Yearly Archives: 2019

Digital ID and Authentication Council of Canada (DIACC) Announces the Appointment of Six Board Members

Newcomer Louis Jacob brings extensive engineering and transformation design experience to Board

TORONTO–(BUSINESS WIRE)–

TORONTO June 4, 2019 – The Digital Identification and Authentication Council of Canada, (DIACC) today announced the appointment of six (6) nominees to the six seats up for election at its Annual General Meeting held in Toronto on June 3, 2019. Newcomer Louis Jacob, Manulife Vice-President Core Engineering and Transformation, joins the board after Manulife joined DIACC in 2019 and maintained an active role in Board committees.

“We are pleased to welcome Louis Jacob to the DIACC Board of Directors, and believe his experience in building key strategic UX engineering channels, salesforce and devops at Manulife University’s engineering training program will help DIACC’s goal of connecting Canadians through digital identity innovation this year,” said Joni Brennan, President, DIACC. “We look forward to leveraging Louis Jacob’s leadership as we focus on building out the Pan Canadian Trust Framework and other DIACC initiatives.”

The 2019 DIACC electoral slate:

  • Andre Boysen, Chief Identity Officer, SecureKey, and Board Treasurer
  • Marc Brouillard, Chief Technology Officer, Government of Canada, Treasury Board Secretariat
  • Greg Elcich, Vice President Innovation, CIBC
  • CJ Ritchie, Associate Deputy Minister and CIO, Province of BC
  • Eros Spadotto, Executive Vice President, TELUS, and Board Vice-Chair
  • Louis Jacob, Vice President, Core Engineering and Transformation, Manulife

DIACC Directors are elected industry leaders who set the organizational strategic directions, and ensure good governance is practiced, ensuring policies and procedures are continually improved and align with the vision and representation of DIACC membership. The DIACC Board members are: Board Chair Dave Nikolejsin (Province of BC), Collen Boldon (Province of NB), Neil Butters (Interac Corp.), Susie De Franco (Canada Post), Patrice Dagenais (Desjardins Card Services), Robert Devries (Government of Ontario), Allan Foster (ForgeRock), Franklin Garrigues (TD Bank), Hugh McKee (BMO), and Community Advisor to the Board Sajith Nair (PWC).

About the Digital ID and Authentication Council of Canada
The Digital Identification and Authentication Council of Canada (DIACC) is the non-profit coalition of public and private sector leaders who are developing Canada’s system for digital identification and authentication to enable Canadians’ full and secure participation in the global digital economy. DIACC leverages broad Pan-Canadian and International input to collaboratively develop and publish the Pan-Canadian Trust Framework and other resources to secure public and private sector interoperability and advance the delivery of Canada’s Digital Identity Ecosystem.

View source version on businesswire.com: https://www.businesswire.com/news/home/20190604005330/en/

Request for Comment and IPR Review: Pan-Canadian Trust Framework Model Draft Recommendation V1.0

Le français suit

STATUS: This review is now closed. Thank you for your participation!

Notice of Intent:

This notice of intent is intended to inform stakeholders that DIACC is developing the Pan-Canadian Trust Framework (PCTF) Model Draft Recommendation for standardization and adoption.

Veuillez trouver la traduction française ci-dessous…

Documents Status:

This review document has been approved as Draft Recommendations by the DIACC’s Trust Framework Expert Committee (TFEC).

Summary:

The PCTF is intended to standardize trusted digital representations (i.e., identities, attributes, relationships) of people and other types of entities in Canada. This document provides the high-level model of the PCTF and a recap of PCTF contextual information, goals, and objectives. This document also outlines functional areas that are the primary focus of the PCTF. The outline provides a sense of the digital representations with which the PCTF is concerned and the various processes involved in creating, managing, and using these digital objects. Individual PCTF components and profiles will provide detailed descriptions of the processes highlighted in this document.

To learn more about the Pan-Canadian Trust Framework vision and its benefits-for-all value proposition please read the Pan-Canadian Trust Framework Overview.

Invitation:

  • All interested parties are invited to comment.

Review Documents:

Supporting Documents:

Period:

  • Opens: June 3, 2019 at 23:59 PST | Closes: July 19, 2019 at 23:59 PST

Process:

  • All comments are subject to the DIACC contributor agreement.
  • Submit comments using the provided DIACC Comment Submission Spreadsheet.
  • Reference the corresponding line number for each comment submitted.
  • Email completed DIACC Comment Submission Spreadsheet to review@diacc.ca
  • Questions may be sent to review@diacc.ca

Intellectual Property Rights (IPR) Notice:

Comments must be received within the 45 day comment period noted above. All comments are subject to the DIACC Contributor Agreement; by submitting a comment you agree to be bound by the terms and conditions therein. DIACC Members are also subject to the Intellectual Property Rights Policy. Any notice of an intent not to license under either the Contributor Agreement and/or the Intellectual Property Rights Policy with respect to the review documents or any comments must be made at the Contributor’s and/or Member’s earliest opportunity, and in any event, within the 45 day comment period. IPR claims may be sent to review@diacc.ca. Please include “IPR Claim” as the subject.

Value to Canadians:

The DIACC’s mandate is to collaboratively develop and deliver resources to help Canadian’s to digitally transact with security, privacy and convenience. The PCTF is one such resource that will provide value to all Canadians, businesses, and governments by setting a baseline of industry standards, best practices, and other resources to establish business, legal, and technical interoperability. The DIACC is a not-for-profit coalition of members from the public and private sector who are making a significant and sustained investment in accelerating Canada’s Identity Ecosystem.

Context:

The purpose of the open commentary is to ensure transparency in development and diversity of Pan-Canadian and international input. This Draft Recommendation has been developed by the DIACC’s TFEC that operates under the DIACC controlling policies and benefits from broad and diverse public and private sector stakeholder representation. In alignment with our Principles for an Identity Ecosystem, processes to respect and enhance privacy are being prioritized through every step of the PCTF development process.

DIACC expects to modify and improve this Draft Recommendation based on public comments. Comments made during the review will be considered for incorporation to the next draft and DIACC will prepare a Disposition of Comments to provide transparency with regard to how each comment was handled.

Guide d’examen des recommandations sur l’ébauche de modèle de cadre de confiance pancanadien V1.0

Déclaration d’intention:

Cette déclaration d’intention vise à informer les parties prenantes que le DIACC est en train de préparer la recommandation d’une ébauche de modèle de cadre de confiance pancanadien en vue de son uniformisation et son adoption.

État des documents:

Ce document d’examen a été approuvé en tant qu’ébauche de recommandations par le Comité d’experts du cadre de confiance (TFEC) du DIACC.

Résumé:

Le cadre de confiance pancanadien vise à uniformiser les représentations numériques de confiance (c.-à-d., identités, attributs, relations) des personnes et autres types d’entités au Canada. Ce document fournit un modèle très général du cadre de confiance pancanadien et une recommandation de ses renseignements, buts et objectifs contextuels. Il présente aussi des domaines fonctionnels sur lesquels porte surtout le cadre de confiance pancanadien. L’aperçu donne une idée des représentations numériques dont se préoccupe le cadre de confiance pancanadien et des divers processus intervenant dans la création, la gestion et l’utilisation de ces objets numériques. Chaque composante et profil du cadre de confiance pancanadien décrira en détail les processus mis en évidence dans ce document.

Pour en savoir davantage sur la vision du cadre de confiance pancanadien et les avantages qu’il procure à tous, veuillez lire Aperçu du cadre de confiance pancanadien.

Invitation:

  • Toutes les parties intéressées sont invitées à faire des commentaires.

Document à examiner:

Documents de référence:

Période:

  • Début: 3 juin 2019 à 23 h 59 HP | Fin: 19 juillet 2019 à 23 h 59 HP

Processus:

  • Tous les commentaires sont assujettis à l’entente de contributeur du DIACC
  • Veuillez utiliser le formulaire prévu à cet effet pour soumettre vos commentaires au DIACC
  • Assurez-vous d’indiquer le numéro de ligne correspondant à chaque commentaire soumis
  • Le formulaire de soumission de commentaires au DIACC doit être envoyé par courriel à review@diacc.ca
  • Questions: review@diacc.ca

Avis concernant les droits de propriété intellectuelle:

Les commentaires doivent être reçus pendant la période de 45 jours prévue à cet effet et indiquée ci-dessus. Tous les commentaires sont assujettis à l’entente de contributeur du DIACC; en soumettant un commentaire, vous acceptez d’être lié par les conditions de l’entente. Les membres du DIACC sont également assujettis à la politique sur les droits de propriété intellectuelle. Tout avis d’intention de ne pas accorder une licence en vertu de l’entente de contributeur et/ou de la politique sur les droits de propriété intellectuelle relativement à l’examen des documents ou des commentaires doit être signifié au contributeur et/ou au membre dès que possible et, en toute circonstance, pendant la période de commentaires de 45 jours. Les plaintes pour atteinte aux droits de propriété intellectuelle doivent être adressées à review@diacc.ca, en indiquant « Plainte droits de propriété intellectuelle » comme objet.

Valeur pour les Canadiens:

Le DIACC a pour mandat de collaborer au développement et à la prestation de ressources visant à aider les Canadiens à faire des transactions numériques qui sont sécuritaires et commodes, et qui respectent leur vie privée. Le cadre de confiance pancanadien est une de ces ressources qui va procurer de la valeur à tous les Canadiens, entreprises et gouvernements en établissant une base de normes de l’industrie, de pratiques exemplaires et autres ressources pour établir une interopérabilité commerciale, juridique et technique. Le DIACC est une coalition sans but lucratif de membres des secteurs public et privé qui effectuent un investissement important et soutenu pour accélérer l’écosystème de l’identité du Canada.

Contexte:

Les commentaires ouverts ont pour but d’assurer la transparence du développement et de la diversité de l’apport pancanadien et international. Cette ébauche de recommandations a été élaborée par le TFEC du DIACC, qui est régi par les politiques qui contrôlent le DIACC et les avantages de la représentation à grande échelle et diversifiée des parties prenantes des secteurs public et privé. Conformément à nos principes pour un écosystème de l’identité, la priorité est accordée aux processus visant à respecter et à renforcer la vie privée à chaque étape du processus de développement du cadre de confiance pancanadien.

Le DIACC s’attend à modifier et à améliorer cette ébauche de recommandation en fonction des commentaires du public. Les commentaires faits pendant l’examen seront pris en compte pour être intégrés dans la prochaine ébauche et le DIACC va préparer un document expliquant d’une façon transparente comment chaque commentaire a été traité.

Canada’s Digital Charter – Trust in the Age of Technology

In today’s digital-first society, conversations concerning our digital economy have never been more important. At the Digital ID and Authentication Council of Canada (DIACC), a non-profit coalition of public and private sector leaders, we know that digital identity is vital to the growth and efficiency of the digital economy, touching almost all aspects of digital life.

A secure, interoperable digital identity offers more security and more opportunities for Canadians and Canadian organizations to participate economically and socially with a high degree of confidence. This is why Canada’s new Digital Charter, unveiled on Tuesday May 21st, is monumental, will help position Canada as a leader in the global digital economy.  

The Digital Charter is intended to protect Canadians’ privacy and establish requirements and regulations for how organizations can use personal data. Rooted in a foundation of trust, the Digital Charter will set a baseline for how companies, citizens and governments interact and transact online.  

“We applaud the new Digital Charter. The renewed commitment to updating privacy policies will ensure transparency in every aspect of digital life, from social media to healthcare and digital ID,” said Joni Brennan, President of the DIACC. “For DIACC, an organization whose key values and principles include transparency in governance and operation, as well as providing Canadians with choice, control, and convenience, this is a tremendous step in the right direction.”

Trust is at the center of the Charter, which emphasizes Canadians’ control over their personal information through ten key principles. Similar to the DIACC’s mission to unlock social and economic opportunities for Canada, while reducing costs and enhancing service delivery, the Charter aims to support all Canadians as they navigate a world where the divide between online and offline is increasingly blurred and the consequences of poor data management are serious.

“No single group can solve the identity challenge alone – so creating an ecosystem of collaborative partners is necessary to enable the secure digital identities needed for Canadians and our businesses today. “

– Joni Brennan, President of the DIACC

Notable principles in the Charter include open and modern digital government, keeping digital platforms safe from hate and violent extremism, and universal access for all. These principles underpin the work DIACC is leading in developing the Pan-Canadian Trust Framework (PCTF). The PCTF will enable Canada to securely participate in the global digital economy, while supporting economic innovation, service delivery, and the principles of an open government. The framework is being developed using a collaborative approach that takes into account the different perspectives of public sector and private sector stakeholders, as well as international experts, liaisons and the general public.

Building on the ten principles, the Charter sets out ambitious actions to enable and support Canadian innovation and leadership in the global digital economy.  These include a National Cyber Security Strategy and modernizing Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) – which has not been substantially updated since the early 2000s.

“These principles lay down the foundation that will allow us to build an innovative, people-centred and inclusive digital and data economy [founded] on trust,” outlined the National Innovation Minister Navdeep Bains, in a video posted on the government’s website.

The Charter is informed by insights gleaned from the government’s National Digital and Data Consultations. Canadians want more transparency in how their data is being collected and how it is being used, and recent data breaches have raised questions and public concern around this.

“No single group can solve the identity challenge alone – so creating an ecosystem of collaborative partners is necessary to enable the secure digital identities needed for Canadians and our businesses today. We recommend re-examining our policies on an annual basis,” said Joni Brennan. “As our connectivity grows and we seek to lead in the information age, our privacy and cybersecurity tools need to evolve just as much as our policies do.”

Keeping a pulse on industry trends, emerging threats, and new approaches in digital identity and across the digital economy is no small task. To stay ahead of the curve and protect Canadians’ best interests, the DIACC takes a unique approach, bringing together leaders from the public and private sectors and across Canada. Creating the conditions where otherwise competing or siloed organizations can work together as one team, the DIACC is committed to enabling Canada’s full and secure participation in the global digital economy. Members share resources and collaborate to develop industry standards, research, and proofs of concepts.

In today’s digital-first society, the Digital Charter and DIACC are Canada’s response as part of a wider, global movement to modernize outdated laws and prepare the country to adapt and thrive in a changing economic landscape. The government has laid the foundation, now it is time to continue the conversation. Learn more about becoming a DIACC member, participating in shaping Canada’s digital economy, and solving the real-world challenges of today.

Profiles in Identity Leadership: Ken McMillan

Ken McMillan

In our most recent ‘Profiles in Identity Leadership’ video, Joni Brennan spoke with Ken McMillan, who was Acting Director, Digital Identity at Treasury Board of Canada Secretariat, and co-chair of DIACC’s Trust Framework Expert Committee (TFEC). The committee is responsible for delivering Canada’s Digital Trust Framework, including the Pan-Canadian Trust Framework (PCTF).

In terms of a strategy to advance digital identity, Ken believes that Canada has the opportunity to take a lead. Canada doesn’t invest all the influence and decision making in the federal government. Rather, our strategy benefits from second, third and fourth opinions from the provinces, territories, and the private sector.

“In a sense, not being a single state that has a unitary approach.. and instead one that says we have to collaborate and we have to compromise, it puts us in a good position. That’s something that Canada can bring to the table,” he said.

In developing the PCTF, Ken has benefitted from the involvement of various groups in the TFEC.

For instance, if we can access – with privacy, consent, and security – some attributes that come by virtue of one’s banking or interactions relative to their internet service provider, then all of that information feeds into an understanding of whether an asserted identity is credible. A key question is: what do we minimally need to know about this individual to deliver a service?

“We need to complement that [interaction] with the data that is available in the private sector in terms of having a validation of identity that reflects currency as opposed to knowing once a year whether you file your taxes…we really benefit from having those Canadians at the table and the Trust Framework Expert Committee and being able to talk about how we make these systems work together.”

While his work in the area initially focused solely on just pure authentication with usernames and passwords, and not necessarily attaching identity to it, “that grew into an appreciation for some of the complexities of the problem.”  

“What I have enjoyed about DIACC is the amount of learning that takes place,” Ken said. “I like the idea that wherever I go I’m going to be surrounded by people who know a lot of things that I can learn from. [DIACC] brings a lot of different opinions, people tend to recognize that there is a stipulation to stay away from the sales pitch element and just talk about what we know, and what we’re learning, and demonstrate the humility of other things that we don’t know.”

Request for Review and Comment: PCTF Verified Login Component Overview V0.06 and Verified Login Conformance Profile V0.03 Discussion Drafts

Le français suit

STATUS: This review is now closed. Thank you for your participation!

Notice of Intent: DIACC is collaborating to develop and publish a Verified Login industry standard as a Component of the Pan-Canadian Trust Framework to set a baseline of standards and practices that guide public and private sector interoperability of identity services and solutions.

Veuillez trouver la traduction française ci-dessous…

Summary:

The Verified Login Component defines a set of processes used to enable access to digital systems and a set of conformance criteria for each process. These processes include binding a credential to a subject, binding authenticators to a credential, as well as lifecycle management functions that include updates, suspension, recovery, and revocation, and session management. For the purposes of Verified Login, a subject may be a person, organization, application, or device.

The objective of the Verified Login Component is to ensure the ongoing integrity of the login processes by applying standardized conformance criteria for assessment and certification. Verified Login is a set of processes that are intended to help establish confidence and trust in the use of a trusted digital identity. A certified process is a Trusted Process that can be relied on by other participants of the Pan-Canadian Trust Framework.

Invitation:

  • All interested parties are invited to comment including identity issuers, identity consumers, developers, and potential users.
  • The Discussion Drafts have been developed by the DIACC Trust Framework Expert Committee (TFEC) that operates under the DIACC controlling policies.

Documents:

Period:

Opens: May 15, 2019 at 23:59 PST | Closes: June 17, 2019 at 23:59 PST

Process:

  • All comments are subject to the DIACC contributor agreement;
  • Submit comments using the provided DIACC Comment Submission Spreadsheet;
  • Reference the draft and corresponding line number for each comment submitted;
  • Email completed DIACC Comment Submission Spreadsheet to review@diacc.ca;
  • Questions may be sent to review@diacc.ca.

Value to Canadians:

The Verified Login Component will provide value to all Canadians, businesses, and governments by setting a baseline standard to guide public and private sector interoperability of identity solutions and services. The DIACC’s mandate is to collaboratively develop and deliver resources to help Canadian’s to digitally transact with security, privacy and convenience. The Pan-Canadian Trust Framework is one such resource. The Pan-Canadian Trust Framework represents a collection of industry standards, best practices, and other resources that help to establish interoperability of an ecosystem of identity services and solutions. The DIACC is a not-for-profit coalition of members from the public and private sector who are making a significant and sustained investment in accelerating the establishment of Canada’s Identity Ecosystem.

Context:

The purpose of the Discussion Draft review is to ensure transparency in the development and diversity of a truly Pan-Canadian, and international, input. In alignment with our Principles for an Identity Ecosystem, processes to respect and enhance privacy are being prioritized through every step of the PCTF development process.

DIACC expects to modify and improve these Discussion Drafts based upon public comments. Comments made during the review will be considered for incorporation to the next drafts and DIACC will prepare a Disposition of Comments to provide transparency with regard to how each comment was handled.

Demande de révision et commentaires: Aperçu de la composante de connexion vérifiée V0.06 et profil de conformité de la connexion vérifiée 0.03 – ébauches de Discussion

Déclaration d’intention: Le DIACC collabore pour développer et publier une norme de l’industrie pour la connexion vérifiée en tant que composante du cadre de confiance pancanadien, afin de définir une base de normes et pratiques guidant l’interopérabilité des services et solutions d’identité dans les secteurs public et privé. 

Sommaire:

La composante de connexion vérifiée définit un ensemble de processus utilisés pour permettre l’accès aux systèmes digitaux et un ensemble de critères de conformité pour chaque processus. Ces processus consistent notamment à relier un identifiant à un sujet et des authentifiants à un identifiant, et incluent aussi des fonctions de gestion du cycle de vie, entre autres les mises à jour, la suspension, la récupération, la révocation et la gestion des sessions. Pour les besoins de la connexion vérifiée, un sujet peut être une personne, une organisation, une application ou un appareil.

L’objectif de la composante de connexion vérifiée est d’assurer l’intégrité continue des processus de connexion en appliquant des critères de conformité uniformisés pour l’évaluation et la certification. La connexion vérifiée est un ensemble de processus destinés à donner confiance dans l’utilisation d’une identité numérique. Un processus certifié est un processus de confiance auquel les autres participants du cadre de confiance pancanadien peuvent se fier. 

Invitation:

  • Toutes les parties intéressées, notamment les émetteurs d’identité, les consommateurs d’identité, les développeurs et les utilisateurs potentiels, sont invitées à faire des commentaires.
  • Les ébauches de discussion ont été développées par le comité d’experts du cadre de confiance du DIACC, qui est régi par les politiques de contrôle DIACC.

Documents:

Période:

Début : 15 mai, 2019 à 23 h 59 HNP | Fin : 17 juin 2019 à 23 h 59 HNP

Processus:

  • Tous les commentaires sont assujettis à l’entente de contribution DIACC;
  • Utilisez le formulaire fourni par le DIACC pour soumettre vos commentaires;
  • Faites référence à l’ébauche ainsi qu’au numéro de ligne correspondant pour chaque commentaire soumis;
  • Envoyez le formulaire de soumission de commentaires du DIACC dûment rempli à review@diacc.ca;
  • Pour toute question, veuillez écrire à review@diacc.ca.

Valeur pour les Canadiens:

La composante de connexion vérifiée apportera de la valeur aux Canadiens, aux entreprises et aux gouvernements en établissant une norme de base pour guider l’intéropérabilité des solutions et services d’identité dans les secteurs public et privé. Le DIACC a pour mandat de développer ainsi que fournir, en collaborant avec d’autres, des ressources visant à aider les Canadiens à effectuer des transactions numériques avec sécurité, confidentialité et commodité. Le cadre de confiance pancanadien, qui est une de ces ressources, présente un ensemble de normes de l’industrie, pratiques exemplaires et autres ressources qui favorisent l’interopérabilité au sein d’un écosystème de services et de solutions d’identité. Le DIACC est une coalition à but non lucratif de membres des secteurs public et privé qui font un investissement considérable et soutenu afin d’accélérer la mise en place de l’écosystème de l’identité du Canada.

Contexte:

L’objectif de l’ébauche de discussion est d’assurer la transparence dans l’élaboration et la diversité d’une contribution véritablement pancanadienne et internationale. Conformément à nos principes sur lesquels se fonde un écosystème de l’identité, les processus visant à respecter et à renforcer la protection de la vie privée sont priorisés à chaque étape du processus de développement du cadre de confiance pancanadien.

Le DIACC prévoit modifier et améliorer cette ébauche de discussion en fonction des commentaires venant du public. Les commentaires apportés lors de l’examen seront pris en compte en vue d’être intégrés dans les prochaines ébauches et le DIACC va préparer un recueil de commentaires afin de montrer d’une façon transparente comment chaque commentaire a été traité.

Letters from the President: A Collaborative Road less Travelled – Delivering a PCTF that Works for Canada and Around the World

DIACC’s approach

In Canada, DIACC is the singular organization focused on accelerating the establishment of a Canadian Identity Ecosystem – the singular organization where Canada’s identity experts and practitioners connect to share the deep knowledge needed to deliver a framework that will support our vision of an identity ecosystem where every Canadian has access to the societal and economic opportunities that digital identity can enable.

DIACC is unique among its global peers because our focus is on:

  1. enabling identity that works for both the public and private sectors;
  2. prioritizing privacy, security, and user-centred design;
  3. and enabling economic growth.

Meeting the needs and priorities of members across Canada and around the world is not a simple task. And, while our technology and virtual tools help us to connect Pan-Canadian interests, in-person meeting opportunities always help us to move our shared vision forward. In this context, the DIACC Board of Directors (comprised of public and private sector leaders) and the Trust Framework Expert Committee (TFEC) recently held a co-located in-person meeting in Ottawa.

At this meeting, the primary focus of the Board of Directors was a strong reaffirmation that every Director is committed to one approach for interoperability of identity across Canada. That one approach will provide and prioritize security, privacy and convenience of use. That one approach will prioritize privacy, security, and user-centred design to ensure that Canadians have choice, control, and consent by design, in terms of which systems they participate in, and in terms of how they participate.  That one approach will also recognize that various sources of data verification will be interoperable and available for Canadians to use to perform transactions. In that one approach, service providers will determine their verification needs and Canadians will choose which sources they wish to leverage to provide verification of only the minimized information needed to perform a specific transaction.

Pan-Canadian Trust Framework (PCTF) Development and Operationalization Principles


Through DIACC, Canada’s public and private sectors work as one team, with one vision to define the strategic and the operational way forward including – the industry standards, best practices, and tools needed to ensure systems and solutions align with Canadian principles and with international standards. Our diverse stakeholder collaborative approach ensures that PCTF development considers broad Canadian and international feedback and recognizes areas that may require contextual specialization.  Ultimately, one true test of the value of the PCTF will be its broad adoption.

To support the development of the PCTF in alignment with this vision, the Board of Directors developed and affirmed PCTF Development and Operationalization principles including:

  1. PCTF must provide value to the public and private sectors by defining a minimum set of requirements which encompasses standards and practices. The PCTF will promote interoperability that unlocks public and private sector identity capabilities and supports Canada’s economic growth.
  2. PCTF will define the baseline set of requirements for public and private sector, and there may be requirements that are defined as optional.
  3. The PCTF represents a willing community coalition, and is authoritative to those who adopt it.
  4. PCTF may be profiled by communities of interest to tighten the PCTF baseline for a specified use case.
  5. PCTF is developed, maintained and published by DIACC, based on the broad input of public and private sectors, international experts, liaisons and the general public.

These principles are designed to help us to move forward as a diverse community and to continue to evolve the PCTF to ensure that it meets broad stakeholder needs across Canada and around the world. These principles draw our focus to our PCTF approach while encouraging communities to develop profiles as a mechanism to inform and evolve the PCTF baseline of public and private sector criteria. And while these principles are intended to be more inward facing for our collaboration needs, they further support our foundational DIACC Principles for an Identity Ecosystem. Finally, we recognize that, although Canada is taking a road that is informed by the experiences of others around the world, ours is the public and private sector collaborative road that is less travelled.  Our priority is to meet the needs of Canadians and our hope is to inform the roads that others will take around the world.

Spotlight on Yoti

Meet Yoti

  1. What is the mission and vision of Yoti?

Our mission is to be the world’s trusted identity platform. We want to be the solution to fears around transparency, trust, privacy and control.
To achieve this, we need to build trust, which is not an easy task today for any company. So we’re building Yoti around principles which are regulated by an independent Guardian Council – the antithesis of big tech and data companies. By staying on track to our principles and working in close collaboration with all of our stakeholders including businesses and governments, we can achieve our goal of putting people in control of their data and fixing the broken identity system.

2. Why is trustworthy digital identity critical for existing and emerging markets?

The current identity system is broken – organisations and governments still rely on paper or card-based forms of identity verification, because proving who we are online to a high degree of certainty has been difficult. This process of creating physical forms of identity can take days or weeks instead of seconds, and often results in us sharing excessive amounts of personal information, putting us at great risk of identity theft. Millions of ID documents are lost every year, over 1.1 billion people around the world don’t have any form of identification, and the costs of online scams and fraud are spiralling. Having a trusted digital identity system is critical in fixing these issues.

3. How will digital identity transform the Canadian and global economy? How does Yoti address challenges associated with this transformation?

The ability to seamlessly use digital identities will empower individuals, businesses and government, and help unleash the true potential for a digital economy.

A digital identity lets individuals prove their identity online and in-person in a seamless, simple and secure way. They can share specific identity attributes, such as their name and date of birth, without disclosing their full identity with ID documents; helping to protect them from the ever-growing risks of identity theft. Individuals have a more convenient way to prove their identity across a range of industries and sectors – from financial services, travel, healthcare, dating and retail. More people will be able to take part in society and access essential services such as healthcare, education and finance, without being held back by lack of documentation, geography or wealth.

Companies have a cost-effective and efficient way to verify the identity of their customers, saving time and money, as well as reducing the risks associated with identity fraud. Additionally, governments can be sure that the right person is involved in the transaction, empowering them to offer a greater range of online services with the confidence and certainty that the users are who they say they are; leveraging technology to create a digital ecosystem.

Yoti is a global digital identity platform and free consumer app that gives individuals a simple, fast and secure way of proving who they are, online and in person. Each account is linked to biometrics and an ID document, so businesses and governments can be confident in the details shared with them – creating more trust and transparency. Challenging the existing way of doing things is never easy, but it’s time for a better way to prove who we are.

4. What role does Canada have to play as a leader in the space?

Canada has many advantages in the digital identity space. End-user demand is high for ubiquitous and low-friction access to digital services and information.  Canada has highly-evolved financial infrastructure and cybersecurity methods to balance end-user demand with secure identity and authentication. The regulatory environment is demanding. We believe Canada will be harnessing these factors to develop world-leading identity management and authentication processes in the coming years and will likely assume a leadership role in this area.

5. Why did Yoti join the DIACC?

As Yoti expands into Canada, we are seeing active participation in the local Digital ID community being of paramount importance.  While we are looking to grow our business and develop opportunities in Canada, we also want to contribute to the development of an ethical, safe and trusted Digital ID framework across the country, as we have done elsewhere in the world.

6. What else should we know about Yoti?

Yoti has achieved some significant milestones and partnerships, including:

  • Working with Heathrow Airport to explore biometric travel for passengers
  • Selected as the official digital ID provider for the Government of Jersey
  • Partnered with the Improvement Service in Scotland to help deliver digital services to Scottish citizens
  • Partnered with social networking site Yubo, who are using Yoti Age Scan to flag accounts where the person appears to have significantly misstated their age; an important step in safeguarding young people on social networks which would be expensive to do manually each day
  • Working with Jagermeister to let individuals use Yoti to prove their age when buying age-restricted products on the new www.jagershop.co.uk, promoting responsible alcohol sales online with digital identities
  • Gained accreditation for SOC2, FCA Sandbox and UK Government G-Cloud
  • Over 4 million installs of their app since launching in November 2017
  • Has a team of 250 staff, headquartered in London with offices in India and the U.S.
  • Yoti has 25 separate patents and applications in the U.S. and the U.K. Their core digital identity patents (which cover the core Yoti system and our method of storing and sharing identity attributes) have a very early priority date in the digital identity industry.

Advance a Digital Identity Shared Curriculum

Share your thoughts with us by completing our survey

We encourage you to share this with anyone within your network who might find value in participating in this survey

The time to advance a shared curriculum framework for digital identity is now and you can help make a difference. A better digital identity future must be realized through strategic community collaboration that connects stakeholder knowledge.

In alignment with DIACC’s Digital Identity Ecosystem Principles and Strategic Goals, we are building a community engagement forum to establish a consensus of goals and actions to achieve a standardized curriculum framework for digital identity.

Your participation in our survey will help inform the development and launch of a shared curriculum framework project. DIACC will compile the survey results, summarize responses, and share the findings with the public.

Who should take the survey?

This project requires multidisciplinary input of academic and identity experts from fields including information security, privacy, law, health, sociology, economics, and more. All interested parties are invited to participate.

Where appropriate, the curriculum will be standardized for application across countries, cultures, markets, universities and other institutions, while maintaining its flexibility for customization consistent with the local community and educational practices. Curriculum standards enable measurement that serve a variety of stakeholder needs, including instructors, future employers, consumers, regulators and others.

Getting Society Ready for the Digitization of Identity

The practices and concepts around real-world identity have been foundational to human society throughout history, but have always operated invisibly as part of other social, cultural, economic, political, legal, and other systems.

Digital identity issues loom large in discussions of privacy, security, and liability challenges, which seem to resist tractable solutions. Identity issues are pervasive and apply to verifying the identities of people, organizations, and things that humans interact with. The attributes of the identities of these various entities affect the interactions of humans in myriad ways and have thus earned the attention of various academic departments.

Yesterday’s identity solutions resulted from an institutional view of identity in which each organization structured its client relationships in a way that suited specific needs. This resulted in fragmented identity experiences for individuals and created organizational expectations and habits that shaped economic business and political citizenry models. Most notably the user experience and privacy control needs of the individual were often overlooked.

Academia is uniquely suited to bring coherence to “identity”

Academic institutions are uniquely positioned to innovate new solution pathways and offer ideal multidisciplinary settings in which to develop identity curriculum. DIACC can help to coordinate the activities among academic institutions across jurisdictions and disciplines, and identify timely and relevant identity issues and topics for consideration for inclusion in shared curriculum resources.

A well matured digital identity curriculum should encompass most of the disciplines on campus. For now, DIACC’s curriculum aspirations are more modest: to help identify core elements of an identity curriculum that can prepare students for the professional and personal navigation of digital interaction spaces – where we all already direct most of our waking attention.  

Why does DIACC care?

To achieve our vision, today’s students must be ready to enter the workforce with the Identity Management knowledge needed to solve challenges and leverage opportunities. Working with our liaisons, DIACC proposes a program to design, develop, and deploy a broadly shared curriculum framework and instructional resources for “digital identity.”

On behalf of the DIACC community, thank you.

Profiles in Identity Leadership: Allan Foster

In our recent ‘Profiles in Leadership’ video, Joni Brennan had a conversation with Allan Foster, who is a DIACC Director and VP of Global Partner Success at ForgeRock. The two discussed identity innovation, open banking and Canada’s collaborative approach.

ForgeRock, a digital identity management platform, is headquartered in San Francisco, CA, but is active across the globe.

Allan highlighted the importance of the Canadian community. “We are very involved in the DIACC for the reason that we see Canada as a major leader within the space…Canada is the looking glass for the entire planet.”

He pointed out that Canada’s relatively small size (about 35 million identities across the country) make it a manageable size with which to “do a project and succeed, however, it’s also complex enough to be interesting.” Multiple governments (federal and municipal) add additional complexities.

“If we tried to do this in the U.S., we would spend the next 20 years trying to get a committee together,” he said. “If we get it right in Canada, that model can then scale up around the world.”  

The Government of Canada recently ran a consultation for open banking to better understand the issues around it and how Canada would develop its strategy. As ForgeRock was a key contributor to DIACC’s response to the open banking consultation, Allan was asked why he sees identity and open banking as being so interlocked, or relevant to one another.

“What we’re now seeing is with the digital age, banks are needing to change the way they interact with their customers,” Allan said. He pointed to multiple, often competing entities (“frenemies”) within a sector. One group of banks may offer saving accounts to a certain group of customers, while another one offers credit cards to that same group of customers.

“If we get it right in Canada, that model can then scale up around the world.”

– Allan Foster

“Open banking traditionally is there because customers are feeling locked into silos. As those silos begin to open up, and the forward-thinking banks see an opportunity, the underlying thing that has to be rock-solid is identity.”

DIACC’s uniqueness as well as both public and private sector involvement drew Allan to the community. “We have all of these different stakeholders coming in with the realization that their problem is not unique, their problem is shared by everyone else in the country.  The benefit is for the country to come up with a solution that works for everybody, rather than the more mercenary approach of a technology that works for a company and everyone else gets left in the dust.”

Request for Review and Comment: Notice and Consent Component Overview V0.04 & Conformance Profile V0.07 Discussion Drafts

Le français suit

STATUS: This review is now closed. Thank you for your participation!

Notice of Intent: DIACC is collaborating to develop and publish a Notice and Consent industry standard as a Component of the Pan-Canadian Trust Framework to set a baseline of public and private sector interoperability of identity services and solutions.

Veuillez trouver la traduction française ci-dessous…

Summary:

The Notice and Consent Component defines a set of processes used to formulate a statement about the collection, use and disclosure of personal information, and to obtain a consent decision on that statement from a person authorized to do so. The Notice and Consent processes ensure that notice statements are accurately formulated according to defined requirements, that the person making the consent decision has the authority to do so, and that the management of that consent decision is possible.

The objective of the Notice and Consent Component is to ensure the ongoing integrity of the notice and consent processes by applying standardized conformance criteria for assessment and certification. A certified process is a trusted process that can be relied on by other participants of the Pan-Canadian Trust Framework.

The Notice and Consent Component builds on the forthcoming Privacy baseline that is in development and scheduled for Discussion Draft release in the coming months.

Invitation:

  • All interested parties are invited to comment including identity issuers, identity consumers, developers, and potential users.
  • The Discussion Drafts have been developed by the DIACC Trust Framework Expert Committee (TFEC) that operates under the DIACC controlling policies.

Documents:

Period:

Opens: April 3, 2019 at 23:59 PST | Closes: May 3, 2019 at 23:59 PST

Process:

  • All comments are subject to the DIACC contributor agreement.
  • Submit comments using the provided DIACC Comment Submission Spreadsheet.
  • Reference the draft and corresponding line number for each comment submitted.
  • Email completed DIACC Comment Submission Spreadsheet to review@diacc.ca
  • Questions may be sent to review@diacc.ca

Value to Canadians:

The Notice and Consent Component will provide value to all Canadians, businesses, and governments by setting a baseline of business, legal, and technical interoperability. The DIACC’s mandate is to collaboratively develop and deliver resources to help Canadian’s to digitally transact with security, privacy and convenience. The Pan-Canadian Trust Framework is one such resource. The Pan-Canadian Trust Framework represents a collection of industry standards, best practices, and other resources that help to establish interoperability of an ecosystem of identity services and solutions. The DIACC is a not-for-profit coalition of members from the public and private sector who are making a significant and sustained investment in accelerating Canada’s Identity Ecosystem.

Context:

The purpose of the Discussion Draft review is to ensure transparency in the development and diversity of a truly Pan-Canadian, and international, input. In alignment with our Principles for an Identity Ecosystem, processes to respect and enhance privacy are being prioritized through every step of the PCTF development process.

DIACC expects to modify and improve these Discussion Drafts based upon public comments. Comments made during the review will be considered for incorporation to the next drafts and DIACC will prepare a disposition of comments to provide transparency with regard to how each comment was handled. These drafts will be translated into French when they become more stable.

Demande de révision et de commentaire: Aperçu du volet avis et consentement V0.04 et profil de conformité de l’avis et du consentement V0.07 Guide d’examen des ébauches de discussion

Déclaration d’intention: Le DIACC collabore à l’élaboration et à la publication d’une norme de l’industrie en matière d’avis et de consentement faisant partie du cadre de confiance pancanadien (PCC) afin d’établir une base pour l’interopérabilité des services et solutions liés à l’identité entre les secteurs public et privé.

Résumé:

Le volet avis et consentement définit un ensemble de processus servant à faire une déclaration sur la collecte, l’utilisation et la divulgation des renseignements personnels, et à obtenir en retour le consentement d’une personne autorisée à le donner. Les processus d’avis et de consentement visent à faire en sorte que les déclarations soient formulées d’une façon exacte conformément à des exigences spécifiques, la personne qui donne le consentement soit autorisée à le faire et ce soit possible de gérer ce consentement.

Le volet avis et consentement a pour but d’assurer l’intégrité continue des processus d’avis et de consentement en appliquant des critères de conformité uniformisés pour l’évaluation et la certification. Un processus certifié est un processus de confiance auquel les autres participants du cadre de confiance pancanadien peuvent se fier.

Le volet avis et consentement s’appuie sur le respect de la vie privée, l’assise qui est en cours d’élaboration et dont l’ébauche de discussion sera diffusée dans les mois à venir.

Pour en savoir davantage sur la vision pancanadienne et les avantages pour tous, nous vous conseillons de lire le document Aperçu du cadre de confiance pancanadien | Pan-Canadian Trust Framework Overview.

Invitation:

  • Toutes les parties intéressées – émetteurs d’identité, consommateurs d’identité, développeurs et utilisateurs potentiels – sont invitées à faire des commentaires.
  • Les ébauches de discussion ont été préparées par le Comité d’experts du cadre de confiance du DIACC (TFEC), qui est assujetti aux politiques de contrôle du DIACC.

Documents:

Période:

  • Début: 3 avril 2019 à 23 h 59 HP | Fin: 3 mai 2019 à 23 h 59 HP

Processus:

  • Tous les commentaires sont régis par l’entente de contributeur du DIACC.
  • Les commentaires doivent être transmis à l’aide du fichier Excel fourni par le DIACC.
  • Veuillez indiquer pour chaque commentaire soumis l’ébauche et le numéro de ligne correspondant.
  • Le fichier Excel pour soumettre des commentaires au DIACC doit être envoyé par courriel à review@diacc.ca.
  • Pour toute question, veuillez écrire à review@diacc.ca.

Intérêt pour les Canadiens:

Le volet avis et consentement va présenter un intérêt pour l’ensemble des Canadiens, entreprises et gouvernements en établissant une base d’interopérabilité commerciale, juridique et technique. Le DIACC a pour mandat de collaborer au développement et à la prestation de ressources afin d’aider les Canadiens à effectuer des transactions numériques d’une façon sécuritaire et pratique qui respecte leur vie privée. Le cadre de confiance pancanadien, qui est une de ces ressources, regroupe un ensemble de normes, de pratiques exemplaires et autres ressources de l’industrie qui permettent d’établir l’interopérabilité d’un écosystème de services et de solutions en matière d’identité. Le DIACC est une coalition sans but lucratif de membres des secteurs public et privé qui investissent beaucoup et d’une façon soutenue pour accélérer la mise sur pied de l’écosystème de l’identité du Canada.

Contexte:

L’examen de l’ébauche de discussion vise à assurer la transparence du développement et la diversité d’un apport véritablement pancanadien et international. Conformément à nos principes pour un écosystème de l’identité, la priorité est donnée aux processus visant à assurer et à améliorer le respect de la vie privée à chaque étape du processus de développement du cadre de confiance pancanadien. Le DIACC s’attend à modifier et à améliorer ces ébauches de discussion en fonction des commentaires que lui fournira le public. Les commentaires reçus pendant l’examen pourraient être intégrés dans les prochaines ébauches et le DIACC va les regrouper afin de montrer d’une façon transparente comment chacun a été traité. Ces ébauches seront traduites en français une fois qu’elles seront plus stables.

« Older Entries

Newer Entries »