Digital ID card authentication

What is the Digital ID Card for?

Simple online identify authentication to ensure data security at RMIT

RMIT provides some services to staff and students through third-party providers, e.g. email is provided through Google, Library Search is provided through ExLibris, and there are several cloud research initiatives such as NeCTAR.

In order to protect your personal information and to make sure that you can have a single RMIT login to access these services, RMIT runs an authentication server which enables these third-party service providers to let you log in using your RMIT credentials - without those third-party providers ever getting access to those credentials.

The ‘Digital ID Card’ is the information that this authentication server provides to the service provider, that it needs in order to provide that service.

How is the Digital ID Card used?

Easy and secure access to systems, including those provided by contracted services providers

The information is only used in order to provide the service that the third party has been paid to provide. In most cases, this will be to identify a user profile in the service provider's system and to send you email in response to events that take place within that system.

In all cases, the third party service providers are required to adhere to RMIT's policies about protection of data and personal information.

RMIT uses the services of the Australian Access Federation (AAF) to manage this process. The AAF provides a framework and support infrastructure to facilitate trusted electronic communications and collaboration for universities and research institutions in Australia: http://aaf.edu.au/about/

What information is being released?

In most cases, the only things being released are your username, your name and your RMIT email address.

In some cases (for example, the Library's Document Delivery System) we send more information, such as which RMIT Library should receive documents delivered and whether you are staff or student as this information is used by the service provider to determine what level of service you are entitled to.

The first time you access one of these third party services, the authentication server will show you exactly what data it's sending. If at any time we need to send more information to that service provider, we will show you the new set of data that we are sending.

The Digital ID Card process does not include disclosure by RMIT of personal information such as home address, salary or bank details.

For more information about how personal, sensitive and health information is handled at RMIT please refer to the RMIT privacy and data protection policy, the staff privacy statement and the student privacy statement.