossary of Abbreviations and Terms 9
OFFICIAL
Assertion. A statement from a TDIF Accredited Role to a Relying Party that contains
information about a User. Assertions may also contain verified Attributes. Source:
TDIF.
OFFICIAL
Department of Finance — TDIF 01 – Glossary of Abbreviations and Terms 10
OFFICIAL
Attribute Service Provider (ASP). One of the four Accredited Roles. An entity that
has been accredited in accordance with the TDIF as an attribute service provider and
that provides a service that verifies or manages specific attributes relating to
entitlements, qualifications or characteristics of an Individual. Source: TDIF
Attribute Set: A collection of Attributes that aligns with the logical sets of Attributes
that a Relying Party will typically ask for as a collection, and that a User will provide
Consent for as a collection. Source: TDIF
Attribute Sharing Policies. Policies that describe the rules that must be applied when
sharing Attributes with a Relying Party. Source: TDIF.
OFFICIAL
Department of Finance — TDIF 01 – Glossary of Abbreviations and Terms 11
OFFICIAL
Australian Privacy Principles (APP). Are the cornerstone of the privacy protection
framework in the Privacy Act 1988. There are 13 Australian Privacy Principles and they
govern standards, rights and obligations around:
• The collection, use and disclosure of personal information.
• An organisation or agency’s governance and accountability.
• Integrity and correction of personal information.
• The rights of Individuals to access their personal information.
Source: OAIC.
OFFICIAL
Department of Finance — TDIF 01 – Glossary of Abbreviations and Terms 12
OFFICIAL
Authentication Event. The process of a User using their Credentials to prove that
they are the valid user of a Digital Identity
OFFICIAL
Department of Finance — TDIF 01 – Glossary of Abbreviations and Terms 13
OFFICIAL
Biometric Binding. The process, under the TDIF, of linking an Individual with a
claimed Identity by performing Biometric Verification. Source: TDIF. See also:
Biometric Verification, Biometric Matching.
OFFICIAL
Department of Finance — TDIF 01 – Glossary of Abbreviations and Terms 14
OFFICIAL
OFFICIAL
Department of Finance — TDIF 01 – Glossary of Abbreviations and Terms 15
OFFICIAL
Certificate Revocation Lists (CRL). The published directory which lists revoked
Digital Certificates. The CRL may form part of the Certificate Directory or may be
published separately. Source: TDIF
Chief Security Officer (CSO). The person responsible, at a management level, for
security in an organisation. Source: TDIF
Claimed Photo ID. The Photo ID document presented by the Individual for Identity
Proofing as part of an Identity Claim. Source: TDIF. See also: Identity Document,
Photo ID.
1
In the context of the TDIF an Australian Passport is also considered a CoI document.
OFFICIAL
Department of Finance — TDIF 01 – Glossary of Abbreviations and Terms 16
OFFICIAL
Consent. Means Express Consent or Implied Consent. The four key elements of
Consent are:
• The Individual is adequately informed before giving Consent.
• The Individual gives Consent voluntarily.
• The Consent is current and specific.
• The Individual has the capacity to understand and communicate their Consent.
Source: OAIC.
Consumer History. The history of all a User’s interactions with an Identity Exchange.
Source: TDIF.
Control(s). Any process, policy, device, practice or other actions within the internal
environment of an organisation which modifies the likelihood or consequences of a
risk. Source: ISO 31000.
Credential Binding. The process of linking a Credential with a Digital Identity. Source:
TDIF.
Credential Level 1 (CL1). A basic authentication credential suitable for use at the IP1
proofing level. This allows single-factor authentication, e.g. password. Source: TDIF.
Credential Level 2 (CL2). A strong authentication credential suitable at the IP1, IP2
and IP3 proofing levels. This requires two-factor authentication, e.g. password with
additional one-time password. Source: TDIF.
Credential Level 3 (CL3). A very strong authentication credential, suitable at the IP1,
IP2, IP3 and IP4 levels. This requires two factor authentication and hardware
verification. Source: TDIF.
OFFICIAL
Department of Finance — TDIF 01 – Glossary of Abbreviations and Terms 17
OFFICIAL
Credential Service Provider (CSP). One of the four Accredited Roles. An entity that
has been accredited in accordance with the TDIF as a Credential Service Provider and
that provides a service that does either or both of the following:
• generates, binds, manages or distributes Credentials to Individuals;
• binds, manages or distributes Credentials generated by Individuals.
Source: TDIF.
Cross Certificate. A cross certificate enables Individuals and Relying Parties in one
PKI deployment to trust entities in another PKI deployment. This trust relationship is
usually supported by a cross certification agreement between Certificate Authorities in
each PKI deployment, which defines the responsibilities of each party. Source: TDIF
OFFICIAL
Department of Finance — TDIF 01 – Glossary of Abbreviations and Terms 18
OFFICIAL
Cyber Security Incident. One or more acts, events or circumstances that involve:
Data Breach. Loss or misuse of, unauthorised access to, or unauthorised modification
or disclosure of, Personal Information held by an entity.
Data Breach Response Plan. Is a framework that sets out the roles and
responsibilities involved in managing a data breach. It also describes the steps an
entity will take if a data breach occurs. Source: OAIC
OFFICIAL
Department of Finance — TDIF 01 – Glossary of Abbreviations and Terms 19
OFFICIAL
Digital Identity Fraud Control Plan. A plan that meets the requirements specified in
FRAUD-02-02-01a. Source: TDIF.
• the position of Digital Identity Fraud controller for the Applicant, having the duties
and responsibilities specified in the Applicant’s fraud control plan; or
• the person appointed as, or appointed to act in the position of, Digital Identity
Fraud Controller for the Applicant as mentioned in FRAUD-02-01-01.
Digital Identity Fraud Risk. Means the risk that a Digital Identity Fraud Incident will
occur in relation to an entity. Source: TDIF
Digital Signature. An electronic signature created using a Private Signing Key. The
cryptographic process allows the proof of the source (with non-repudiation) and the
verification of the integrity of the data. Source: TDIF
Disaster Recovery and Business Continuity Plan (DRBCP). Helps minimise the
disruption to the availability of information and systems after a security incident or
OFFICIAL
Department of Finance — TDIF 01 – Glossary of Abbreviations and Terms 20
OFFICIAL
Document Biometric Matching. The process of verifying that the User’s Acquired
Image biometrically matches the corresponding image recorded in the User’s Claimed
Photo ID. This process includes only Claimed Photo ID documents that are
government issued with cryptographically signed RFID chips that store the image,
such as an ePassport. Source: TDIF.
Document Verification Service (DVS). A national online system that checks whether
the biographic information on an Identity document matches the original record. The
result will simply be ‘yes’ or ‘no’. The DVS does not check facial images. The DVS
makes it harder for people to use fake Identity documents and both the public and
private sectors use the DVS. Source: ID Match (Department of Home Affairs).
Easy English. A style of writing that has been developed to provide understandable,
concise information for people with low English literacy. Individuals with low English
literacy can be described as people with a limited ability to read and write words.
Source: Scope Vic.
End user. A Person that interacts with a TDIF Provider’s service with the intention of
obtaining a Digital Identity. Source: TDIF.
Enforcement Body. Has the same meaning as in the Privacy Act 1988.
OFFICIAL
Department of Finance — TDIF 01 – Glossary of Abbreviations and Terms 21
OFFICIAL
• an individual;
• a body corporate;
• a Commonwealth entity, or a Commonwealth company, within the meaning of the
Public Governance, Performance and Accountability Act 2013;
• a person or body that is an agency within the meaning of the Freedom of
Information Act 1982;
• a body specified, or the person holding an office specified, in Part I of Schedule 2
to the Freedom of Information Act 1982;
• a department or authority of a State;
• a department or authority of a Territory;
• a partnership;
• an unincorporated association;
• a trust.
Source: TDIF
Exceptional Use Case. A situation where an Individual does not possess, and is
unable to obtain, the information or evidence of identity required for the relevant
proofing level, including as a result of the Individual:
• having their birth not registered;
• being homeless or displaced;
OFFICIAL
Department of Finance — TDIF 01 – Glossary of Abbreviations and Terms 22
OFFICIAL
Express Consent. is given explicitly, either orally or in writing. This could include a
handwritten signature, or oral statement, or use of an electronic medium or voice
signature to signify agreement. Source: OAIC.
Fact of Death File. Is a compilation of death records from each of the data custodians.
These files contain full name, date of birth and residential address details of all the
people who have died in Australia. Data files are available on the Australian
Coordinating Registry dating back to 1992. Source: Queensland Government.
Failure to Enroll Rate (FTE): Failure to create and store a biometric enrolment data
record for an eligible biometric capture subject, in accordance with a biometric
enrolment policy. Source: ISO 2382-37.
Note See ISO 2382-37 for further details of the meaning of this term.
False Match Rate (FMR):. The proportion of the completed biometric non-mated
comparison trials that result in a false match. Source: TDIF.
OFFICIAL
Department of Finance — TDIF 01 – Glossary of Abbreviations and Terms 23
OFFICIAL
Note See ISO 2382-37 for further details of the meaning of this term.
False Non-match Rate (FNMR): The proportion of the completed biometric mated
comparison trials that result in a false non-match.. Source: TDIF.
Note See ISO 2382-37 for further details of the meaning of this term.
Family name. A person’s last name or surname. The ordering of family name and
given names varies among cultures. Some cultures do not recognise a ‘family’ name;
In Australia the last name is usually adopted as the family name. Source: NIPG.
Federation Proxy. A component that acts as a logical Relying Party to a set of Identity
Service Providers and a logical Identity Service Provider to a set of Relying Parties,
bridging the two systems with a single component. These are sometimes referred to as
“brokers”. Source: NIST SP 800-63-3.
OFFICIAL
Department of Finance — TDIF 01 – Glossary of Abbreviations and Terms 24
OFFICIAL
• Privacy Assessment
• Security Assessment
• Accessibility Assessment
• Penetration Test
Source: TDIF.
G, H, I
Given name. Given names include combinations of first name/s, forename, Christian
name/s, middle name/s and second name/s. Source: NIPG.
High Risk Project. A change to the services for which the entity is accredited or the
entity’s Identity System that is or is likely to have a significant impact on:
• the nature or scope of personal information collected, stored or processed by
the entity; or
• the manner in which personal information is collected, stored or processed by
the entity.
Identity (ID). (a) information about a specific Individual in the form of one or more
attributes that allow the Individual to be sufficiently distinguished within a particular
context; (b) a set of the Attributes about a Person that uniquely describes that Person
within a given context. Source: UNCITRAL.
OFFICIAL
Department of Finance — TDIF 01 – Glossary of Abbreviations and Terms 25
OFFICIAL
Identity Exchange (IdX). One of the four Accredited Roles. An entity that has been
accredited in accordance with the TDIF as an identity exchange and that provides a
service that conveys, manages and coordinates the flow of data or other information
between participants in an Identity Federation. Source: TDIF.
Identity Proofing (IP). Refers to the process of collecting, verifying, and validating
sufficient Attributes (and supporting evidence) about a specific Individual to confirm
their Identity. Source: TDIF.
Identity Proofing Level (IP Level). describes the level of assurance or confidence in
the Identity Proofing process. Source: TDIF.
OFFICIAL
Department of Finance — TDIF 01 – Glossary of Abbreviations and Terms 26
OFFICIAL
intended use of Identity Proofing Level 1 is for services where the risks of not
undertaking Identity verification will have a negligible consequence to the Individual or
the service. For example, to pay a parking infringement or obtain a fishing licence.
Source: TDIF.
Identity Proofing Level 1 Plus (IP 1 Plus) is used when a low level of confidence in
the claimed Identity is needed. This requires one Identity Document to verify
someone’s claim to an existing Identity. The intended use of Identity Proofing Level 1
Plus is for services where the risks of getting Identity verification wrong will have minor
consequences to the Individual or the service. For example, the provision of loyalty
cards. Source: TDIF.
Identity Proofing Level 2 (IP 2) is used when a low-medium level of confidence in the
claimed Identity is needed. This requires two or more Identity Documents to verify
someone’s claim to an existing Identity. The intended use of Identity Proofing Level 2
is for services where the risks of getting Identity verification wrong will have moderate
consequences to the Individual or the service. For example, the provision of utility
services. An Identity Proofing Level 2 Identity check is sometimes referred to as a
“100-point check”. Source: TDIF.
Identity Proofing Level 2 Plus (IP 2 Plus) is used when a medium level of confidence
in the claimed Identity is needed. This requires two or more Identity Documents to
verify someone’s claim to an existing Identity and requires the Binding Objective to be
met. The intended use of Identity Proofing Level 2 Plus is for services where the risks
of getting Identity verification wrong will have moderate-high consequences to the
Individual or the service. For example, undertaking large financial transactions.
Source: TDIF.
Identity Proofing Level 3 (IP 3) is used when a high level of confidence in the claimed
Identity is needed. This requires two or more Identity Documents to verify someone’s
claim to an existing Identity and requires the Binding Objective to be met. The intended
use of Identity Proofing Level 3 is for services where the risks of getting Identity
verification wrong will have high consequences to the Individual or the service. For
example, access to welfare and related government services. Source: TDIF.
Identity Proofing Level 4 (IP 4) is used when a very high level of confidence in the
claimed Identity is needed. This requires four or more Identity Documents to verify
someone’s claim to an existing Identity and the Individual claiming the Identity must
OFFICIAL
Department of Finance — TDIF 01 – Glossary of Abbreviations and Terms 27
OFFICIAL
Identity Service Provider (IdP). One of the four Accredited Roles. An entity that has
been accredited in accordance with the TDIF as an identity service provider and that
provides a service that generates, manages, maintains or verifies information relating
to the identity of Individuals. Source: TDIF.
Identity system.
IdP filtering. The process by which an Identity Exchange determines the available
Identity Service Providers that can service an authentication request from a Relying
Party. Source: TDIF.
IdP Link. This is a Pairwise Identifier that links the Identity for an authenticated user at
an IdP with the Digital Identity brokered by an Identity Exchange. This identifier is
generated by the Identity Service Provider. Source: TDIF.
2
Where a requirement refers to an Identity System, the latter definition will be used.
OFFICIAL
Department of Finance — TDIF 01 – Glossary of Abbreviations and Terms 28
OFFICIAL
ID Token. A JSON Web Token that contains claims about an Authentication Event. It
may contain other claims. Used in the OIDC Federation Protocol. Source: OpenID
Connect Core 1.0
Image Quality Profile. For a facial image, the static and dynamic characteristics of
the subject and the processes used to acquire the image.
Note Examples of characteristics include the image background, resolution, size, brightness, the
subject’s pose and whether they have open eyes and/or mouth.
Implied Consent. Implied Consent arises when Consent may reasonably be inferred
in the circumstances from the conduct of the Individual and the APP entity. Source:
OAIC.
Incident Response Plan (IRP). A plan for responding to cyber security incidents.
Source: ISM.
Individual. A natural person (i.e. human). Source: Acts Interpretation Act 1901.
K, L
OFFICIAL
Department of Finance — TDIF 01 – Glossary of Abbreviations and Terms 29
OFFICIAL
Key Pair. A pair of asymmetric Cryptographic Keys (e.g. one decrypts messages
which have been encrypted using the other) consisting of a Public Key and a Private
Key. Source: TDIF.
Legitimacy Objective: This is an objective of Identity Proofing, which ensures that the
Identity has been genuinely created as well as confirming that there is continuity in an
Individual’s Identity Attributes where there have been changes. Source: Finance.
OFFICIAL
Department of Finance — TDIF 01 – Glossary of Abbreviations and Terms 30
OFFICIAL
Local Biometric Binding. Biometric Binding of an Individual performed by, and in the
physical presence of, an Assessing Officer. Source: TDIF.
Look-Up Secret. Is a physical or electronic record that stores a set of secrets shared
between the User and the Credential Service Provider. Source: NIST.
Malicious Actor. An entity that is partially or wholly responsible for an incident that
impacts – or has the potential to impact – an organisation's security. Also referred to as
an attacker. Source: ASD
Manual Face Comparison. The process of using Visual Verification to compare the
likeness of a physically present user to the User’s Claimed Photo ID. Source: TDIF.
See also: Local Biometric Binding, Remote Manual Face Comparison
MAY. Means truly optional. This requirement has no impact on an Applicant’s ability to
achieve or maintain TDIF accreditation if it is implemented or ignored. Source: TDIF.
OFFICIAL
Department of Finance — TDIF 01 – Glossary of Abbreviations and Terms 31
OFFICIAL
Memorised secret. A secret value chosen and memorised by the User, such as a
password or, if numeric, a PIN. Source: TDIF.
MUST. Means an absolute requirement of the TDIF. Failure to meet this requirement
will impact the Applicant’s ability to achieve and maintain TDIF accreditation. Source:
TDIF.
MUST NOT. Means an absolute prohibition of the TDIF. Failure to prevent this
prohibition from occurring will impact the Applicant’s ability to achieve and maintain
TDIF accreditation. Source: TDIF.
OFFICIAL
Department of Finance — TDIF 01 – Glossary of Abbreviations and Terms 32
OFFICIAL
National Relay Service. Is an Australian Government initiative that allows people who
are deaf, hard of hearing and/or have speech impairment make and receive phone
calls. Source: DITRDC
National Terrorism Threat Level. A scale of five levels that tells the public about the
likelihood of an act of terrorism occurring in Australia. The levels are ‘Not Expected’,
‘Possible’, ‘Probable’, ‘Expected’ and ‘Certain’. The National Terrorism Threat Level
also provides an indicator to government agencies enabling them to respond
appropriately with national threat preparedness and response planning. Source:
Commonwealth Department of Home Affairs.
Non-person entity. An entity with a digital identity that acts in cyberspace but is not a
human actor. This can include organisations, hardware devices, software applications
and information artifacts. Source: NIST. See also: Entity.
Officer. Has the meaning given in section 9 of the Corporations Act 2001.
OFFICIAL information. All information created, sent or received as part of the work of
the Australian Government. This information is an official record and it provides
OFFICIAL
Department of Finance — TDIF 01 – Glossary of Abbreviations and Terms 33
OFFICIAL
evidence of what an entity has done and why. OFFICIAL information can be collected,
used, stored and transmitted in many forms including electronic, physical and verbal
(e.g. conversations and presentations). The PSPF requires entities to implement
operational controls to protect information holdings in proportion to their value,
importance and sensitivity. All OFFICIAL information requires an appropriate degree of
protection as information (and assets holding information) and subject to both
intentional and accidental threats. The Australian Government Attorney General’s
Department recommends entities apply the minimum protections outlined in the PSPF
for OFFICIAL information that is not assessed as being sensitive or security classified
information. Source: PSPF.
Online Biometric Binding. Biometric Binding performed remotely via the Internet.
Source: TDIF.
Operating Rules (OR). Sets out the legal framework for the operation of an Identity
Federation, including key rights, obligations and liabilities of Participants. Source:
TDIF.
OFFICIAL
Department of Finance — TDIF 01 – Glossary of Abbreviations and Terms 34
OFFICIAL
period of time implies that the Individual’s Identity has a history and reduces the risk
that it is fraudulent. Source: Finance
Oversight Authority (OA). The entity responsible for the administration and oversight
of the Australian Government’s Identity Federation in accordance with MOUs and the
TDIF. Source: TDIF.
P, Q
Pairwise Identifier: Identifier that identifies a User at either the Identity Exchange or
Relying Party which made an authentication request that cannot be correlated with
another Participant’s Pairwise Identifier. Source: TDIF
OFFICIAL
Department of Finance — TDIF 01 – Glossary of Abbreviations and Terms 35
OFFICIAL
OFFICIAL
Department of Finance — TDIF 01 – Glossary of Abbreviations and Terms 36
OFFICIAL
Privacy Champion. Is a senior official within the agency who has the functions of:
a. Promoting a culture of privacy within the agency that values and protects
personal information.
b. Providing leadership within the agency on broader strategic privacy issues.
c. Reviewing and/or approving the agency’s Privacy Management Plan, and
documented reviews of the agency’s progress against the Privacy Management
Plan.
d. Providing regular reports to the agency’s executive, including about any privacy
issues arising from the agency’s handling of personal information.
Source: Privacy (Australian Government Agencies – Governance) APP Code 2017.
Privacy Policy. Has the meaning given by APP 1.3. Source: Privacy Act 1988.
Privacy Officer. The first point of contact for privacy matters within an agency and is
responsible for ensuring day-to-day operational privacy activities are undertaken.
Source: OAIC.
Private Key. The Private Key in an asymmetric Key Pair that must be kept secret to
ensure confidentiality, integrity, authenticity and non-repudiation. Source: TDIF. See
also: Key Pair, Public Key, Key.
Public Key. The Key in an asymmetric Key Pair which may be made public. Source:
TDIF. See also: Key Pair, Private Key, Key.
OFFICIAL
Department of Finance — TDIF 01 – Glossary of Abbreviations and Terms 37
OFFICIAL
Public Key Technology (PKT). The hardware and software used for digital
encryption, digital signing and digital verification of digital certificates. Source:
Gatekeeper PKI Framework.
Registries of Births, Deaths and Marriages (RBDM). Register a birth, apply for a
certificate, change your name or search your family history. The registration of births,
deaths and marriages, changes of name, changes of sex, adoptions and provision of
certificates is the responsibility of the state and territory governments in Australia.
Source: Australian Government.
Relying Party (RP). An entity that relies, or seeks to rely, on Attribute of an Individual
that are provided by Identity Service Providers or Attribute Service Providers to:
Source: TDIF
OFFICIAL
Department of Finance — TDIF 01 – Glossary of Abbreviations and Terms 38
OFFICIAL
Requirements Traceability Matrix (RTM). A written record of the links between the
TDIF requirements and evidence provided by the Applicant to verify and validate those
requirements. Source: TDIF
Restricted Attributes. Attributes that are collected by an Identity Service Provider but
cannot be shared unless permission is sought from Finance to do so. Source: TDIF.
Restricted Credentials. A credential that the CSP identifies as having additional risk
of false acceptance associated with its use and is therefore subject to additional
requirements. Source: NIST.
Risk management framework. A set of components that provide the foundations and
organisational arrangements for designing, implementing, monitoring, reviewing and
continually improving risk management throughout the organisation. Source:
ISO 31000:2018.
Risk tolerance. The levels of risk taking that are acceptable in order to achieve a
specific objective or manage a category of risk. Source: ISO 31000:2018.
Road Traffic and Transport Authorities (RTA). State and territory governments have
responsibility for roads and road transport within their jurisdiction. Their websites may
include information about traffic and road conditions, road construction, road rules, and
road safety, as well as vehicle registration and licensing. Source: Australian
Government.
Root Certification Authority (Root CA). A Certification Authority that is the top most
Certification Authority in a trust hierarchy. Source: TDIF
RP Link. This is a Pairwise Identifier that links the Digital Identity brokered by an
Identity Exchange to the service record at a Relying Party. The Identity Exchange
generates this identifier. Source: TDIF.
OFFICIAL
Department of Finance — TDIF 01 – Glossary of Abbreviations and Terms 39
OFFICIAL
Serious and complex fraud. Fraud which, due to its size or nature, is considered too
complex for most entities to investigate. Source: CFCF.
Shared Secret. A secret used in authentication that is known to the User and the CSP.
Source: TDIF.
OFFICIAL
Department of Finance — TDIF 01 – Glossary of Abbreviations and Terms 40
OFFICIAL
generators installed on devices such as mobile phones. The OTP is displayed on the
device and input or transmitted by a person. Source: TDIF.
Single Logout. Single Logout (SLO) refers to the ability for a user to initiate a logout
process for all Relying Parties that relied on a single logon session for the User at an
Identity Exchange. Source: TDIF.
Single Sign-on. Single Sign-on (SSO) refers to the ability for a User to make use of
their Digital Identity at multiple services in a short period of time, with only a single
User Authentication. Source: TDIF.
Source Verification. The act of verifying physical or electronic EoI directly with the
Identity Document Issuer (or Authoritative Source for such document e.g. via an
Identity Matching Service). Source: TDIF. See also: Biometric Matching
System Metadata. Data relating to a User and their interaction with an identity system
that is generated by an identity system. Metadata does not include personal
information. Source: TDIF.
OFFICIAL
Department of Finance — TDIF 01 – Glossary of Abbreviations and Terms 41
OFFICIAL
System Security Plan (SSP). A document that describes a system and its associated
security controls. Source: ISM.
OFFICIAL
Department of Finance — TDIF 01 – Glossary of Abbreviations and Terms 42
OFFICIAL
TDIF 06B - OpenID Connect 1.0 Profile. Describes how OpenID Connect 1.0 is used
within the Australian Government’s identity federation. Source: TDIF.
TDIF 06C - SAML 2.0 Profile. Describes how SAML2.0 is used within the Australian
Government’s identity federation. Source: TDIF.
TDIF 06D – Attribute Profile. Describes the Attributes disclosed across the Australian
Government’s identity federation and how these are mapped in the OpenID Connect
1.0 Profile and SAML 2.0 Profile. Source: TDIF.
TDIF Reaccreditation. When an Entity that has already undergone Accreditation goes
through Accreditation again. Source: TDIF.
Technical Biometric Matching. The use of an algorithm to determine that the User’s
Acquired Image biometrically matches a corresponding image read from a Photo ID
OFFICIAL
Department of Finance — TDIF 01 – Glossary of Abbreviations and Terms 43
OFFICIAL
which has been verified using Technical Verification. Source: TDIF. See also:
Technical Verification
Technical testing. A way of testing an Identity System through executing the user
flows, user interactions and component interactions to ensure that the system has all
the required functionality specified in the TDIF. Source: TDIF.
Technical Test Report. A report that demonstrates testing has been executed in
accordance with the approved test plan. It outlines the status of all test cases
(including the execution coverage and defects), test completion criteria (for criteria that
has been met) and a risk assessment against criteria that have not been met. Source:
TDIF.
Trust Framework. A term used to define the scope and purpose of the Identity
System. It determines what roles are to be included and what duties are assigned to
those roles, sets the eligibility requirements for entities seeking to fulfil those roles and
establishes the rules and regulations for processing of Identity information within the
context of the Identity System. Source: OIX.
Trusted Digital Identity Framework (TDIF). The Trusted Digital Identity Framework
(TDIF) is an accreditation framework for Digital Identity services. It sets out the
requirements that Applicants need to meet to achieve accreditation including (but not
limited to) privacy, fraud and security control, accessibility and usability, system
testing, risk management, Identity Proofing and Credential management. The TDIF
also includes guidance material and templates to support Applicants to meet TDIF
requirements. Source: TDIF.
OFFICIAL
Department of Finance — TDIF 01 – Glossary of Abbreviations and Terms 44
OFFICIAL
legislation. Trusted referees may also include guardians or other people nominated to
act on a person’s behalf, whose identities have been verified. Source: NIPG.
Unique in context. The ability to distinguish Digital Identities from one another and
that the right service is delivered to the right Person. Source: TDIF.
Usability Test Plan. A Plan that outlines how usability testing will be conducted.
Source: TDIF.
User Agent String. Identifies the browser and operating system of an attempted
system request. Source: TDIF
User Dashboard. A collective term for the feature that an Identity Exchange provides
for a User to view their consumer history and manage their interactions with Relying
Parties. Source: TDIF
OFFICIAL
Department of Finance — TDIF 01 – Glossary of Abbreviations and Terms 45
OFFICIAL
V, W, X, Y, Z
Validation (in an Identity Proofing context). A check that an Attribute exists and is
under the control of a known Individual. Source: TDIF.
Note For example an SMS activation code being sent to a mobile phone number to confirm
control of the associated phone number.
OFFICIAL
Department of Finance — TDIF 01 – Glossary of Abbreviations and Terms 46