Monthly Archives: February 2019

Canada’s Digital Identity Ecosystem

In today’s digital-centered world, Canadians have expectations regarding convenience, data privacy and security. How do businesses and governments deliver on those expectations?

It is imperative to have a vehicle for enabling and growing Canada’s digital economy, one that is open and client-focused, and facilitates more integrated and client-centric services. One that is an interoperable network, in which digital identity information can be asked for and subsequently verified across all industries and all levels of government in the country.

DIACC’s latest publication, Canada’s Digital Identity Ecosystem, stresses the value in building such a system. By unlocking digital identity capabilities from both the public and private sectors, this ecosystem benefits people, businesses and governments across the country. For instance,

  • Businesses can leverage the ecosystem to mitigate risks for fraud and accelerate the adoption of electronic business processes.
  • The ecosystem can help governments to enable real-time service delivery, and reduce fraud risk for services that are considered high-risk.
  • For consumers, it will provide a more convenient user experience, as access should reduce the number of username-password credentials, using a “tell us once” approach to data collection.

“All participants – from individuals to organizations across various industries – are authorized as trusted stewards for Canadian identity information,” said DIACC President Joni Brennan. “By adhering to a common framework, stakeholders share only the essential identity information, and nothing more.

Ken McMillan, Acting Director, Digital Identity at Treasury Board of Canada Secretariat, noted that each province and territory has a different schema, and one definition hasn’t yet been agreed upon.

“The ecosystem approach says that you need a common set of definitions, and we don’t apply definitions uniformly across the country.” he said. “It forces us to have the conversation about a common definition of terms.”

“Most importantly, this ecosystem provides Canadians with choice and control,” Allan Foster, VP Global Partner Success at ForgeRock and member of DIACC’s Board Of Directors, pointed out. “Users are able to offer their consent on what information is shared and are notified of access to their personal information, such as a police background check,” he said.

Other countries have made their own cases for establishing such ecosystems. DIACC posits that having a Digital Identity Ecosystem built in Canada, for Canadians, will set our country up for success in the modern global digital economy.

Request for Review and Comment: PCTF Model Overview Discussion Draft V0.02 Review

STATUS: This review is now closed. Thank you for your participation!

Invitation:

DIACC is pleased to provide the Pan-Canadian Trust Framework (PCTF) Model Overview Discussion Draft. DIACC invites all interested parties to comment including identity issuers, identity consumers, developers, and potential users.

Veuillez trouver la traduction française ci-dessous…

Context:

The purpose of the open commentary is to ensure transparency in development and diversity of truly Pan-Canadian, and international, input. This discussion draft has been developed by the DIACC Trust Framework Expert Committee (TFEC) that operates under the DIACC controlling policies and benefits from broad and diverse public and private sector stakeholder representation. In alignment with our Principles for an Identity Ecosystem, processes to respect and enhance privacy are being prioritized through every step of the PCTF development process.

DIACC expects to modify and improve this discussion draft based on public comments. Comments made during the review will be considered for incorporation to the next draft and DIACC will prepare a disposition of comments to provide transparency with regard to how each comment was handled. This draft will be translated to French when it becomes more stable.

To learn more about the broad Pan-Canadian Trust Framework vision and benefits-for-all value proposition please review the Pan-Canadian Trust Framework Overview | Aperçu du cadre de confiance pancanadien.

PCTF Model Overview Summary:

The purpose of this document is to provide a high-level overview of the Pan-Canadian Trust Framework (PCTF). The document includes a recap of contextual information, PCTF goals and objectives, and an outline of the functional areas with which the PCTF is primarily concerned. This outline provides readers a general sense of the information with which the PCTF is concerned and the various processes involved in creating, managing, and using that information. Individual PCTF component documents provide detailed descriptions of every function and process that are part of the digital identity domain.

Documents:

Period:

  • Opens: February 13, 2019 at 23:59 PST
  • Closes: March 15, 2019 at 23:59 PST

Process:

  • All comments submitted are subject to the DIACC Contributor Agreement
  • Log comments in the provided DIACC Comment Submission Form Spreadsheet
  • Be sure to reference the corresponding line number found in the PCTF Model Overview Discussion Draft for each comment submitted
  • Email completed DIACC Comment Submission Form Spreadsheets to review@diacc.ca
  • Questions may be sent to review@diacc.ca

Demande de révision et de commentaire: Model aperçu du cadre de confiance pancanadien

Invitation

Le DIACC a le plaisir de vous soumettre le document de travail sur l’aperçu du modèle de cadre de confiance pancanadien (CCP) et invite toutes les parties intéressées – émetteurs et consommateurs d’identité, développeurs et utilisateurs potentiels – à le commenter.

Contexte

Les commentaires ouverts ont pour but d’assurer une transparence dans l’élaboration et la diversité d’une contribution véritablement pancanadienne et internationale. Ce document de travail a été préparé par le Comité d’experts du cadre de confiance du DIACC, qui est régi par les politiques de contrôle du DIACC. Conformément à nos principes pour un écosystème de l’identité, la priorité est accordée aux processus à respecter et à une confidentialité accrue à chacune des étapes du développement du CCP. 

Le DIACC s’attend à modifier et à améliorer ce document de travail en fonction des observations du public. Les commentaires effectués pendant l’examen seront pris en compte en vue d’être incorporés dans la prochaine ébauche, et le DIACC va préparer un recueil de commentaires afin d’indiquer de façon transparente la façon dont chaque commentaire a été traité. Cette ébauche sera traduite en français une fois qu’elle sera plus définitive. 

Pour en savoir davantage sur la vision du cadre de confiance pancanadien et la proposition de valeur dans l’intérêt général, nous vous invitons à prendre connaissance de l’Aperçu du cadre de confiance pancanadien | Pan-Canadian Trust Framework Overview.

Résumé de l’aperçu du modèle de CCP

Ce document a pour but de fournir un aperçu général du cadre de confiance pancanadien (CCP). Il comprend une récapitulation des renseignements contextuels, et des buts et objectifs du CCP, ainsi qu’une présentation des domaines fonctionnels qui interpellent surtout le CCP. Cet aperçu donne aux lecteurs une idée générale des renseignements auxquels le CCP s’intéresse, et des divers processus intervenant dans la création, la gestion et l’utilisation de ces renseignements. Les différents documents qui composent le CCP fournissent des descriptions détaillées de chaque fonction et processus faisant partie du domaine de l’identité numérique.

Documents

Période

  • Début : 13 février 2019 à 23 h 59 heure du Pacifique
  • Fin : 15 mars 2019 à 23 h 59 heure du Pacifique

Processus

  • Tous les commentaires soumis sont assujettis à l’Accord de contribution avec le DIACC.
  • Les commentaires doivent être entrés dans le formulaire de soumission (fichier Excel) destiné au DIACC.
  • Assurez-vous d’utiliser le numéro de ligne correspondant que vous trouverez dans le document de travail sur le modèle de CCP pour chaque commentaire soumis.
  • Le formulaire de soumission des commentaires doit être envoyé par courriel, dûment rempli, au DIACC à review@diacc.ca.
  • Les questions peuvent être adressées à review@diacc.ca.

Exploration of Remote Identity Proofing Alternatives to Knowledge Based Verification

A recently published white paper developed by DIACC members Digidentity and ID Crowd explores remote identity proofing alternatives to knowledge-based verification. The paper proposes that digital identity has the potential to mitigate risks associated with fraud. Greater customer reach, better compliance, and secure and streamlined onboarding processes are among the benefits digital identity can provide.  

Read the full white paper, “Exploration of Remote Identity Proofing Alternatives to Knowledge Based Verification.”

“The US and Canadian identity ecosystems will benefit from this research as it demonstrates that robust alternative methods of remote verification are theoretically possible, both technical as well as commercial,” said Marcel Wendt, CTO and Founder of Digidentity.

Knowledge-based verification refers to a security method in which a user is asked to answer at least one “secret” question. The challenge with this approach, the authors purport, is that it is largely based upon the foundation of “what the user knows,” and relies on the integrity and secrecy of the underlying information that is being verified.

Given that 2017 and 2018 were years in which online data breaches became part of the public consciousness, concerns surrounding data privacy and protection are mounting.

“Data breaches are becoming more frequent; these breaches undermine the integrity of confirming the identity of an individual using knowledge based verification” said Dick Dekkers, Director Business Development at Digidentity.

“The inability to trust these traditional data set to identify, verify and authenticate individuals and assets, undermines the development undermines the development of identity ecosystems in North America.”

Posing the question – “is the entity asserting the evidence the true owner of the asserted identity?”- the research studied five alternatives to traditional knowledge-based verification.

  • The comparison between a machine readable travel document and a “selfie” of the user asserting their identity
  • A government issued driver’s license as identity evidence
  • Comparing a user’s asserted identity with that of their mobile phone contract
  • Verifying the ownership of a financial account under the control of the user
  • Verification using credit card transaction data

“The NIST 800-63A identity standards enabled us to grade each method and the evidence in terms of their issuance, validation and security features” noted David Black, Director at ID Crowd.

All methods, the study determined, are credible identity verification alternatives to the traditional knowledge-based verification approach.

“The five methods selected are not as vulnerable to breaches as traditional methods such as the credit file as they rely on a spread of features including strong issuance processes, biometric comparisons and cryptographic protective measures,” said Gillan Ward, Director, ID Crowd.

About the Paper

The Information in this report is based on research funded by the U.S. Department of Homeland Security Science & Technology Directorate (DHS S&T). Any opinions contained herein are those of the performer and do not necessarily reflect those of DHS S&T.

This content of this white paper is developed under the governance of the DIACC International Applied Research program. The International Applied Research program connects innovators that align with the DIACC Digital Identity Ecosystem Principles with international applied research funding opportunities. The content of the paper was submitted by Digidentity and ID Crowd and does not necessarily reflect those of the DIACC membership.