Yearly Archives: 2020

Exploring Facial Biometrics. What is it?

Contributions made by members of the DIACC’s Outreach Expert Committee

In 2017 Apple unveiled a new biometric sensor in its flagship iPhone X, and the media couldn’t stop talking about “Face ID.” Fast-forward three years: Face authentication has been well received by users, and face scans are now employed to unlock Google’s Pixel smartphones, as well as devices from many other top-tier manufacturers. And now, Governments and enterprises worldwide are looking to facial biometrics to address their need for trustworthy remote identity verification during and after the global pandemic. And it makes sense, we interact with other humans by seeing, being seen, speaking, and listening, so naturally, our interactions with technology will also evolve toward our most selected for modalities.

In some countries, remote face verification is already being used to prove user identity for many important applications. From remote citizenship verification to pension payments to accessing government services, the face modality can provide a secure way for users to prove their identity without the need to appear in person at a specific location. This tailored biometric technology enables unsupervised users to prove who they are remotely with the devices they already own. 

This blog post defines the most common types of facial biometrics and explores the role that face verification and authentication will play in the future of digital identity, in addition to setting the stage for more in-depth posts on topics such as how user data and privacy are managed, the impact of COVID-19 on face verification, new advancements that enable unsupervised remote access and account creation, Liveness Detection, as well as the more technical aspects of this evolving biometric technology.

There are three common uses for facial matching technology:

  1. Verification answers the question, is this person legally who they claim to be? For example, where a business has a need to confirm your existence, a KYC (Know Your Customer) file can simplify the process to identify you by matching your selfie against the photo which is loaded on your passport chip or to the source ID photo stored in a government database. A digital photo of a user-provided ID Document can also be matched against, but since it is not verified with the issuer of the legal identity and high-quality fake IDs do exist, it provides a lower level of assurance and results in added controls used by companies to compensate for this.
  2. Authentication leverages the ability to match one’s previously enrolled biometric data to log into a device, a website, or application. Face Authentication offers the balance of security and user convenience long sought by consumers.
  3. Recognition seeks to match face data from an unknown individual and make their identity known by finding a match in a database of known faces. This has been known to be used in some countries by law enforcement and border patrol where the person may have limited or no awareness that the face scanning is taking place and have not provided their consent.

Regarding the three uses outlined above, the verification process is of high priority to the public and private sectors alike. Verification through facial biometrics is an approved method of the Financial Transactions and Reports Analysis Centre of Canada (FINTRAC), enabling Canadians to open a bank account without physically visiting a branch. Additionally, in July 2020, the British Columbia Government launched their Send Video feature within the mobile BC Services Card to meet the increased demand for alternative ways to verify a person’s identity in order to activate a mobile BC Services Card and, in turn, making it easier for provincial residents to access online government services during the COVID-19 pandemic and in the future. In these instances, the individual is aware and has consented for their identity to be verified for a product (i.e., account opening) or service (e.g., applying for a driver’s license, services card, or passport).

Verification also addresses the justified concerns regarding privacy. A GAO’s report, The International Biometrics + Identity Association’s (IBIA)Principles for Biometric Data Security and Privacy, states that technological constraints around some facial biometric technologies drive a need for all commercial and civil government applications, organizations to protect biometric data retained by using biometric one-way template transformation. New practices will likely require a liveness detection layer as well, especially when the biometric data is captured in an unsupervised environment. In addition, the IBIA’s Best Practices state that it is good practice to maintain a separation between biometric and associated non-biometric personal information.

The impact of large data breaches is both a significant privacy intrusion and direct financial impact to society in covering the losses due to crime and controls to prevent it. Facial Biometrics can dramatically reduce the criminal demand for data when used for both verification and authentication as a replacement of Knowledge Based Authentication (KBA) by limiting the ability of this information to be used for account takeovers and identity theft. It also has a beneficial side effects by reducing the need for customers to provide unrelated personal information. Knowledge questions such as requesting your mother’s maiden name to open a bank account is a direct contrast against the privacy principle of only collecting the information needed for the relevant purpose. With no reasonable expectation that Data Breach frequency will decrease in the future until wide-scale Knowledge Based Authentication has been replaced, biometrics have begun to bridge the confidence gap, while reducing the added friction.

Policymakers, privacy advocates, and regulators understand that new technologies are being added to existing facial biometric matching to render leaked personal data useless and ensure that any leaked biometric data is both isolated and encrypted to reduce the impacts on individuals from an identity fraud perspective. Liveness detection technology, for example, prevents malicious users from reusing biometric data by requiring a 1st generation capture of new data every time for verification of an individual. It is also common practice not to store face images in databases unencrypted; instead, photos are converted into data in a string of numeric values commonly referred to as a biometric template. 

Face matching and Liveness Detection are powerful technologies that, when combined, enable privacy-preserving biometric use cases like replacing easily guessed or compromised passwords and health-preserving social-distancing use cases like remotely opening a bank account. Many are starting to agree that these security and usability benefits are a tremendous improvement over the previous generation of authentication methods.  

In short, for the purposes of allowing a user to positively identify themselves from their own device, only face verification and face authentication are employed. Face verification creates trust, while face authentication maintains it. Both functions are covered in the Pan-Canadian Trust Framework™ that is intended to support a robust digital identity, trust ecosystem that will allow all Canadians to do more online, in a safer, more secure, and confident way. 

Making Sense of Digital Wallets

Guidelines for Design

Recent advances in the state of the art of digital identity systems are putting the user back in control of their information and their privacy. An important building block of this advancement is the digital wallet for users. This document proposes what a trusted digital wallet should aim to do. Without it, software developers are left to guess, the marketplace offering will be fragmented, and ultimately will result in delaying the adoption of user-centric digital identity solution.

Download the paper.

Making-Sense-of-Digital-Wallets_VF

Help Define and Design the Future of Canada’s Levels of Assurance with DIACC

Online transactions, interactions, and service delivery are no longer aspirational end-states. In the wake of COVID-19, digital has become the default for many Canadians and industries. Making that default work long-term means earning and maintaining trust for people and platforms. Levels of assurance (LOAs) create a clear roadmap for developing that confidence, both for teams offering and people accessing services. Learn more about LOAs in our recent post to understand why they matter to Canadians, where we’re at and where we go from here.

“Making sure we have a common way to evaluate and measure the integrity of that data is central to a common bar of acceptance,” DIACC President Joni Brennan explained. To get a better understanding of how LOAs are a core factor in the future and success of digital platforms, we spoke with Joni and George Watt, Partner, Strategy and Lean Innovation Practice at Becker-Carroll. George has extensive experience leading and developing innovation and security with global enterprises.

Why are Levels of Assurance so important right now? 

George Watt: The pandemic accelerated the pace of digital transformation to breakneck speed. Governments have responded with impressive resolve to deliver new digital services safely. The private sector faced similar challenges with lockdowns and restrictions, new customer needs and opportunities to better serve their customers. For some, these transformations are imperative just to remain viable.

These organizations, both public and private, need to be able to safely transact digitally with their customers, and to interact with one- another. They need to be certain the entities they’re dealing with are who they claim to be with a level of confidence commensurate with risk inherent in each transaction. 

Levels of Assurance are about specific agreements between participants in an ecosystem that enable them to understand the level of confidence they can place in those transactions.

When it’s done well it becomes an unambiguous contract that makes it safe for people to transact digitally. 

Joni Brennan: The LOA conversation is important because it is a piece of the conversation that focuses on the verification of information that would be part of a transaction is authentic. The technical conversation is an important part of the puzzle… but making sure we have good data that can be relied upon and have assurance around that data is ultimately critical. 

For example, if I were a bank, I want to know data is good no matter where it came from. 

LOAs are an important piece of the puzzle for making transactions possible. 

What’s a use case where Canadians interact with LOAs? 

George Watt: When citizens interact with these LOA schemes they aren’t aware it’s happening – but they are aware of its impact. Signing into social media is a low risk example that many people do every day – but those service providers don’t truly know who their customers are. Any of the other services Canadians access with those social media digital credentials would also be considered low level of assurance because nothing is done to ensure the account holder is who they claim to be. 

Online banking is a high risk example. Compromise of that information could be devastating and could lead to bankruptcy or worse. That’s why the Canadian banking industry has a very high LOA standard that helps ensure customers are who they say they are, and helps customers protect themselves. 

The consumer doesn’t see these LOAs in explicit ways but sees their impact implicitly. For example, you don’t need to visit Facebook HQ to get an account – it has a low level of assurance – but you do need to visit your financial institution or go through a more rigorous process to prove who you are to get a bank account. They require a higher level of confidence that they know who you are. 

Joni Brennan: The ability to access city plans and interface on a decision like [changing traffic flow to create active streets] would be a lower risk interaction. Learning that there will be some barriers set up for bicycles would be low risk for other citizens or the municipal government. 
Accessing your pension or tax refund would be an example with higher risk. Something that we haven’t solved yet (but relates to digital ID) is access to digital medical records. Ideally, it will be in a way that the patient can access their own records and make those records transferable or portable between doctors, between patients and across different devices. Access to health records in a ubiquitous way is high risk. It’s something we don’t have today that identity and LOA would help with.

What’s the biggest advantage of a strong LOA scheme? 

Joni Brennan: Part of the ‘why’ behind why we’re talking about this is because we have different LOA schemes in Canada today. Those different schemes have created room for challenges and adoption delays, across different regions and different stakeholders. Different parties might be using the same assurance number – but the way they’re calculating it isn’t consistent, leading to variable outcomes. 

A level of consistency and transparency in terms of assurance – that relates to individual capability in a transaction – makes acceptance and confidence in an interaction clearer and helps the economy as a whole. It’s important for banks, governments, telecommunications providers, and users. Strength in a common acceptance and transparency would help and that’s what we’re missing right now in Canada. 

George Watt: It’s important that we develop a common understanding of these risks and establish a shared vocabulary that ensures we all evaluate risks the same way. Strong LOA schemes will enable positive economic and social impact through more robust delivery of services across domains. 
If we don’t understand those risks collectively, we either won’t deliver the services necessary to live up to our potential — or we will deliver them without understanding the risks, which could be even worse and potentially set us back. Trust is speed. A strong scheme means faster delivery of more robust and trustworthy services. Participation in these digital ecosystems will drive better seamless services for all Canadians.

Why is DIACC advocating for stronger and consistent LOAs?

Joni Brennan: We need commonality in terms of how information is verified. For that measure of assurance of information, we need a common scheme that works across the different schemes that exist in Canada today. It will create visibility and a common approach so that no matter the industry, teams can work from the same starting point for validation and verification of information. That is so important, whether it’s health or AI or smart cities. 

The current scheme and current state of the art doesn’t provide the level of dynamism required in a hyperconnected ecosystem. The current ‘1 through 4’ scheme applied on top of a complicated transaction involving many partners with different capabilities – that singular number is actually insufficient. It’s much better to have transparency, visibility, and a ‘score card’, if you will, that measures assurance that is verified. That’s the kind of dynamism and transparency we need in a hyperconnected ecosystem, that provides scalability in an LOA scheme. 
George Watt: What we had was good – but it needs to evolve to keep up with what we’re dealing with now. We need to solve tomorrow’s challenges today, not yesterday’s problems. A more modern approach to LOAs is necessary to make that happen.

What will be the biggest factor for success? 

George Watt: Bringing the public and private sector together and bridging the many international standards groups… I think the defining factor for success will be collaboration. There are lots of smart people who’ve been thinking about this. More importantly this assurance scheme will work best when private and public sector, NGO and standards orgs work together to create a more trustworthy, more robust ecosystem that allows Canada to live up to its potential. Collaboration will be key. 

Joni Brennan: Collaboration will also represent a diversity of stakeholder needs and values – which is important to ensure the way forward is as inclusive as it can be. Success requires communication and education around the why – why we’re doing this work, the value, as well as how this work will be adopted. 

As George said, for people participating in a transaction these LOAs are meant to be invisible. They’re not always the most exciting or technical part of the work – but they provide that layer of integrity underneath the technology and user experience. To succeed, we’ll need education and communication.

George Watt: Diversity is the rocket fuel of innovation. Working with DIACC, I’ve always been impressed by the diversity of membership and those who participate. It’s a diverse group of smart people who are willing to come together to work on important and complex problems.

Bring your voice to the DIACC and share your perspective on how we can solve these pressing, complex challenges. Together, through our Five Year Strategy, we’re aiming to identify key policy and regulatory enablers and barriers to digital identity growth, including creating a unified approach to LOAs. Join us and subscribe for more on LOAs in Canada.

Spotlight on FaceTec

1.What is the mission and vision of FaceTec?

FaceTec’s mission is to end identity theft and protect privacy by ensuring access to important accounts and information is only available to their legal owners. FaceTec’s state-of-the-art biometric cybersecurity AI has been specifically designed to enable widespread, secure, unsupervised identity verification and user authentication from any modern smart device or PC with a webcam. 

2. Why is trustworthy digital identity critical for existing and emerging markets?

Strong, reliable, digital identity verification empowers individuals by allowing full access and control over current accounts, and protects them when they open new accounts. Trusted digital identity is also critical for enterprise, allowing them to ensure the customers they interact with are legally who they purport to be. By fostering trust on both sides of any remote interaction, FaceTec lowers friction while increasing value. Beyond quantifiable economic benefits, effective user authentication offers noneconomic value to individuals through social and political inclusion, rights protection, and enhanced transparency. The certainty trustworthy digital identity provides is a benefit to individuals, organizations, and society as a whole, and drives higher overall social and economic utility.

3. How will digital identity transform the Canadian and global economy? How does FaceTec address challenges associated with this transformation?

The adoption of a trustworthy remote digital identity verification program will pay quick and lasting dividends in Canada’s social, economic, and political activities. Natural communications barriers – within and outside of Canada – including vast distances, changing weather, and topographical challenges, will be minimized, fostering simplified, trusted interactions regardless of the environmental circumstances.

FaceTec’s technologies were created from inception to promote inclusion and provide the same advantages to anyone with digital access, regardless of their physical, economic, or social status.

4. What role does Canada have to play as a leader in this space?

Canada’s international reputation for thoughtful, rational decision-making will lend significant credibility to the adoption of strong digital identification programs. With a very diverse and large population, Canada will prove to be a beacon for other large-scale digital ID projects that society as a whole will benefit from.

5. Why did FaceTec join the DIACC?

The DIACC’s goals and approaches to solving a major social and economic problem are aligned with FaceTec’s. Leveraging the DIACC’s comprehensive relationship network and FaceTec’s first-hand technology and market experience, will ensure the development of a much more effective and inclusive solution.

6. What else should we know about FaceTec?

A pioneer and global leader in biometric cybersecurity dedicated to privacy, security, and transparency, FaceTec has provided the most accurate remote authentication technology to hundreds-of-millions of users on six continents. FaceTec patented 3D FaceScan UI, battle-tested 3D Liveness Detection, and 3D Face Matching AI anchors identity and enables true passwordless authentication from all modern smart devices and webcam-enabled systems. FaceTec’s small-footprint (3.9mb) device SDKs and neural-network-powered server SDK comprise a complete, feature-rich authentication platform that allows customers’ user data to stay encrypted behind their own firewalls. Easy to integrate into any app or web page, hundreds of organizations now provide exceptionally secure new account onboarding and ongoing access to high-value accounts in financial and government institutions, telecoms, ecommerce, blockchain, social networks, and more.

Spotlight on ARUCC

1.What is the mission and vision of ARUCC?

The Association of Registrars of the Universities and Colleges of Canada (ARUCC) provides leadership in the post-secondary education field and service to its member institutions nationally and internationally, helping foster the advancement of registrarial practices in Canada. ARUCC strives to meet the needs of its members by adopting proactive measures reflecting changes in our professional environment.

Member institutions consist of universities, colleges and polytechnics that are recognized through either Universities Canada or the Colleges and Institutes Canada.

2. Why is trustworthy digital identity critical for existing and emerging markets?

The need for online solutions increased with the COVID-19 pandemic. These solutions will become the norm as Canada and the global economy adapt to consumer expectations. As members of the post-secondary education field in Canada, we are not unfamiliar with the need for trustworthy digital identity given the increased demand for sending/receiving electronic documents.

3. How will digital identity transform the Canadian and global economy? How does ARUCC address challenges associated with this transformation?

Digital identity is most often managed as a gate to individual businesses through methods such as confidential passwords, PINs, and security questions. With each business having its own requirements (i.e., variations of password length and structure) it becomes nearly impossible for people to remember them all. Businesses and post-secondary institutions are forming allegiances to minimize the impact on the individual while maintaining trustworthy digital identity. An example of this is with CRA and banking passwords.

ARUCC also recognizes the need for trustworthy digital identity and is leading the implementation of a National Network with the core objective of improving permission-based, trusted access and portability of learner documents (i.e., transcripts, confirmation letters) across Canada and with trusted international partners for students, graduates, participating post-secondary institutions, provincial application centres and member 3rd party organizations.

4. What role does Canada have to play as a leader in this space?

Canada is in the global arena and is recognized as being trustworthy and reliable. From the post-secondary perspective, Canada has over 2.5 million students including more than 642 thousand international students[1] (based on 2019 statistics). As a destination for higher education it is imperative that trusted networks be established for identity management. The formation of the ARUCC National Network allows us to establish a ‘made for Canada’ solution that can also be tied to other trusted networks (i.e., My eQuals, CHESICC).

In 2018 Canada ratified the Lisbon Recognition Convention which demonstrates our commitment to the recognition of academic credentials, which need to be portable, as learners and alumni move to work and live around the globe. This inspires the work of ARUCC to enhance trusted document exchange and provide learner credential wallets.

5. Why did ARUCC join the DIACC?

ARUCC believes in working together to achieve common goals. We feel the purpose of ARUCC and the creation of the National Network to support learner mobility aligns well with DIACC’s principals.

6. What else should we know about ARUCC?

ARUCC was formed in 1964 and became incorporated in 2018. It includes over 150 member institutions representing over 2.5 million current learners and millions of alumni from within Canada and around the globe.

The Next Evolution of Levels of Assurance in Canada

Levels of Assurance (LOA) play a foundational role in the world of standards, digital identity, and digital transactions. Put simply, LOA is the degree of confidence in the validity of a claim, process, or authentication. In the sphere of digital identity, it is a necessary model to verify that the person or entity claiming an identity is the entity to which that identity was assigned. 

Most Canadians don’t think too deeply about LOAs, and yet most Canadians interact with these models, unknowingly, at some point in their lives. For example, Canadian experience LOAs when opening a bank account, demonstrating qualifications for a government service or benefit, making an insurance claim, or wiring money to a client or family member. 

Organizations that use LOAs to inform their policies and processes often have dedicated strategies and teams, working out contingencies and approaches to maximize security in Canada and internationally. These teams often face challenges interacting with other service providers, meeting different standards across jurisdictions, and minimizing friction for clients accessing their services.

How the Current LOA Model Works

Imagine two people, Samir and Aiya, are trying to apply for a small business loan. Both women have very strong credentials, a passport, driver’s license and the requisite business records. Samir and her credentials are linked through a knowledge-based authentication (KBA), and are accepted after answering a security question she previously populated about her father’s middle name. Aiko and her credential are linked with an in-person ceremony, as she went to her local bank branch with two pieces of identification and her business records to complete the loan application. Aiya’s scenario offers a stronger LOA and Samir’s a weaker LOA. Despite these differences, Canada’s federal LOAs currently dictate that Samir and Aiya both have the same assurance. 

In Canada and many places around the world, it is common for LOA structures to combine a number of factors into a single score. The result is an obscured view of the risk factors and authentication. This lack of granularity into the LOAs of specific capabilities is a challenge present in the construct of LOA models around the world. The deciding factor regarding acceptance of an identity comes down to Relying Parties (parties who rely on the validity of identities) who determine their own risk profiles. 

In this case, the relying party is the bank. The banker helping Samir and Aiya also benefits from a stronger LOA as they sign off on the business loan. In addition to building a stronger relationship with the client, they are able to manage their portfolio with confidence.

There is widespread agreement the current LOA model in Canada is inadequate. While LOAs serve a purpose, they are not transparent and dynamic enough to address the myriad digital solutions and scenarios of today. Internationally, single LOA schemes are no longer state of the art and today’s requirements necessitate separate evaluation for specific capabilities. In the DIACC community, there is consensus that there must be separate schemes for credentials and identity, at a minimum, in order to be useful in the widest possible range of scenarios and contexts. An improved assurance model should be capable of asserting identity and credentials at different levels.

Envisioning a New Risk-based Model for Assurance

A risk-based model offers a more enduring, user- and industry-friendly path forward that enables existing LOA schemes to participate while building for a more dynamic and scalable digital ecosystem. The notion of leveraging a risk-based model is highly applicable as the application of LOAs  today are best determined by performing a threat or risk analysis. The risk-based model must address the likelihood and impact of something happening, and the appropriate mitigation approach. 

LOA is essential in determining liability and risk; offering a clear understanding how a Subject (customer or citizen) and a Relying Party (company or government service) can validate that they are who they say they are. It is a central component in being able to determine whether a transaction should proceed. 

The risk-based starts by assessing risk first and then the approach drives more value for organizations, as they confront the baseline of their current systems and assess risk realistically. It also helps adopters improve their systems through motivation to  reduce or remove risks through various types of mitigation.

DIACC is on a mission to rapidly deliver a modern, risk-based LOA model that is…

  • Risk-based
  • Directive and illustrative
  • Non-prescriptive in execution
  • Evergreen
  • Deterministic in implementation and assessment
  • Congruent with existing state of the art and best practices
  • Inclusive in support of both the private and public sector
  • Supportive of evolving needs on credentials and bindings

The impact of this evolution is far-reaching, and will ensure that the  Pan-Canadian Trust FrameworkTM is strong and resilient over time. This evolution takes a framework-wide approach to address interdependencies, independencies, and support communication across platforms. This new approach ensures scalability over time as technologies and their uses evolve.


DIACC has engaged a small, representative team to rapidly deliver a new model to support the PCTF, which launched September 15, 2020. The model will benefit from the DIACC’s well-documented peer and public review process. Members can contact info@diacc.ca to contribute. Non-members can get in touch to learn more.

Newly Launched Digital ID Framework to Begin Testing in Canada

Governments and Businesses to Begin Testing Across Canada

TORONTO, September 15, 2020 – The Digital ID & Authentication Council of Canada (“DIACC”) today announced the launch of the Pan-Canadian Trust FrameworkTM (“PCTF”), a set of digital ID and authentication industry standards that will define how digital ID will roll out across Canada. Its launch marks the shift from the framework’s development into official operation and will begin alpha testing by public and private sector members in Canada. The alpha testing will inform the launch of DIACC’s PCTF Voila Verified Trustmark Assurance Program  (“Voila Verified”), set to launch next year.

“The pandemic has pushed digital adoption five years into the future. Without the proper infrastructure for digital ID and authentication in place, we’ve seen firsthand how Canadians have been left vulnerable and with limited access to essential services” said Eros Spodotto, Executive Vice-President, Technology Strategy and Business Transformation at TELUS

“Trust and security are the foundations of the digital economy. The key to unlocking a true digital experience comes from having a digital ID ecosystem that extends beyond any one sector.”
– Franklin Garrigues, VP Digital Channels at TD Bank, and DIACC Board Vice-Chair

From open banking to e-health, digital ID is a key enabler in unlocking the next frontier of our digital economy. Banks and telcos fortunately have been able to leverage existing digital ID services to support Canadians. “Digital identity verification has helped countless Canadians receive financial aid during the pandemic,” notes Andre Boysen, Chief Identity Officer at SecureKey, “but it’s not enough. Now, we need to leverage that momentum, and push out a solution for digital ID in all levels of society. The PCTF is that answer.”

“The PCTF launch marks an important milestone in Canada’s digital transformation initiatives,” exclaims Dave Nikolejsin, Board Chair at DIACC, “Canadians have had to deal with identity theft and fraud, high anxiety in accessing services that they were in dire need of while facing social distancing measures, and attempting to go about their lives as normally as possible. Digital ID minimizes all of those pain points, and elevates the livelihoods of Canadians everywhere.” Joni Brennan, President of DIACC, adds, “Our economy has also been heavily impacted by all this, and we know digital identity has the potential to add at least 3 percent of GDP, which is potentially almost $100 billion back into our Canadian economy. This is why we’ve accelerated the launch of the PCTF. The time for digital ID is now.”

“The Digital ID Laboratory of Canada is a proud partner of the DIACC, with a strong community that is ready to support the launch of the PCTF and ensure that together, we can accelerate the adoption of user-centric and interoperable digital ID solutions across the country.”
Pierre Roberge, General Manager of the Digital ID Laboratory of Canada

Alpha testing of the PCTF will be carried out by over 20 Canadian public and private sector DIACC member organizations during the next two quarters with the purpose of operationalizing the framework as fast as possible. Organizations that have volunteered to take part in the alpha test seek to gain strategic and operational insights to become demonstrated leaders in digital identity. 

Learnings taken from the alpha testing will help DIACC identify what is needed to scale up a digital identity infrastructure across Canada, and help Canada secure international digital interoperability and accreditation by working with international and third party partners such as eIDAS and Kantara Initiative IAF

A Digital ID Trademark You Can Trust

The alpha testing will also inform the launch of the DIACC PCTF Voila Verified Trustmark Assurance Program (“Voila Verified”). The program is set to launch in fall 2021, and will issue a PCTF Voila Verified Trustmark to organizations who demonstrate compliance with PCTF components. Voila Verified will enable solutions and service providers to leverage the trustmark to elevate their market leadership and allow them to collaborate securely with assurance, providing their customers with the digital-first experience that they demand. 

“We’re pleased to work with the DIACC to help recognize the Voila Verified Program on an international scale. It is through secure global credentials that we can transform the state of digital identity, and progress the digital economy worldwide.”
– Colin Wallis, Executive Director of Kantara Initiative

Multijurisdictional Collaboration: Enabling Trusted Digital Inclusion for All

The launch of the PCTF comes at a time when having a strong digital economy is no longer a ‘nice-to have’; rather, it is imperative for Canadians. More than 70 per cent of Canadians want to see the government and private sector collaborate on a joint identity framework in Canada. “We’ve seen the benefits and advantages of digital ID for people in British Columbia during this pandemic,”, said CJ Ritchie, Associate Deputy Minister and Government Chief Information Officer for the Province of British Columbia, “From government to healthcare, commerce, and financial services, the entire provincial economy is being impacted by COVID-19. Having a robust digital identity/trust ecosystem allows all Canadians to do more online, in a safer, more secure and confident way.”

The PCTF was developed collaboratively between public and private sector stakeholders, with contributions from a broad array of individuals and organizations around the world. Over 3,400 public comments were provided over four years that helped progress the framework to its launch today. 

“The framework released today was created through an incredible collaboration involving hundreds of people who worked to contribute, comment, and lend their ideas,” noted Peter Watkins, Program Executive for the Pan-Canadian Digital ID at the Institute for Citizen-Centred Service, “we’re committed to continuing our multi-jurisdictional collaboration as we move into the next stages for this important work.”

About the PCTF & Voila Verified Program

Details on the PCTF may be found in this backgrounder.
Details on the Voila Verified Program may be found in this backgrounder.

Progressing the Pan-Canadian Trust Framework (PCTF)

Since 2016, the Digital ID & Authentication Council of Canada’s (DIACC) Trust Framework Expert Committee (TFEC) has been developing the Pan-Canadian Trust FrameworkTM (PCTF). It is one framework with many partners, and we thank all of those involved for their contribution in this momentous achievement.  

Four years and 41 review and comment periods later, this engaging infographic highlights how the framework has progressed over the years to the launch of the PCTF MVP in September 2020.

Download the infographic: Progressing the Pan-Canadian Trust Framework (PCTF).

« Older Entries