Mobile: +61 (0) 414 488 851
Email: swilson@lockstep.com.au

Digital Identity

Lockstep's founder and Principal Stephen Wilson is a pioneer in digital identity. Lockstep Consulting provides cut-through strategy advice in all aspects of identity management.

Steve is a leading authority on digital identity and online authentication. For the past 20 years he has helped organisations in government, healthcare and banking throughout the Asia Pacific establish effective authentication systems, providing the highest calibre advice on strategy, architecture, policy, privacy, technology selection and governance. He has been a key player in Australia’s emerging national authentication frameworks, including the Gatekeeper PKI, the National Smartcard Framework, the National Electronic Authentication Council and the Law Reform Commission's Emerging Technology Advisory Committee. Steve has published and spoken widely on all issues to do with digital identity.

Steve is a one of kind deep thinker about complex technology and business problems and an innovative solution creator.
Mark Bower, Vice President Product Development, Voltage Security.

Stephen is a true thought-leader in Information Security, combining deep understanding of the technology with a balanced and pragmatic view of what will work commercially and in terms of user acceptance, based on many years of industry experience.
Ian Christofis, Principal Consultant, Verizon Business.


In the late 1990s, after working on several pioneering PKI projects, Steve realised that online authentication was really more about credentials and relationships than identity per se; see for example his presentation to the Information Outlook '98 Conference in Canberra. From that time onwards he has pioneered digital credential governance and technologies, to improve the security of online transactions, the autonomy of businesses and the privacy of users. In 2003 he published a detailed healthcare credentialing system for the American Bar Association. Over 2004 and 2005 he was retained by the Australian Government Information Management Office (AGIMO) to reform the federal Gatekeeper PKI framework. There he introduced Relationship Certificates, and subsequently piloted them with Medicare Australia. He worked out the fundamental liability arrangements for healthcare professional digital credentials with Medicare’s legal counsel, and drafted Medicare’s Relationship Certificate Policies which remain in use today.

Over 2005 to 2007 Steve was retained by several leading federated identity programs. He developed the SAML architecture for the Internet Industry Association’s proposed industry based authentication hub; he researched the digital identity marketplace and drafted the smartcard marketing strategy for the Trust Centre inter-bank federation; and he was the authentication subject matter expert on a business case review of the Commonwealth’s VANguard credential management infrastructure. Internationally, Steve has provided formative strategic advice on authentication to the governments of Hong Kong, New Zealand, Malaysia, Indonesia, Singapore, Kazakhstan and Macau, and to the eASEAN secretariat. For many years he sat on the APEC eAuthentation Task Group, and was a major contributor to APEC's Electronic Authentication: Issues Relating to Its Selection and Use (2003). He was a ministerial appointment to Australia’s National Electronic Authentication Council (NEAC), he represented OASIS at the Asia PKI Forum, and he chaired the international OASIS PKI Adoption Technical Committee.

Steve has drawn together a decade and half’s experience to publish a definitive new ecological theory of federated identity – including one of the world’s few critical post mortems of CardSpace – which he presented at the AusCERT 2011 information security conference. Through 2013 he presented his ecological analysis to MIT's "iauth" legal hackathon, and the Cloud Identity Summit. In 2016 he commenced a PhD within the Australian Defence Force Academy to test and refine this theory.

Steve is currently active in several private and public sector identity projects. He also conducts independent R&D within Lockstep Technologies on Privacy Enhancing Technologies, and has been awarded several patents. He makes regular public contributions to Australia’s emerging National Trusted Identity Framework (NTIF) and the US National Strategy for Trusted Identities in Cyberspace (NSTIC).

In 2015 and 2016, Steve was a judge in the Identity category of the Mobile World Congress "Glomo Awards" for mobile technology innovation.

In December 2016, Innovate Identity named Steve in the top 10 of The Most Influential Thought Leaders in Digital Identity. In January 2017, One World Identity named Steve as one of the Top 100 Leaders in Identity.


Lockstep's digital identity clients include:

  • The Digital Transformation Agency of Australia, key adviser on Trust Digital Identity Framework
  • Biometrics Institute international privacy trust mark feasibility study, implementation plan and technical criteria
  • Australia Post when it undertook R&D in new Internet based digital communications offerings; Lockstep developed the trust & privacy strategy and privacy engineering manifesto
  • South Australia Health analysing its enterprise-wide PKI requirements and strategy
  • Westpac's inter-bank Trust Centre where we provided market analysis for digital identity services and a smartcard product strategy
  • Australian Government Management Information Office (AGIMO), where we have helped with a range of topics including national authentication frameworks, smartcards and PKI; we were responsible for a major strategy review of Project Gatekeeper and we developed the Relationship Certificate framework
  • National eHealth Transition Authority (NEHTA), where we developed the business case for the national authentication service for health (NASH)
  • Internet Industry Association, for which we developed the architecture and high level business case for a private sector two factor authentication hub
  • the Singapore National Authentication Framework, and
  • eASEAN in their harmonisation of cross-border authentication laws and regulations.

A capability statement and client list is available below.