Preliminary Security Specification for New Zealand's igovt System

The New Zealand government has proposed an identity management system, to provide an effective and convenient alternative for citizens to access online government information and services. The proposed system is branded as “igovt”, which offers two types of authentication services. The first service provides people and businesses with logon identities. The second service provides semi-anonymised identities to government agencies. Each semi-anonymised identity carries a strictly limited amount of information about a logon identity along with an assurance that it corresponds to a living New Zealand citizen or a registered business entity. The New Zealand government has carefully designed the system with clearlyarticulated policy principles. It has also conducted several privacy impact assessments and public consultations. However, the New Zealand government has not published any security analyses for igovt, and we are not aware of any unpublished ones. In this paper, we propose a lightweight methodology for the elicitation of security requirements of a complex but incompletely unimplemented system, such as igovt. We illustrate the use of our methodology by developing preliminary security specifications for a portion of the igovt system.