Identity Exchange Provider (IXP) consent [draft]

Disclaimer: This page contains draft content intended for internal agency use. It is not intended for public distribution or reference. The information may be incomplete, subject to change, and should not be considered final or formally endorsed.

This guidance provide examples for how to implement express consent Identity Exchange Providers (IXPs) in the Australian Government Digital ID System (AGDIS).

‣

On this page

Overview

Identity Exchange Providers (IXPs) are required to obtain consent from individuals before redirecting them to the client that initiated the authentication request. This guidance is intended for accredited IXPs participating in the AGDIS.

When asking an individual to give consent, an IXP must:

ensure that the process for an individual to provide express consent, or to withdraw or vary that consent, is described in clear, simple and accessible terms; and
meet other requirements within the the Digital ID rules and standards

This section provides examples illustrating how the IXP express consent requirements may be implemented. It also includes design patterns based on best practices and user research which are are not mandatory requirements.

For additional information on consent related obligations, please refer to Digital ID Rules 2024, Digital ID (Accreditation) Rules 2024, Digital ID (AGDIS) Data Standards 2024, Digital ID (Accreditation) Data Standards 2024 and OAIC’s guidance on Express consent in Australia’s Digital ID System.

This diagram illustrates where IXP consent fits within the end-to-end AGDIS digital ID experience. For simplicity, ISP and ASP consents are omitted from the diagram as they may not always be required.

Wireframes and guidance

Note: The wireframes shown are examples of how to implement key rules, standards, and guidance. Use the on-screen functions to adjust zoom level or expand the wireframes to be viewed at full screen.

Default example

The following wireframes show a basic example of IXP express consent.

‣

See key requirements and guidance

‣

See prototype [TBC]

Consent for updated attributes

When attributes are updated, an IXP must request express consent for those attributes, even if there is an existing remembered consent.

The following wireframes shows an example of remembered IXP express consent, where attributes have been updated.

‣

See wireframes, key requirements and guidance

Download open source asset

Open sources design assets are created in Figma for the purposes of assisting implementation. This Figma file contains annotated wireframes and working prototypes for Identity Exchange Provider (IXP) consent, including:

Default example
Consent for updated attributes

Download design asset [update filter options]

For past versions, refer to .

‣

About open source assets

About this page

References

The artefacts on this page were informed by the following sources. [update filter options]

Last updated

This page was updated @March 26, 2025

Note: This document provides general guidance only. It does not constitute legal or other professional advice and should not be relied on as a statement of the law. As this is only a guide, it may contain generalisations. We encourage participants to obtain their own professional advice to ensure they understand their obligations under the Digital ID framework.

Have your say

Community consultations and maintenance are part of our ongoing process. Here’s how you can get involved:

Request new guidance or changes to existing guidance through the UX guidance Consultation process
Request new Standards or changes to existing Standards through the Standards Maintenance process
Log a ticket for any questions about the rules, standards, or guidelines through the Digital ID Support Portal
Email your feedback to cx@dsb.gov.au