Yearly Archives: 2019

Canada’s Digital Charter – Trust in the Age of Technology

In today’s digital-first society, conversations concerning our digital economy have never been more important. At the Digital ID and Authentication Council of Canada (DIACC), a non-profit coalition of public and private sector leaders, we know that digital identity is vital to the growth and efficiency of the digital economy, touching almost all aspects of digital life.

A secure, interoperable digital identity offers more security and more opportunities for Canadians and Canadian organizations to participate economically and socially with a high degree of confidence. This is why Canada’s new Digital Charter, unveiled on Tuesday May 21st, is monumental, will help position Canada as a leader in the global digital economy.  

The Digital Charter is intended to protect Canadians’ privacy and establish requirements and regulations for how organizations can use personal data. Rooted in a foundation of trust, the Digital Charter will set a baseline for how companies, citizens and governments interact and transact online.  

“We applaud the new Digital Charter. The renewed commitment to updating privacy policies will ensure transparency in every aspect of digital life, from social media to healthcare and digital ID,” said Joni Brennan, President of the DIACC. “For DIACC, an organization whose key values and principles include transparency in governance and operation, as well as providing Canadians with choice, control, and convenience, this is a tremendous step in the right direction.”

Trust is at the center of the Charter, which emphasizes Canadians’ control over their personal information through ten key principles. Similar to the DIACC’s mission to unlock social and economic opportunities for Canada, while reducing costs and enhancing service delivery, the Charter aims to support all Canadians as they navigate a world where the divide between online and offline is increasingly blurred and the consequences of poor data management are serious.

“No single group can solve the identity challenge alone – so creating an ecosystem of collaborative partners is necessary to enable the secure digital identities needed for Canadians and our businesses today. “

– Joni Brennan, President of the DIACC

Notable principles in the Charter include open and modern digital government, keeping digital platforms safe from hate and violent extremism, and universal access for all. These principles underpin the work DIACC is leading in developing the Pan-Canadian Trust Framework (PCTF). The PCTF will enable Canada to securely participate in the global digital economy, while supporting economic innovation, service delivery, and the principles of an open government. The framework is being developed using a collaborative approach that takes into account the different perspectives of public sector and private sector stakeholders, as well as international experts, liaisons and the general public.

Building on the ten principles, the Charter sets out ambitious actions to enable and support Canadian innovation and leadership in the global digital economy.  These include a National Cyber Security Strategy and modernizing Canada’s Personal Information Protection and Electronic Documents Act (PIPEDA) – which has not been substantially updated since the early 2000s.

“These principles lay down the foundation that will allow us to build an innovative, people-centred and inclusive digital and data economy [founded] on trust,” outlined the National Innovation Minister Navdeep Bains, in a video posted on the government’s website.

The Charter is informed by insights gleaned from the government’s National Digital and Data Consultations. Canadians want more transparency in how their data is being collected and how it is being used, and recent data breaches have raised questions and public concern around this.

“No single group can solve the identity challenge alone – so creating an ecosystem of collaborative partners is necessary to enable the secure digital identities needed for Canadians and our businesses today. We recommend re-examining our policies on an annual basis,” said Joni Brennan. “As our connectivity grows and we seek to lead in the information age, our privacy and cybersecurity tools need to evolve just as much as our policies do.”

Keeping a pulse on industry trends, emerging threats, and new approaches in digital identity and across the digital economy is no small task. To stay ahead of the curve and protect Canadians’ best interests, the DIACC takes a unique approach, bringing together leaders from the public and private sectors and across Canada. Creating the conditions where otherwise competing or siloed organizations can work together as one team, the DIACC is committed to enabling Canada’s full and secure participation in the global digital economy. Members share resources and collaborate to develop industry standards, research, and proofs of concepts.

In today’s digital-first society, the Digital Charter and DIACC are Canada’s response as part of a wider, global movement to modernize outdated laws and prepare the country to adapt and thrive in a changing economic landscape. The government has laid the foundation, now it is time to continue the conversation. Learn more about becoming a DIACC member, participating in shaping Canada’s digital economy, and solving the real-world challenges of today.

Profiles in Identity Leadership: Ken McMillan

Ken McMillan

In our most recent ‘Profiles in Identity Leadership’ video, Joni Brennan spoke with Ken McMillan, who was Acting Director, Digital Identity at Treasury Board of Canada Secretariat, and co-chair of DIACC’s Trust Framework Expert Committee (TFEC). The committee is responsible for delivering Canada’s Digital Trust Framework, including the Pan-Canadian Trust Framework (PCTF).

In terms of a strategy to advance digital identity, Ken believes that Canada has the opportunity to take a lead. Canada doesn’t invest all the influence and decision making in the federal government. Rather, our strategy benefits from second, third and fourth opinions from the provinces, territories, and the private sector.

“In a sense, not being a single state that has a unitary approach.. and instead one that says we have to collaborate and we have to compromise, it puts us in a good position. That’s something that Canada can bring to the table,” he said.

In developing the PCTF, Ken has benefitted from the involvement of various groups in the TFEC.

For instance, if we can access – with privacy, consent, and security – some attributes that come by virtue of one’s banking or interactions relative to their internet service provider, then all of that information feeds into an understanding of whether an asserted identity is credible. A key question is: what do we minimally need to know about this individual to deliver a service?

“We need to complement that [interaction] with the data that is available in the private sector in terms of having a validation of identity that reflects currency as opposed to knowing once a year whether you file your taxes…we really benefit from having those Canadians at the table and the Trust Framework Expert Committee and being able to talk about how we make these systems work together.”

While his work in the area initially focused solely on just pure authentication with usernames and passwords, and not necessarily attaching identity to it, “that grew into an appreciation for some of the complexities of the problem.”  

“What I have enjoyed about DIACC is the amount of learning that takes place,” Ken said. “I like the idea that wherever I go I’m going to be surrounded by people who know a lot of things that I can learn from. [DIACC] brings a lot of different opinions, people tend to recognize that there is a stipulation to stay away from the sales pitch element and just talk about what we know, and what we’re learning, and demonstrate the humility of other things that we don’t know.”

Request for Review and Comment: PCTF Verified Login Component Overview V0.06 and Verified Login Conformance Profile V0.03 Discussion Drafts

Le français suit

STATUS: This review is now closed. Thank you for your participation!

Notice of Intent: DIACC is collaborating to develop and publish a Verified Login industry standard as a Component of the Pan-Canadian Trust Framework to set a baseline of standards and practices that guide public and private sector interoperability of identity services and solutions.

Veuillez trouver la traduction française ci-dessous…

Summary:

The Verified Login Component defines a set of processes used to enable access to digital systems and a set of conformance criteria for each process. These processes include binding a credential to a subject, binding authenticators to a credential, as well as lifecycle management functions that include updates, suspension, recovery, and revocation, and session management. For the purposes of Verified Login, a subject may be a person, organization, application, or device.

The objective of the Verified Login Component is to ensure the ongoing integrity of the login processes by applying standardized conformance criteria for assessment and certification. Verified Login is a set of processes that are intended to help establish confidence and trust in the use of a trusted digital identity. A certified process is a Trusted Process that can be relied on by other participants of the Pan-Canadian Trust Framework.

Invitation:

  • All interested parties are invited to comment including identity issuers, identity consumers, developers, and potential users.
  • The Discussion Drafts have been developed by the DIACC Trust Framework Expert Committee (TFEC) that operates under the DIACC controlling policies.

Documents:

Period:

Opens: May 15, 2019 at 23:59 PST | Closes: June 17, 2019 at 23:59 PST

Process:

  • All comments are subject to the DIACC contributor agreement;
  • Submit comments using the provided DIACC Comment Submission Spreadsheet;
  • Reference the draft and corresponding line number for each comment submitted;
  • Email completed DIACC Comment Submission Spreadsheet to review@diacc.ca;
  • Questions may be sent to review@diacc.ca.

Value to Canadians:

The Verified Login Component will provide value to all Canadians, businesses, and governments by setting a baseline standard to guide public and private sector interoperability of identity solutions and services. The DIACC’s mandate is to collaboratively develop and deliver resources to help Canadian’s to digitally transact with security, privacy and convenience. The Pan-Canadian Trust Framework is one such resource. The Pan-Canadian Trust Framework represents a collection of industry standards, best practices, and other resources that help to establish interoperability of an ecosystem of identity services and solutions. The DIACC is a not-for-profit coalition of members from the public and private sector who are making a significant and sustained investment in accelerating the establishment of Canada’s Identity Ecosystem.

Context:

The purpose of the Discussion Draft review is to ensure transparency in the development and diversity of a truly Pan-Canadian, and international, input. In alignment with our Principles for an Identity Ecosystem, processes to respect and enhance privacy are being prioritized through every step of the PCTF development process.

DIACC expects to modify and improve these Discussion Drafts based upon public comments. Comments made during the review will be considered for incorporation to the next drafts and DIACC will prepare a Disposition of Comments to provide transparency with regard to how each comment was handled.

Demande de révision et commentaires: Aperçu de la composante de connexion vérifiée V0.06 et profil de conformité de la connexion vérifiée 0.03 – ébauches de Discussion

Déclaration d’intention: Le DIACC collabore pour développer et publier une norme de l’industrie pour la connexion vérifiée en tant que composante du cadre de confiance pancanadien, afin de définir une base de normes et pratiques guidant l’interopérabilité des services et solutions d’identité dans les secteurs public et privé. 

Sommaire:

La composante de connexion vérifiée définit un ensemble de processus utilisés pour permettre l’accès aux systèmes digitaux et un ensemble de critères de conformité pour chaque processus. Ces processus consistent notamment à relier un identifiant à un sujet et des authentifiants à un identifiant, et incluent aussi des fonctions de gestion du cycle de vie, entre autres les mises à jour, la suspension, la récupération, la révocation et la gestion des sessions. Pour les besoins de la connexion vérifiée, un sujet peut être une personne, une organisation, une application ou un appareil.

L’objectif de la composante de connexion vérifiée est d’assurer l’intégrité continue des processus de connexion en appliquant des critères de conformité uniformisés pour l’évaluation et la certification. La connexion vérifiée est un ensemble de processus destinés à donner confiance dans l’utilisation d’une identité numérique. Un processus certifié est un processus de confiance auquel les autres participants du cadre de confiance pancanadien peuvent se fier. 

Invitation:

  • Toutes les parties intéressées, notamment les émetteurs d’identité, les consommateurs d’identité, les développeurs et les utilisateurs potentiels, sont invitées à faire des commentaires.
  • Les ébauches de discussion ont été développées par le comité d’experts du cadre de confiance du DIACC, qui est régi par les politiques de contrôle DIACC.

Documents:

Période:

Début : 15 mai, 2019 à 23 h 59 HNP | Fin : 17 juin 2019 à 23 h 59 HNP

Processus:

  • Tous les commentaires sont assujettis à l’entente de contribution DIACC;
  • Utilisez le formulaire fourni par le DIACC pour soumettre vos commentaires;
  • Faites référence à l’ébauche ainsi qu’au numéro de ligne correspondant pour chaque commentaire soumis;
  • Envoyez le formulaire de soumission de commentaires du DIACC dûment rempli à review@diacc.ca;
  • Pour toute question, veuillez écrire à review@diacc.ca.

Valeur pour les Canadiens:

La composante de connexion vérifiée apportera de la valeur aux Canadiens, aux entreprises et aux gouvernements en établissant une norme de base pour guider l’intéropérabilité des solutions et services d’identité dans les secteurs public et privé. Le DIACC a pour mandat de développer ainsi que fournir, en collaborant avec d’autres, des ressources visant à aider les Canadiens à effectuer des transactions numériques avec sécurité, confidentialité et commodité. Le cadre de confiance pancanadien, qui est une de ces ressources, présente un ensemble de normes de l’industrie, pratiques exemplaires et autres ressources qui favorisent l’interopérabilité au sein d’un écosystème de services et de solutions d’identité. Le DIACC est une coalition à but non lucratif de membres des secteurs public et privé qui font un investissement considérable et soutenu afin d’accélérer la mise en place de l’écosystème de l’identité du Canada.

Contexte:

L’objectif de l’ébauche de discussion est d’assurer la transparence dans l’élaboration et la diversité d’une contribution véritablement pancanadienne et internationale. Conformément à nos principes sur lesquels se fonde un écosystème de l’identité, les processus visant à respecter et à renforcer la protection de la vie privée sont priorisés à chaque étape du processus de développement du cadre de confiance pancanadien.

Le DIACC prévoit modifier et améliorer cette ébauche de discussion en fonction des commentaires venant du public. Les commentaires apportés lors de l’examen seront pris en compte en vue d’être intégrés dans les prochaines ébauches et le DIACC va préparer un recueil de commentaires afin de montrer d’une façon transparente comment chaque commentaire a été traité.

Letters from the President: A Collaborative Road less Travelled – Delivering a PCTF that Works for Canada and Around the World

DIACC’s approach

In Canada, DIACC is the singular organization focused on accelerating the establishment of a Canadian Identity Ecosystem – the singular organization where Canada’s identity experts and practitioners connect to share the deep knowledge needed to deliver a framework that will support our vision of an identity ecosystem where every Canadian has access to the societal and economic opportunities that digital identity can enable.

DIACC is unique among its global peers because our focus is on:

  1. enabling identity that works for both the public and private sectors;
  2. prioritizing privacy, security, and user-centred design;
  3. and enabling economic growth.

Meeting the needs and priorities of members across Canada and around the world is not a simple task. And, while our technology and virtual tools help us to connect Pan-Canadian interests, in-person meeting opportunities always help us to move our shared vision forward. In this context, the DIACC Board of Directors (comprised of public and private sector leaders) and the Trust Framework Expert Committee (TFEC) recently held a co-located in-person meeting in Ottawa.

At this meeting, the primary focus of the Board of Directors was a strong reaffirmation that every Director is committed to one approach for interoperability of identity across Canada. That one approach will provide and prioritize security, privacy and convenience of use. That one approach will prioritize privacy, security, and user-centred design to ensure that Canadians have choice, control, and consent by design, in terms of which systems they participate in, and in terms of how they participate.  That one approach will also recognize that various sources of data verification will be interoperable and available for Canadians to use to perform transactions. In that one approach, service providers will determine their verification needs and Canadians will choose which sources they wish to leverage to provide verification of only the minimized information needed to perform a specific transaction.

Pan-Canadian Trust Framework (PCTF) Development and Operationalization Principles


Through DIACC, Canada’s public and private sectors work as one team, with one vision to define the strategic and the operational way forward including – the industry standards, best practices, and tools needed to ensure systems and solutions align with Canadian principles and with international standards. Our diverse stakeholder collaborative approach ensures that PCTF development considers broad Canadian and international feedback and recognizes areas that may require contextual specialization.  Ultimately, one true test of the value of the PCTF will be its broad adoption.

To support the development of the PCTF in alignment with this vision, the Board of Directors developed and affirmed PCTF Development and Operationalization principles including:

  1. PCTF must provide value to the public and private sectors by defining a minimum set of requirements which encompasses standards and practices. The PCTF will promote interoperability that unlocks public and private sector identity capabilities and supports Canada’s economic growth.
  2. PCTF will define the baseline set of requirements for public and private sector, and there may be requirements that are defined as optional.
  3. The PCTF represents a willing community coalition, and is authoritative to those who adopt it.
  4. PCTF may be profiled by communities of interest to tighten the PCTF baseline for a specified use case.
  5. PCTF is developed, maintained and published by DIACC, based on the broad input of public and private sectors, international experts, liaisons and the general public.

These principles are designed to help us to move forward as a diverse community and to continue to evolve the PCTF to ensure that it meets broad stakeholder needs across Canada and around the world. These principles draw our focus to our PCTF approach while encouraging communities to develop profiles as a mechanism to inform and evolve the PCTF baseline of public and private sector criteria. And while these principles are intended to be more inward facing for our collaboration needs, they further support our foundational DIACC Principles for an Identity Ecosystem. Finally, we recognize that, although Canada is taking a road that is informed by the experiences of others around the world, ours is the public and private sector collaborative road that is less travelled.  Our priority is to meet the needs of Canadians and our hope is to inform the roads that others will take around the world.

Spotlight on Yoti

Meet Yoti

  1. What is the mission and vision of Yoti?

Our mission is to be the world’s trusted identity platform. We want to be the solution to fears around transparency, trust, privacy and control.
To achieve this, we need to build trust, which is not an easy task today for any company. So we’re building Yoti around principles which are regulated by an independent Guardian Council – the antithesis of big tech and data companies. By staying on track to our principles and working in close collaboration with all of our stakeholders including businesses and governments, we can achieve our goal of putting people in control of their data and fixing the broken identity system.

2. Why is trustworthy digital identity critical for existing and emerging markets?

The current identity system is broken – organisations and governments still rely on paper or card-based forms of identity verification, because proving who we are online to a high degree of certainty has been difficult. This process of creating physical forms of identity can take days or weeks instead of seconds, and often results in us sharing excessive amounts of personal information, putting us at great risk of identity theft. Millions of ID documents are lost every year, over 1.1 billion people around the world don’t have any form of identification, and the costs of online scams and fraud are spiralling. Having a trusted digital identity system is critical in fixing these issues.

3. How will digital identity transform the Canadian and global economy? How does Yoti address challenges associated with this transformation?

The ability to seamlessly use digital identities will empower individuals, businesses and government, and help unleash the true potential for a digital economy.

A digital identity lets individuals prove their identity online and in-person in a seamless, simple and secure way. They can share specific identity attributes, such as their name and date of birth, without disclosing their full identity with ID documents; helping to protect them from the ever-growing risks of identity theft. Individuals have a more convenient way to prove their identity across a range of industries and sectors – from financial services, travel, healthcare, dating and retail. More people will be able to take part in society and access essential services such as healthcare, education and finance, without being held back by lack of documentation, geography or wealth.

Companies have a cost-effective and efficient way to verify the identity of their customers, saving time and money, as well as reducing the risks associated with identity fraud. Additionally, governments can be sure that the right person is involved in the transaction, empowering them to offer a greater range of online services with the confidence and certainty that the users are who they say they are; leveraging technology to create a digital ecosystem.

Yoti is a global digital identity platform and free consumer app that gives individuals a simple, fast and secure way of proving who they are, online and in person. Each account is linked to biometrics and an ID document, so businesses and governments can be confident in the details shared with them – creating more trust and transparency. Challenging the existing way of doing things is never easy, but it’s time for a better way to prove who we are.

4. What role does Canada have to play as a leader in the space?

Canada has many advantages in the digital identity space. End-user demand is high for ubiquitous and low-friction access to digital services and information.  Canada has highly-evolved financial infrastructure and cybersecurity methods to balance end-user demand with secure identity and authentication. The regulatory environment is demanding. We believe Canada will be harnessing these factors to develop world-leading identity management and authentication processes in the coming years and will likely assume a leadership role in this area.

5. Why did Yoti join the DIACC?

As Yoti expands into Canada, we are seeing active participation in the local Digital ID community being of paramount importance.  While we are looking to grow our business and develop opportunities in Canada, we also want to contribute to the development of an ethical, safe and trusted Digital ID framework across the country, as we have done elsewhere in the world.

6. What else should we know about Yoti?

Yoti has achieved some significant milestones and partnerships, including:

  • Working with Heathrow Airport to explore biometric travel for passengers
  • Selected as the official digital ID provider for the Government of Jersey
  • Partnered with the Improvement Service in Scotland to help deliver digital services to Scottish citizens
  • Partnered with social networking site Yubo, who are using Yoti Age Scan to flag accounts where the person appears to have significantly misstated their age; an important step in safeguarding young people on social networks which would be expensive to do manually each day
  • Working with Jagermeister to let individuals use Yoti to prove their age when buying age-restricted products on the new www.jagershop.co.uk, promoting responsible alcohol sales online with digital identities
  • Gained accreditation for SOC2, FCA Sandbox and UK Government G-Cloud
  • Over 4 million installs of their app since launching in November 2017
  • Has a team of 250 staff, headquartered in London with offices in India and the U.S.
  • Yoti has 25 separate patents and applications in the U.S. and the U.K. Their core digital identity patents (which cover the core Yoti system and our method of storing and sharing identity attributes) have a very early priority date in the digital identity industry.

Advance a Digital Identity Shared Curriculum

Share your thoughts with us by completing our survey

We encourage you to share this with anyone within your network who might find value in participating in this survey

The time to advance a shared curriculum framework for digital identity is now and you can help make a difference. A better digital identity future must be realized through strategic community collaboration that connects stakeholder knowledge.

In alignment with DIACC’s Digital Identity Ecosystem Principles and Strategic Goals, we are building a community engagement forum to establish a consensus of goals and actions to achieve a standardized curriculum framework for digital identity.

Your participation in our survey will help inform the development and launch of a shared curriculum framework project. DIACC will compile the survey results, summarize responses, and share the findings with the public.

Who should take the survey?

This project requires multidisciplinary input of academic and identity experts from fields including information security, privacy, law, health, sociology, economics, and more. All interested parties are invited to participate.

Where appropriate, the curriculum will be standardized for application across countries, cultures, markets, universities and other institutions, while maintaining its flexibility for customization consistent with the local community and educational practices. Curriculum standards enable measurement that serve a variety of stakeholder needs, including instructors, future employers, consumers, regulators and others.

Getting Society Ready for the Digitization of Identity

The practices and concepts around real-world identity have been foundational to human society throughout history, but have always operated invisibly as part of other social, cultural, economic, political, legal, and other systems.

Digital identity issues loom large in discussions of privacy, security, and liability challenges, which seem to resist tractable solutions. Identity issues are pervasive and apply to verifying the identities of people, organizations, and things that humans interact with. The attributes of the identities of these various entities affect the interactions of humans in myriad ways and have thus earned the attention of various academic departments.

Yesterday’s identity solutions resulted from an institutional view of identity in which each organization structured its client relationships in a way that suited specific needs. This resulted in fragmented identity experiences for individuals and created organizational expectations and habits that shaped economic business and political citizenry models. Most notably the user experience and privacy control needs of the individual were often overlooked.

Academia is uniquely suited to bring coherence to “identity”

Academic institutions are uniquely positioned to innovate new solution pathways and offer ideal multidisciplinary settings in which to develop identity curriculum. DIACC can help to coordinate the activities among academic institutions across jurisdictions and disciplines, and identify timely and relevant identity issues and topics for consideration for inclusion in shared curriculum resources.

A well matured digital identity curriculum should encompass most of the disciplines on campus. For now, DIACC’s curriculum aspirations are more modest: to help identify core elements of an identity curriculum that can prepare students for the professional and personal navigation of digital interaction spaces – where we all already direct most of our waking attention.  

Why does DIACC care?

In order to achieve our vision, today’s students must be ready to enter the workforce with the Identity Management knowledge needed to solve challenges and leverage opportunities.  Working with our liaisons, DIACC proposes a program to design, develop and deploy a curriculum framework and a set of instructional resources for “digital identity” that is broadly shared.

On behalf of the DIACC community, thank you.

Profiles in Identity Leadership: Allan Foster

In our recent ‘Profiles in Leadership’ video, Joni Brennan had a conversation with Allan Foster, who is a DIACC Director and VP of Global Partner Success at ForgeRock. The two discussed identity innovation, open banking and Canada’s collaborative approach.

ForgeRock, a digital identity management platform, is headquartered in San Francisco, CA, but is active across the globe.

Allan highlighted the importance of the Canadian community. “We are very involved in the DIACC for the reason that we see Canada as a major leader within the space…Canada is the looking glass for the entire planet.”

He pointed out that Canada’s relatively small size (about 35 million identities across the country) make it a manageable size with which to “do a project and succeed, however, it’s also complex enough to be interesting.” Multiple governments (federal and municipal) add additional complexities.

“If we tried to do this in the U.S., we would spend the next 20 years trying to get a committee together,” he said. “If we get it right in Canada, that model can then scale up around the world.”  

The Government of Canada recently ran a consultation for open banking to better understand the issues around it and how Canada would develop its strategy. As ForgeRock was a key contributor to DIACC’s response to the open banking consultation, Allan was asked why he sees identity and open banking as being so interlocked, or relevant to one another.

“What we’re now seeing is with the digital age, banks are needing to change the way they interact with their customers,” Allan said. He pointed to multiple, often competing entities (“frenemies”) within a sector. One group of banks may offer saving accounts to a certain group of customers, while another one offers credit cards to that same group of customers.

“If we get it right in Canada, that model can then scale up around the world.”

– Allan Foster

“Open banking traditionally is there because customers are feeling locked into silos. As those silos begin to open up, and the forward-thinking banks see an opportunity, the underlying thing that has to be rock-solid is identity.”

DIACC’s uniqueness as well as both public and private sector involvement drew Allan to the community. “We have all of these different stakeholders coming in with the realization that their problem is not unique, their problem is shared by everyone else in the country.  The benefit is for the country to come up with a solution that works for everybody, rather than the more mercenary approach of a technology that works for a company and everyone else gets left in the dust.”

Request for Review and Comment: Notice and Consent Component Overview V0.04 & Conformance Profile V0.07 Discussion Drafts

Le français suit

STATUS: This review is now closed. Thank you for your participation!

Notice of Intent: DIACC is collaborating to develop and publish a Notice and Consent industry standard as a Component of the Pan-Canadian Trust Framework to set a baseline of public and private sector interoperability of identity services and solutions.

Veuillez trouver la traduction française ci-dessous…

Summary:

The Notice and Consent Component defines a set of processes used to formulate a statement about the collection, use and disclosure of personal information, and to obtain a consent decision on that statement from a person authorized to do so. The Notice and Consent processes ensure that notice statements are accurately formulated according to defined requirements, that the person making the consent decision has the authority to do so, and that the management of that consent decision is possible.

The objective of the Notice and Consent Component is to ensure the ongoing integrity of the notice and consent processes by applying standardized conformance criteria for assessment and certification. A certified process is a trusted process that can be relied on by other participants of the Pan-Canadian Trust Framework.

The Notice and Consent Component builds on the forthcoming Privacy baseline that is in development and scheduled for Discussion Draft release in the coming months.

Invitation:

  • All interested parties are invited to comment including identity issuers, identity consumers, developers, and potential users.
  • The Discussion Drafts have been developed by the DIACC Trust Framework Expert Committee (TFEC) that operates under the DIACC controlling policies.

Documents:

Period:

Opens: April 3, 2019 at 23:59 PST | Closes: May 3, 2019 at 23:59 PST

Process:

  • All comments are subject to the DIACC contributor agreement.
  • Submit comments using the provided DIACC Comment Submission Spreadsheet.
  • Reference the draft and corresponding line number for each comment submitted.
  • Email completed DIACC Comment Submission Spreadsheet to review@diacc.ca
  • Questions may be sent to review@diacc.ca

Value to Canadians:

The Notice and Consent Component will provide value to all Canadians, businesses, and governments by setting a baseline of business, legal, and technical interoperability. The DIACC’s mandate is to collaboratively develop and deliver resources to help Canadian’s to digitally transact with security, privacy and convenience. The Pan-Canadian Trust Framework is one such resource. The Pan-Canadian Trust Framework represents a collection of industry standards, best practices, and other resources that help to establish interoperability of an ecosystem of identity services and solutions. The DIACC is a not-for-profit coalition of members from the public and private sector who are making a significant and sustained investment in accelerating Canada’s Identity Ecosystem.

Context:

The purpose of the Discussion Draft review is to ensure transparency in the development and diversity of a truly Pan-Canadian, and international, input. In alignment with our Principles for an Identity Ecosystem, processes to respect and enhance privacy are being prioritized through every step of the PCTF development process.

DIACC expects to modify and improve these Discussion Drafts based upon public comments. Comments made during the review will be considered for incorporation to the next drafts and DIACC will prepare a disposition of comments to provide transparency with regard to how each comment was handled. These drafts will be translated into French when they become more stable.

Demande de révision et de commentaire: Aperçu du volet avis et consentement V0.04 et profil de conformité de l’avis et du consentement V0.07 Guide d’examen des ébauches de discussion

Déclaration d’intention: Le DIACC collabore à l’élaboration et à la publication d’une norme de l’industrie en matière d’avis et de consentement faisant partie du cadre de confiance pancanadien (PCC) afin d’établir une base pour l’interopérabilité des services et solutions liés à l’identité entre les secteurs public et privé.

Résumé:

Le volet avis et consentement définit un ensemble de processus servant à faire une déclaration sur la collecte, l’utilisation et la divulgation des renseignements personnels, et à obtenir en retour le consentement d’une personne autorisée à le donner. Les processus d’avis et de consentement visent à faire en sorte que les déclarations soient formulées d’une façon exacte conformément à des exigences spécifiques, la personne qui donne le consentement soit autorisée à le faire et ce soit possible de gérer ce consentement.

Le volet avis et consentement a pour but d’assurer l’intégrité continue des processus d’avis et de consentement en appliquant des critères de conformité uniformisés pour l’évaluation et la certification. Un processus certifié est un processus de confiance auquel les autres participants du cadre de confiance pancanadien peuvent se fier.

Le volet avis et consentement s’appuie sur le respect de la vie privée, l’assise qui est en cours d’élaboration et dont l’ébauche de discussion sera diffusée dans les mois à venir.

Pour en savoir davantage sur la vision pancanadienne et les avantages pour tous, nous vous conseillons de lire le document Aperçu du cadre de confiance pancanadien | Pan-Canadian Trust Framework Overview.

Invitation:

  • Toutes les parties intéressées – émetteurs d’identité, consommateurs d’identité, développeurs et utilisateurs potentiels – sont invitées à faire des commentaires.
  • Les ébauches de discussion ont été préparées par le Comité d’experts du cadre de confiance du DIACC (TFEC), qui est assujetti aux politiques de contrôle du DIACC.

Documents:

Période:

  • Début: 3 avril 2019 à 23 h 59 HP | Fin: 3 mai 2019 à 23 h 59 HP

Processus:

  • Tous les commentaires sont régis par l’entente de contributeur du DIACC.
  • Les commentaires doivent être transmis à l’aide du fichier Excel fourni par le DIACC.
  • Veuillez indiquer pour chaque commentaire soumis l’ébauche et le numéro de ligne correspondant.
  • Le fichier Excel pour soumettre des commentaires au DIACC doit être envoyé par courriel à review@diacc.ca.
  • Pour toute question, veuillez écrire à review@diacc.ca.

Intérêt pour les Canadiens:

Le volet avis et consentement va présenter un intérêt pour l’ensemble des Canadiens, entreprises et gouvernements en établissant une base d’interopérabilité commerciale, juridique et technique. Le DIACC a pour mandat de collaborer au développement et à la prestation de ressources afin d’aider les Canadiens à effectuer des transactions numériques d’une façon sécuritaire et pratique qui respecte leur vie privée. Le cadre de confiance pancanadien, qui est une de ces ressources, regroupe un ensemble de normes, de pratiques exemplaires et autres ressources de l’industrie qui permettent d’établir l’interopérabilité d’un écosystème de services et de solutions en matière d’identité. Le DIACC est une coalition sans but lucratif de membres des secteurs public et privé qui investissent beaucoup et d’une façon soutenue pour accélérer la mise sur pied de l’écosystème de l’identité du Canada.

Contexte:

L’examen de l’ébauche de discussion vise à assurer la transparence du développement et la diversité d’un apport véritablement pancanadien et international. Conformément à nos principes pour un écosystème de l’identité, la priorité est donnée aux processus visant à assurer et à améliorer le respect de la vie privée à chaque étape du processus de développement du cadre de confiance pancanadien. Le DIACC s’attend à modifier et à améliorer ces ébauches de discussion en fonction des commentaires que lui fournira le public. Les commentaires reçus pendant l’examen pourraient être intégrés dans les prochaines ébauches et le DIACC va les regrouper afin de montrer d’une façon transparente comment chacun a été traité. Ces ébauches seront traduites en français une fois qu’elles seront plus stables.

Consumer Digital Identity Leveraging Blockchain

DIACC forecasts that numerous multiple-party Identity Information Networks (aka Networks), may become available in the near future. What are some implementation considerations regarding such networks?

To further explore this, DIACC member SecureKey released a new white paper, Consumer Digital Identity Leveraging Blockchain.

For this project, collaboration is key. “Establishing a secure and effective digital identity network would truly not be possible were it not for effective collaboration between the public and private sectors towards this shared goal,” said Didier Serra, EVP, Sales & Marketing at SecureKey.

“Our forthcoming digital identity network was also strengthened by its development in accordance with DIACC’s digital network principles and with the U.S. Department of Homeland Security Science & Technology Directorate (DHS S&T) support. Operating within this framework and in a collaborative environment, we were able to get the necessary findings to establish a first-of-its-kind digital identity network in Canada.”  

SecureKey is implementing a Network on blockchain technology, one that strives to provide a foundational service to drive forward the digital economy.


Networks have a number of benefits, among them, the potential to secure:

  • A user’s right to privacy of activity
  • A user’s right to decide when, and what information is shared between organizations

This can simplify in-person services, such as visiting a financial institution to apply for a credit product. This is often a lengthy process, one in which the user must submit various forms of documentation to confirm their identity. Alternatively, this process can also be completed online.

Users create Digital Lockboxes, in which they are able to share and manage their digital assets, review transaction history and report problems. This service is not limited to only mobile devices, as SecureKey’s collaboration with Intel Corporation offers the option for consumers to verify their identity directly from a laptop or desktop, with additional privacy and security.   

Key findings from the research stress the fact that Networks must prioritize speed and efficiency when processing transactions. This would also allow for a seamless user experience. Furthermore, these findings provide an opportunity to inform the Pan-Canadian Trust Framework.  

“At SecureKey, we believe that the strongest approach to solving the problems of digital identity for consumers and businesses alike is an approach taken together. We are proud of the work we’ve been able to achieve alongside DIACC and our public and private sector partners to better Canadians’ digital lives,” said Serra.

About the Paper

The Information in this report is based on research funded by the U.S. Department of Homeland Security Science & Technology Directorate (DHS S&T). Any opinions contained herein are those of the performer and do not necessarily reflect those of DHS S&T.

This content of this white paper is developed under the governance of the DIACC International Applied Research program. The International Applied Research program connects innovators that align with the DIACC Digital Identity Ecosystem Principles with international applied research funding opportunities. The content of the paper was submitted by SecureKey and does not necessarily reflect those of the DIACC membership.

« Older Entries

Newer Entries »