Recommendation 20.1.1 Standards to comply with if requesting user authentication

New standards released

The New Zealand Web Standards 2.0 were released in March 2009 and replace the previous version, the New Zealand Government Web Standards 1.0 (below). See Meeting the standards for more information.

The Recommendation

Recommendation 20.1.1 Standards to comply with if requesting user authentication. It is strongly recommended that you comply with the relevant standards, for all instances of requests for users to authenticate themselves in a web site that are not utilising either the Government Logon Service (GLS) and/or the Identity Verification Service (IVS).

Refer to e-Government Standards for authentication.

Guide to this recommendation

This recommendation is only where either the Government Logon Service (GLS) and/or the Identity Verification Service (IVS) are not being used for authentication purposes. Any instances where one or both of these services are utilised for authentication, the agency must comply with the standards of these services as mandated in standard 20.1 - Requesting users to authenticate themselves.

Rationale for this recommendation

When two-way transactions are taking place on NZ government agency web sites, agencies need to be confident of the identity of those with whom they are transacting, and the users of these services need to be confident that any pseudonymous details they submit about themselves are secure.

The NZ government recognises the importance and significance of identity and security, and does not wish to compromise in this area.