Daily Archives: May 15, 2019

Request for Review and Comment: PCTF Verified Login Component Overview V0.06 and Verified Login Conformance Profile V0.03 Discussion Drafts

Le français suit

STATUS: This review is now closed. Thank you for your participation!

Notice of Intent: DIACC is collaborating to develop and publish a Verified Login industry standard as a Component of the Pan-Canadian Trust Framework to set a baseline of standards and practices that guide public and private sector interoperability of identity services and solutions.

Veuillez trouver la traduction française ci-dessous…

Summary:

The Verified Login Component defines a set of processes used to enable access to digital systems and a set of conformance criteria for each process. These processes include binding a credential to a subject, binding authenticators to a credential, as well as lifecycle management functions that include updates, suspension, recovery, and revocation, and session management. For the purposes of Verified Login, a subject may be a person, organization, application, or device.

The objective of the Verified Login Component is to ensure the ongoing integrity of the login processes by applying standardized conformance criteria for assessment and certification. Verified Login is a set of processes that are intended to help establish confidence and trust in the use of a trusted digital identity. A certified process is a Trusted Process that can be relied on by other participants of the Pan-Canadian Trust Framework.

Invitation:

  • All interested parties are invited to comment including identity issuers, identity consumers, developers, and potential users.
  • The Discussion Drafts have been developed by the DIACC Trust Framework Expert Committee (TFEC) that operates under the DIACC controlling policies.

Documents:

Period:

Opens: May 15, 2019 at 23:59 PST | Closes: June 17, 2019 at 23:59 PST

Process:

  • All comments are subject to the DIACC contributor agreement;
  • Submit comments using the provided DIACC Comment Submission Spreadsheet;
  • Reference the draft and corresponding line number for each comment submitted;
  • Email completed DIACC Comment Submission Spreadsheet to review@diacc.ca;
  • Questions may be sent to review@diacc.ca.

Value to Canadians:

The Verified Login Component will provide value to all Canadians, businesses, and governments by setting a baseline standard to guide public and private sector interoperability of identity solutions and services. The DIACC’s mandate is to collaboratively develop and deliver resources to help Canadian’s to digitally transact with security, privacy and convenience. The Pan-Canadian Trust Framework is one such resource. The Pan-Canadian Trust Framework represents a collection of industry standards, best practices, and other resources that help to establish interoperability of an ecosystem of identity services and solutions. The DIACC is a not-for-profit coalition of members from the public and private sector who are making a significant and sustained investment in accelerating the establishment of Canada’s Identity Ecosystem.

Context:

The purpose of the Discussion Draft review is to ensure transparency in the development and diversity of a truly Pan-Canadian, and international, input. In alignment with our Principles for an Identity Ecosystem, processes to respect and enhance privacy are being prioritized through every step of the PCTF development process.

DIACC expects to modify and improve these Discussion Drafts based upon public comments. Comments made during the review will be considered for incorporation to the next drafts and DIACC will prepare a Disposition of Comments to provide transparency with regard to how each comment was handled.

Demande de révision et commentaires: Aperçu de la composante de connexion vérifiée V0.06 et profil de conformité de la connexion vérifiée 0.03 – ébauches de Discussion

Déclaration d’intention: Le DIACC collabore pour développer et publier une norme de l’industrie pour la connexion vérifiée en tant que composante du cadre de confiance pancanadien, afin de définir une base de normes et pratiques guidant l’interopérabilité des services et solutions d’identité dans les secteurs public et privé. 

Sommaire:

La composante de connexion vérifiée définit un ensemble de processus utilisés pour permettre l’accès aux systèmes digitaux et un ensemble de critères de conformité pour chaque processus. Ces processus consistent notamment à relier un identifiant à un sujet et des authentifiants à un identifiant, et incluent aussi des fonctions de gestion du cycle de vie, entre autres les mises à jour, la suspension, la récupération, la révocation et la gestion des sessions. Pour les besoins de la connexion vérifiée, un sujet peut être une personne, une organisation, une application ou un appareil.

L’objectif de la composante de connexion vérifiée est d’assurer l’intégrité continue des processus de connexion en appliquant des critères de conformité uniformisés pour l’évaluation et la certification. La connexion vérifiée est un ensemble de processus destinés à donner confiance dans l’utilisation d’une identité numérique. Un processus certifié est un processus de confiance auquel les autres participants du cadre de confiance pancanadien peuvent se fier. 

Invitation:

  • Toutes les parties intéressées, notamment les émetteurs d’identité, les consommateurs d’identité, les développeurs et les utilisateurs potentiels, sont invitées à faire des commentaires.
  • Les ébauches de discussion ont été développées par le comité d’experts du cadre de confiance du DIACC, qui est régi par les politiques de contrôle DIACC.

Documents:

Période:

Début : 15 mai, 2019 à 23 h 59 HNP | Fin : 17 juin 2019 à 23 h 59 HNP

Processus:

  • Tous les commentaires sont assujettis à l’entente de contribution DIACC;
  • Utilisez le formulaire fourni par le DIACC pour soumettre vos commentaires;
  • Faites référence à l’ébauche ainsi qu’au numéro de ligne correspondant pour chaque commentaire soumis;
  • Envoyez le formulaire de soumission de commentaires du DIACC dûment rempli à review@diacc.ca;
  • Pour toute question, veuillez écrire à review@diacc.ca.

Valeur pour les Canadiens:

La composante de connexion vérifiée apportera de la valeur aux Canadiens, aux entreprises et aux gouvernements en établissant une norme de base pour guider l’intéropérabilité des solutions et services d’identité dans les secteurs public et privé. Le DIACC a pour mandat de développer ainsi que fournir, en collaborant avec d’autres, des ressources visant à aider les Canadiens à effectuer des transactions numériques avec sécurité, confidentialité et commodité. Le cadre de confiance pancanadien, qui est une de ces ressources, présente un ensemble de normes de l’industrie, pratiques exemplaires et autres ressources qui favorisent l’interopérabilité au sein d’un écosystème de services et de solutions d’identité. Le DIACC est une coalition à but non lucratif de membres des secteurs public et privé qui font un investissement considérable et soutenu afin d’accélérer la mise en place de l’écosystème de l’identité du Canada.

Contexte:

L’objectif de l’ébauche de discussion est d’assurer la transparence dans l’élaboration et la diversité d’une contribution véritablement pancanadienne et internationale. Conformément à nos principes sur lesquels se fonde un écosystème de l’identité, les processus visant à respecter et à renforcer la protection de la vie privée sont priorisés à chaque étape du processus de développement du cadre de confiance pancanadien.

Le DIACC prévoit modifier et améliorer cette ébauche de discussion en fonction des commentaires venant du public. Les commentaires apportés lors de l’examen seront pris en compte en vue d’être intégrés dans les prochaines ébauches et le DIACC va préparer un recueil de commentaires afin de montrer d’une façon transparente comment chaque commentaire a été traité.

Letters from the President: A Collaborative Road less Travelled – Delivering a PCTF that Works for Canada and Around the World

DIACC’s approach

In Canada, DIACC is the singular organization focused on accelerating the establishment of a Canadian Identity Ecosystem – the singular organization where Canada’s identity experts and practitioners connect to share the deep knowledge needed to deliver a framework that will support our vision of an identity ecosystem where every Canadian has access to the societal and economic opportunities that digital identity can enable.

DIACC is unique among its global peers because our focus is on:

  1. enabling identity that works for both the public and private sectors;
  2. prioritizing privacy, security, and user-centred design;
  3. and enabling economic growth.

Meeting the needs and priorities of members across Canada and around the world is not a simple task. And, while our technology and virtual tools help us to connect Pan-Canadian interests, in-person meeting opportunities always help us to move our shared vision forward. In this context, the DIACC Board of Directors (comprised of public and private sector leaders) and the Trust Framework Expert Committee (TFEC) recently held a co-located in-person meeting in Ottawa.

At this meeting, the primary focus of the Board of Directors was a strong reaffirmation that every Director is committed to one approach for interoperability of identity across Canada. That one approach will provide and prioritize security, privacy and convenience of use. That one approach will prioritize privacy, security, and user-centred design to ensure that Canadians have choice, control, and consent by design, in terms of which systems they participate in, and in terms of how they participate.  That one approach will also recognize that various sources of data verification will be interoperable and available for Canadians to use to perform transactions. In that one approach, service providers will determine their verification needs and Canadians will choose which sources they wish to leverage to provide verification of only the minimized information needed to perform a specific transaction.

Pan-Canadian Trust Framework (PCTF) Development and Operationalization Principles


Through DIACC, Canada’s public and private sectors work as one team, with one vision to define the strategic and the operational way forward including – the industry standards, best practices, and tools needed to ensure systems and solutions align with Canadian principles and with international standards. Our diverse stakeholder collaborative approach ensures that PCTF development considers broad Canadian and international feedback and recognizes areas that may require contextual specialization.  Ultimately, one true test of the value of the PCTF will be its broad adoption.

To support the development of the PCTF in alignment with this vision, the Board of Directors developed and affirmed PCTF Development and Operationalization principles including:

  1. PCTF must provide value to the public and private sectors by defining a minimum set of requirements which encompasses standards and practices. The PCTF will promote interoperability that unlocks public and private sector identity capabilities and supports Canada’s economic growth.
  2. PCTF will define the baseline set of requirements for public and private sector, and there may be requirements that are defined as optional.
  3. The PCTF represents a willing community coalition, and is authoritative to those who adopt it.
  4. PCTF may be profiled by communities of interest to tighten the PCTF baseline for a specified use case.
  5. PCTF is developed, maintained and published by DIACC, based on the broad input of public and private sectors, international experts, liaisons and the general public.

These principles are designed to help us to move forward as a diverse community and to continue to evolve the PCTF to ensure that it meets broad stakeholder needs across Canada and around the world. These principles draw our focus to our PCTF approach while encouraging communities to develop profiles as a mechanism to inform and evolve the PCTF baseline of public and private sector criteria. And while these principles are intended to be more inward facing for our collaboration needs, they further support our foundational DIACC Principles for an Identity Ecosystem. Finally, we recognize that, although Canada is taking a road that is informed by the experiences of others around the world, ours is the public and private sector collaborative road that is less travelled.  Our priority is to meet the needs of Canadians and our hope is to inform the roads that others will take around the world.

Spotlight on Yoti

Meet Yoti

  1. What is the mission and vision of Yoti?

Our mission is to be the world’s trusted identity platform. We want to be the solution to fears around transparency, trust, privacy and control.
To achieve this, we need to build trust, which is not an easy task today for any company. So we’re building Yoti around principles which are regulated by an independent Guardian Council – the antithesis of big tech and data companies. By staying on track to our principles and working in close collaboration with all of our stakeholders including businesses and governments, we can achieve our goal of putting people in control of their data and fixing the broken identity system.

2. Why is trustworthy digital identity critical for existing and emerging markets?

The current identity system is broken – organisations and governments still rely on paper or card-based forms of identity verification, because proving who we are online to a high degree of certainty has been difficult. This process of creating physical forms of identity can take days or weeks instead of seconds, and often results in us sharing excessive amounts of personal information, putting us at great risk of identity theft. Millions of ID documents are lost every year, over 1.1 billion people around the world don’t have any form of identification, and the costs of online scams and fraud are spiralling. Having a trusted digital identity system is critical in fixing these issues.

3. How will digital identity transform the Canadian and global economy? How does Yoti address challenges associated with this transformation?

The ability to seamlessly use digital identities will empower individuals, businesses and government, and help unleash the true potential for a digital economy.

A digital identity lets individuals prove their identity online and in-person in a seamless, simple and secure way. They can share specific identity attributes, such as their name and date of birth, without disclosing their full identity with ID documents; helping to protect them from the ever-growing risks of identity theft. Individuals have a more convenient way to prove their identity across a range of industries and sectors – from financial services, travel, healthcare, dating and retail. More people will be able to take part in society and access essential services such as healthcare, education and finance, without being held back by lack of documentation, geography or wealth.

Companies have a cost-effective and efficient way to verify the identity of their customers, saving time and money, as well as reducing the risks associated with identity fraud. Additionally, governments can be sure that the right person is involved in the transaction, empowering them to offer a greater range of online services with the confidence and certainty that the users are who they say they are; leveraging technology to create a digital ecosystem.

Yoti is a global digital identity platform and free consumer app that gives individuals a simple, fast and secure way of proving who they are, online and in person. Each account is linked to biometrics and an ID document, so businesses and governments can be confident in the details shared with them – creating more trust and transparency. Challenging the existing way of doing things is never easy, but it’s time for a better way to prove who we are.

4. What role does Canada have to play as a leader in the space?

Canada has many advantages in the digital identity space. End-user demand is high for ubiquitous and low-friction access to digital services and information.  Canada has highly-evolved financial infrastructure and cybersecurity methods to balance end-user demand with secure identity and authentication. The regulatory environment is demanding. We believe Canada will be harnessing these factors to develop world-leading identity management and authentication processes in the coming years and will likely assume a leadership role in this area.

5. Why did Yoti join the DIACC?

As Yoti expands into Canada, we are seeing active participation in the local Digital ID community being of paramount importance.  While we are looking to grow our business and develop opportunities in Canada, we also want to contribute to the development of an ethical, safe and trusted Digital ID framework across the country, as we have done elsewhere in the world.

6. What else should we know about Yoti?

Yoti has achieved some significant milestones and partnerships, including:

  • Working with Heathrow Airport to explore biometric travel for passengers
  • Selected as the official digital ID provider for the Government of Jersey
  • Partnered with the Improvement Service in Scotland to help deliver digital services to Scottish citizens
  • Partnered with social networking site Yubo, who are using Yoti Age Scan to flag accounts where the person appears to have significantly misstated their age; an important step in safeguarding young people on social networks which would be expensive to do manually each day
  • Working with Jagermeister to let individuals use Yoti to prove their age when buying age-restricted products on the new www.jagershop.co.uk, promoting responsible alcohol sales online with digital identities
  • Gained accreditation for SOC2, FCA Sandbox and UK Government G-Cloud
  • Over 4 million installs of their app since launching in November 2017
  • Has a team of 250 staff, headquartered in London with offices in India and the U.S.
  • Yoti has 25 separate patents and applications in the U.S. and the U.K. Their core digital identity patents (which cover the core Yoti system and our method of storing and sharing identity attributes) have a very early priority date in the digital identity industry.