Monthly Archives: September 2019

Spotlight on Oaro

  1. What is the mission and vision of Oaro?

We use the digital world to verify the real one. At Oaro, it’s not about technology, it’s about truth. 

When we’re asked what Oaro does, there are a few different answers we could give. We create and deliver secure, enterprise-grade applications to enhance our clients’ ability to thrive in the digital economy. We contribute to a future where the gap between information in the digital realm and the real world is much narrower than today. That’s why major institutions and businesses from across the globe call us when they need to verify first, trust second. Onboard, and admit your people faster, keep their information and yours secure — and help the truth move a whole lot faster.

2. Why is trustworthy digital identity critical for existing and emerging markets?

The word ‘trust’ originates from Old Norse treysta, meaning “to rely on, make strong and safe.” The digital identity landscape today is anything but treysta-worthy! Data breaches, password overload and the privacy abuses of big tech have all contributed to the situation we currently find ourselves in. Our personal data is siloed, often for sale to the highest bidder (legally and illegally), and these problems just seem to be multiplying as digital services become pervasive. 

Most of us will agree that digitization is desirable, and that it unlocks significant economic value. At Oaro, we are building products that go beyond pure identity functionalities, but most use cases our clients share with us cannot be successful without a reliable identity solution at the core. We also don’t believe there is going to be a major distinction between technology in the developed world and the emerging markets going forward. If anything, emerging markets enjoy the advantage of agility when it comes to choosing the right tools for the job. We have boots on the ground in Mexico, and are seeing strong uptake of Oaro Identity there. Follow us on social media or visit Oaro.net for an announcement in the coming weeks! 

3. How will digital identity transform the Canadian and global economy? How does Oaro address challenges associated with this transformation?

Much has been said on this topic already, and while we agree entirely with DIACC’s estimates of the economic benefits of digital identity for the Canadian economy, we are cautious about predicting the future. Rather than feeding the hype cycle, Oaro has taken the path of quietly working with our clients to solve real business problems, while rigorously measuring the results.  

Oaro is focused on creating trust in a digital world. Our technology is revolutionizing how leading organizations authenticate and authorize the flow of their digital information. Our product, Oaro Identity, connects people to their identities and simplifies your business processes while doing it. Normally, increased security comes with additional layers of process, but the opposite is true with Oaro Identity —  as processes become simpler, they become more secure. 

4. What role does Canada have to play as a leader in the space?

Canada has a long tradition of leadership in when it comes to setting standards. 150 years ago, North America had 144 official time zones. One fateful night, railroad engineer Sir Sandford Fleming was forced to spend the night in a train station because of confused timetables. This uncomfortable situation led him to advocate tirelessly for international standard time, which we now take for granted. 

Oaro’s position is that digital identity is broken, and much like the world before standard time, we are all suffering from the resulting confusion. Canadian businesses have demonstrated global leadership in the identity space, and it is now up to Canadians themselves to embrace these new technologies in everyday life. 


5. Why did Oaro join the DIACC?

Oaro strongly believes that solving the challenge of modernizing digital identity takes a collaborative approach. We are proactively working with several international organizations, such as the International Civil Aviation Authority’s (ICAO) newly formed Trust Framework Study Group, which seeks to establish identity standards for global aviation security. We are also a member and node operator of Alastria in Spain, a non-profit association which promotes standards-based digital identity in Spain and throughout Europe. When we met other DIACC members at IdentityNORTH and saw the valuable work being done, we knew it would be a great fit for Oaro. 

6. What else should we know about Oaro?

Working with the Saint John Airport, we created a first-of-it’s-kind solution for secure entry for airport employees and contractors. 

As one of the fastest-growing small airports in Canada, serving nearly 300,000 passengers annually, Saint John Airport has long been recognized as one of Canada’s most innovative flight hubs. The executive team has focused on putting into place systems that can scale as the airport grows. With Oaro’s help, Saint John was able to implement a system where authorized employees only had to approach a secure door, and face into a camera in order to gain access. 

Oaro’s technology recognizes full-motion video, so would-be criminals can’t gain access using high resolution photographs. Lost or stolen swipe cards are a non-issue. Each user is authenticated in real time, and a tamper-proof record of their access is stored. The result is an easily scalable, entirely secure system that leveraged a large portion of the airport’s existing technology spend to improve both safety and efficiency. 

DIACC Industry Insights: Digital ID in Commerce

This ‘mini white paper’ is the third in a series prepared by DIACC, highlighting the potential impact that digital ID could have on key sectors of the Canadian (and global) economy.  

The focus of this paper is the commerce sector. Find out what you need to know about the applications of digital ID in the industry, and how it impacts key stakeholders, including consumers, businesses and e-commerce.

Read the full paper: DIACC Industry Insights: Digital ID in Commerce

Digital ID and the Future of Cities

On August 27 at The Bentway (an urban green space under the Gardiner Expressway in downtown Toronto), FedDev Ontario announced their investment of up to $11.1 million towards Innovate Cities. This not-for profit organization and Canadian-led network of innovators is involved in the development and commercialization of smart city technologies. 

The announcement touted Canada’s role in the global innovation race, and Toronto’s “moment on the world stage.” 

All over the world, the populations of cities are booming. Each week, an estimated 1.3 million people move into cities, and UN data indicates that, by 2050, around 70 per cent of the world’s population will live in cities. 

As populations grow, cities are also becoming more connected. Various connected devices are designed to enhance the daily routines of citizens, such as smart parking meters that help drivers find and pay for parking, and smart trash receptacles that can alert sanitation crews where trash collection services are required. 

“For smart cities to become a reality, they will need smart digital identity tools to connect citizens with their services,” noted an article from PYMNTS. 

In envisioning and building the cities of the future, digital ID has a role to play. 

Digital ID is the thread that connects individuals to such digital services. It will be the driving force in enabling such services and unlocking the full potential of smart cities.

To achieve this vision, digital identity innovation must be designed to protect people’s rights and privacy, while enabling them with tools that enable agency and choices over how and when information is shared and for what purpose. When designing for the cities of the future, it is important that citizens are put at the centre of an inclusive design process. 

“Digital ID is crucial to the development of our digital economy, and cities play a large role in this,” said DIACC President Joni Brennan. “As an organization strongly focused on collaboration, DIACC is excited by the work that Innovate Cities is doing to position Canada as a global leader in smart city innovation.” 

What if there were unattended kiosks through which citizens could access certain healthcare services, such as getting blood drawn or filling prescriptions? Digital ID plays a key role in this, as such a system will first require a secure digital identity solution before trusted by citizens or city officials. 

Digital ID is also applicable in the area of public transportation. Using connected devices as well as digital ID solutions, a smart city’s public transportation system would be able to automatically determine who is using these services and how much each traveler should pay. For example, Digital ID may also enable governments to deliver much needed benefits to low-income residents who ride the bus without subjecting those residents to a visible stigma. 

Digital ID plays an important role in making such solutions a reality, and achieving the optimal overall digital experience. In various cities around the world, we are seeing innovative experimentations in digital identity.

Trusted digital identity must enable people to access services efficiently and securely. Identity systems implemented across banks, government agencies, retailers and other organizations will improve the user experience. 

Investments such as this one from FedDev helps position Canada as a leader in our global digital economy, and ensure that innovation continues to occur.  As an organization that celebrates Canadian innovation and collaboration towards our digital future, DIACC is excited about the work that Innovate Cities is doing, and looks forward to seeing what’s next. 

 

Future Trust Markets Workshop

Seeking innovation funding?

DIACC invites you to join us at the Investing in Verified Information & Future Trust Markets Workshop taking place November 6-7, 2019, in Seattle, Washington. This is an invitation only event and space is limited. 

Attendees will include producers and B2B/G2B consumers of information verification and risk mitigation services alongside industry influencers and super-connectors.

How to Submit a Talk

  • Confirm your interest to participate by Friday, September 27th.
  • Send your outline to the DIACC event team via events@diacc.ca.
  • Using the NABC methodology, demos will be 15 minutes with 5 minutes for Q&A.
  • Demos must include
    • Title and Market: 
      • Need
      • Approach
      • Benefits
      • Competition 

Selection Process

  • An executive team comprising of the event organizers will review and select presentations to ensure a range of agenda diversity.
  • Early submissions will be treated with priority.
  • Submitters will be contacted following the review process.

If you are not interested to make a talk we would welcome you, or your designated representatives, to attend the event. 

If you have questions regarding this invitation, please don’t hesitate to advise the DIACC event team. 

We hope to see you there!

Trust in the Financial Sector: An Age Old Problem, A Modern Solution Needed

By Carrie Forbes, Chief Strategy Officer, League Data

Within the world of financial services, trust is core to the foundation of business and is assumed to be established in an exchange of these services. In modern times, this exchange is now invisible to us through the ether of digital banking. Yet, the problem of why we need trust in the first place has not evolved that much.

The evolution of the banking industry has been centred on this fundamental problem as old as the history of the rise of agriculture. Trust. It’s not just trust in the individual we make the transaction with, it’s also trust in process.

Picture yourself as a farmer at the dawn of agriculture, back in ancient Mesopotamia. You have agreed to exchange your grain for a pig at harvest. When the harvest arrives, your neighbour insists that the agreement was for you to give three bags of grain for the pig, but you understood it to be two. Do you trust that your neighbour is telling the truth? This issue created the need to establish a way to track a transaction, since simply agreeing to the deal was no longer enough. The next spring, we decide to imprint the exchange on a piece of clay, so we can avoid this embarrassing confusion next harvest. We have now just established one of the earliest forms of currency. From clay marks to coins to paper, civilizations established a physical token to ensure that the original value of that exchange held true. Currency became the means by which you could trust the transaction value.

From ancient times to today, trust remains an important component in conducting transactions

Let’s move forward a few centuries. You are now a trader, sailing through Europe trading silk, spices and gold. Unfortunately, you have been attacked by pirates who took half of your goods before you could fight them off. By the time you arrive to your port, you have some explaining to do. The merchant you are doing business with believes you are hoarding some of the goods and gold, and doesn’t believe your story about the pirates. He has seen this all too often from so-called ‘honest-brokers’ like you, and wants his full compensation. How can you prove that you were the unfortunate victim of piracy? This very real need gave rise to the development of double-entry accounting – a method to prove that the value of goods and services exchanged were as promised. By keeping a ledger, the exchange could be effectively tracked from point of departure to destination, mitigating these interceptions. The evolution of the banking industry has been centred on this fundamental problem as old as the history of the rise of agriculture. Trust. It’s not just trust in the individual we make the transaction with, it’s also trust in process.

Fast forward to the 21st century, where the digital revolution is now entrenched in everyday life, including how we bank and conduct transactions. The speed and convenience of making a purchase happens as quickly as we can hit ‘like’ on a social media post. We have all the means to say yes with a swipe or tap, often faster than our brains can actually process the decision. Modern pirates are finding new ways to intercept our transactions, using the very tools that provide the convenience and speed we demand as part of our financial service experience. However, the gold they are most interested in raiding is our personal data, including our personal identity.

The recent buzz at financial technology conferences continues to remind us that “data is the new oil.” Financial data is highly sought after by hackers, as it can facilitate criminal activities like money laundering and terrorist financing, which are much bigger bounties than just cash alone. With legitimate identities, bad actors can also infiltrate communities, create fake identities and disrupt government activities. The overall impacts are more sophisticated, but the problem remains the same as it did in Mesopotamia; we need new ways to build digital trust.

To learn more about digital ID’s role in the financial services sector, read our mini white paper, DIACC Industry Insights: Digital ID in Financial Services

Request for Comment and IPR Review: PCTF Notice and Consent Component Overview & Conformance Profile Draft Recommendations V1.0

Le français suit

STATUS: This review is now closed. Thank you for your participation!

Notice of Intent: DIACC is collaborating to develop and publish a Notice and Consent industry standard as a Component of the Pan-Canadian Trust Framework to set a baseline of public and private sector interoperability of identity services and solutions. 

Document Status: These review documents have been approved as Draft Recommendations by the DIACC’s Trust Framework Expert Committee (TFEC) that operates under the DIACC controlling policies.

Summary:

The Notice and Consent Component defines a set of processes used to formulate a statement about the collection, use and disclosure of personal information, and to obtain a consent decision on that statement from a person authorized to do so. The Notice and Consent processes ensure that notice statements are accurately formulated according to defined requirements, that the person making the consent decision has the authority to do so, and that the management of that consent decision is possible.

The objective of the Notice and Consent Component is to ensure the ongoing integrity of the notice and consent processes by applying standardized conformance criteria for assessment and certification. A certified process is a trusted process that can be relied on by other participants of the Pan-Canadian Trust Framework. 

The Notice and Consent Component builds on the Privacy baseline that is in development.

To learn more about the Pan-Canadian vision and benefits-for-all value proposition please review the Pan-Canadian Trust Framework Overview.

Invitation:

  • All interested parties are invited to comment.

Review Documents:

Supporting Documents:

Period:

  • Opens: September 9 at 23:59 PST | Closes: October 25, 2019 at 23:59 PST

Intellectual Property Rights:

Comments must be received within the 45-day comment period noted above. All comments are subject to the DIACC Contributor Agreement; by submitting a comment you agree to be bound by the terms and conditions therein. DIACC Members are also subject to the Intellectual Property Rights Policy. Any notice of an intent not to license under either the Contributor Agreement and/or the Intellectual Property Rights Policy with respect to the review documents or any comments must be made at the Contributor’s and/or Member’s earliest opportunity, and in any event, within the 45-day comment period. IPR claims may be sent to review@diacc.ca. Please include “IPR Claim” as the subject.

Process:

  • All comments are subject to the DIACC contributor agreement.
  • Submit comments using the provided DIACC Comment Submission Spreadsheet.
  • Reference the draft and corresponding line number for each comment submitted.
  • Email completed DIACC Comment Submission Spreadsheet to review@diacc.ca.
  • Questions may be sent to review@diacc.ca.

Value to Canadians:

The Notice and Consent Component will provide value to all Canadians, businesses, and governments by setting a baseline of business, legal, and technical interoperability. The DIACC’s mandate is to collaboratively develop and deliver resources to help Canadian’s to digitally transact with security, privacy and convenience. The Pan-Canadian Trust Framework is one such resource. The Pan-Canadian Trust Framework represents a collection of industry standards, best practices, and other resources that help to establish interoperability of an ecosystem of identity services and solutions. The DIACC is a not-for-profit coalition of members from the public and private sector who are making a significant and sustained investment in accelerating Canada’s Identity Ecosystem

Context:

The purpose of this Draft Recommendation review is to ensure transparency in the development and diversity of a truly Pan-Canadian, and international, input. In alignment with our Principles for an Identity Ecosystem, processes to respect and enhance privacy are being prioritized through every step of the PCTF development process. 

DIACC expects to modify and improve these Draft Recommendations based upon public comments. Comments made during the review will be considered for incorporation into the next drafts and DIACC will prepare a Disposition of Comments to provide transparency with regard to how each comment was handled. 

Guide d’examen des ébauches de recommandations pour l’aperçu de la composante « Avis et consentement » et le profil de conformité de l’avis et du consentement V1.0

Déclaration d’intention: Le DIACC collabore pour développer et publier une norme de l’industrie en matière d’avis et de consentement en tant que composante du cadre de confiance pancanadien afin d’établir une base d’interopérabilité des services et solutions d’identité dans les secteurs public et privé.

État des documents: Ces documents à examiner ont été approuvés en tant qu’ébauches de recommandations par le Comité d’experts du cadre de confiance (TFEC) du DIACC, qui est régi par les politiques qui contrôlent le DIACC.

Résumé

La composante « Avis et consentement » définit un ensemble de processus servant à formuler un énoncé sur la collecte, l’utilisation et la divulgation des renseignements personnels, et à obtenir une décision relative au consentement à propos de cet énoncé de la part d’une personne autorisée à la prendre. Les processus d’avis et de consentement s’assurent que les avis sont formulés avec exactitude conformément aux exigences définies, que la personne qui prend la décision relative au consentement est autorisée à le faire et que la gestion de cette décision est possible.

La composante « Avis et consentement » a pour objectif d’assurer l’intégrité continue des processus d’avis et de consentement en appliquant des critères de conformité uniformisés pour l’évaluation et la certification. Un processus certifié est un processus de confiance auquel peuvent se fier les autres participants du cadre de confiance pancanadien.

La composante « Avis et consentement » repose sur les éléments de base du respect de la vie privée qui sont en cours d’élaboration.

Pour en savoir davantage sur la vision du cadre de confiance pancanadien et les avantages qu’il procure à tous, veuillez lire le document Aperçu du cadre de confiance pancanadien.

Invitation

  • Toutes les parties intéressées sont invitées à faire des commentaires.

Documents à examiner

Documents de référence

Période

  • Début: 9 septembre 2019 à 23 h 59 HP | Fin : 25 octobre 2019 à 23 h 59 HP

Droits de propriété intellectuelle

Les commentaires doivent être reçus pendant la période de 45 jours indiquée ci-dessus. Tous les commentaires sont assujettis à l’entente de contributeur du DIACC; en soumettant un commentaire, vous acceptez d’être lié par les conditions qu’elle renferme. Les membres du DIACC sont également assujettis à la politique sur les droits de propriété intellectuelle. Tout avis d’intention de ne pas octroyer une licence en vertu de l’entente de contributeur et/ou de la politique sur les droits de propriété intellectuelle relativement aux documents à examiner ou à des commentaires doit être donné dès que le contributeur et/ou le membre en ont la possibilité, et en toute circonstance, pendant la période de commentaires de 45 jours. Les revendications au titre des droits de propriété intellectuelle peuvent être adressées à review@diacc.ca. Veuillez indiquer « Revendication en matière de propriété intellectuelle » dans l’objet.

Processus

  • Tous les commentaires sont assujettis à l’entente de contributeur du DIACC.
  • Veuillez utiliser le formulaire prévu à cet effet pour soumettre vos commentaires au DIACC.
  • Assurez-vous d’indiquer le numéro de ligne correspondant à chaque commentaire soumis.
  • Le formulaire de soumission de commentaires au DIACC doit être envoyé par courriel, dûment rempli, à review@diacc.ca.
  • Questions :review@diacc.ca.

Valeur pour les Canadiens

La composante « Avis et consentement » procurera de la valeur à l’ensemble des Canadiens, entreprises et gouvernements en établissant une base d’interopérabilité commerciale, juridique et technique. Le DIACC a pour mandat de collaborer au développement et à la prestation de ressources visant à aider les Canadiens à faire des transactions numériques qui sont sécuritaires et commodes, et qui respectent leur vie privée. Le cadre de confiance pancanadien est une de ces ressources. Il représente un ensemble de normes de l’industrie, de pratiques exemplaires et autres ressources qui aident à établir l’interopérabilité d’un écosystème de services et solutions en matière d’identité. Le DIACC est une coalition sans but lucratif de membres des secteurs public et privé qui effectuent un investissement important et soutenu pour accélérer l’écosystème de l’identité du Canada.

Contexte

L’examen des ébauches de recommandations a pour but d’assurer la transparence de l’élaboration et de la diversité d’un apport véritablement pancanadien et international. Conformément à nos principes pour un écosystème de l’identité, la priorité est accordée aux processus visant à respecter et à renforcer la vie privée à chaque étape du processus de développement du cadre de confiance pancanadien. Le DIACC s’attend à modifier et à améliorer ces ébauches de recommandations en fonction des commentaires du public. Les commentaires faits pendant l’examen seront pris en compte pour être intégrés dans les prochaines ébauches et le DIACC va préparer un document expliquant d’une façon transparente comment chaque commentaire a été traité.