Logo
  • Overview
  • Consent
  • Authenticate
  • Authorise
  • Consent Management
  • Notifications
Consumer Experience (CX) Guidelines
/
Overview
/
CX Checklist
/
CX Guidelines
/
01. User identifier

01. User identifier

Checklist ref

2AU.01.21

Area
2AU. Redirect to Web with OTP
Wireframe ref

21

Type
CX Guideline
Requirement level
MAY
Participant
Data Holder
Statement

User identifiers need to be unique to each single eligible CDR consumer. Data holders should aim to do this by using identifiers unique to each customer (e.g. Customer IDs for the banking sector) and/or verifying the consumer has primary access to their device/service (e.g. mobile number or email address). User identifiers need to be registered and verified external to the CDR authentication flow. If the consumer changes their primary access identifier (e.g. email address), data holders need to verify that the consumer is the intended user of that identifier before changing it (e.g. verifying email with an activation link). Data holders considering suitable user identifiers should exclude any identity attributes that are shared across two or more people or cannot be registered as a verified claim for only one person.

Reference

Security Profile: Authentication Flows | Convention CDS-DC-0016

Example

Authenticate: Redirect with One Time Password

Version introduced
1.16.0
Date introduced

25 February 2022

Date modified

*

Status
Active
Data Standards Body | CX Guidelines

CX Guidelines

Overview

Consent

Authenticate

Authorise

Consent Management

Notifications

Keep in touch

DSB Newsletter

Website use

Accessibility Statement

Copyright

Privacy

Disclaimer

In the spirit of reconciliation, the Data Standards Body acknowledges the Traditional Custodians of country throughout Australia and their connections to land, sea and community. We pay our respect to their Elders past and present and extend that respect to all Aboriginal and Torres Strait Islander peoples.