While a centralized all-of-government authentication mechanism is currently under test, the standards document acknowledges that some agencies may wish to go their own way on authentication.

Standards will ensure that whoever implements the authentication, it will provide customer and agency with protection against fraud and deception that is consistent and appropriate to the risk of the transaction being conducted. It should encourage a "more consistent [user] experience" from one agency to another, as well as improving familiarity and confidence in government standards.

The standards are intended chiefly for use in an online environment, but procedures for initially establishing a client's identity -- the Evidence of Identity Standard -- "applies to all services, regardless of the data channel", says the document.

After a client's identity has been satisfactorily established they will be given an authentication token of some kind, typically a user-name and password, to be used on future occasions when dealing with the agency.

Different scales of authentication apply to different transactions. Some, such as requests for generic information like a brochure, will require no authentication at all.