Monthly Archives: February 2020

Spotlight on Northern Block

  1. What is the mission and vision of Northern Block?

Northern Block is a blockchain consulting and venture creation firm that develops production-grade software, using cutting-edge blockchain and distributed technologies.

The Northern Block team has dedicated themselves to building blockchain solutions because they believe that it unlocks a vast array of social and economic benefits. For people, having control over one’s own identity and money can solve important issues such as privacy, inequality and misaligned incentives with companies selling products. For the public and private sectors, blockchain enables the creation of trust through decentralized transparency. This, in turn, creates significant operational efficiencies and enhances customer experiences, increasing brand loyalty.

We live in a time in which trust in institutions is diminishing every year – yet blockchain can solve this trust problem, which is why Northern Block will continue innovating to help create a better world.

  1. Why is trustworthy digital identity critical for existing and emerging markets?

Creating trusted ways of managing identities is just as important in existing markets as it is in emerging ones. With everything in people’s lives gone or going digital, it is important that standards and mechanisms be put in place to empower people, organizations and things. 

For people, owning your digital identity empowers you to be in the driver’s seat in regards to who accesses and controls your information. For organizations, trustworthy identities can significantly lower operating costs and facilitate global growth. For things, we can have assurance that our devices don’t spy on us and aren’t subject to misaligned incentives. 

Overall, trusted digital identities will create better forms of accountability than exists today in all markets.

  1. How will digital identity transform the Canadian and global economy? How does Northern Block address challenges associated with this transformation?

Digital identities will help the Canadian economy in many facets, such as enhancing activities related to immigration and citizenship, as well as global affairs and innovation.

Today, many Canadian organizations don’t recognize foreign institutions because there’s no way of checking the legitimacy of their credentials. With digital identity, a person can use indirect reputations, such as using credentials from a Canadian institution vouching that a foreign credential is equivalent, or of certain standards. This breakthrough would create fair opportunities for immigrants, while ensuring the Canadian economy can maximize its workforce potential.

For global affairs, how can you trust an international company that you haven’t dealt with beforehand? Just like with individuals, digital identities can enable reliable foreign company reputations, while promoting safe and sustainable globalization for Canadian institutions.

Digital identities will enable new types of businesses and allow enterprises and start-ups to innovate. While some of the benefits from digital identities are clear, we don’t yet know the full extent of new business models that become possible. Just like when big technological advancements such as the internet or blockchain came along, it took time for new opportunities to be identified.

  1. What role does Canada have to play as a leader in the space?

Canada needs to lead by example in the digital identity space. Interestingly enough, Canada is behind many others in the space, as there are quite a few countries with existing private key infrastructures run by the Government (such as India, Dubai and Estonia). 

Because the Canadian ministries are already decentralized, digital identity solutions are even more valuable to our Government. With a trustworthy digital identity, instead of the Canadian Government coordinating touchpoints, the citizens can coordinate with Governments themselves, as it’s difficult today for Government organizations to create interoperability between themselves. 

  1. Why did Northern Block join the DIACC?

Northern Block is ‘all in’ with digital identities, with the belief that blockchain technology is the solution to creating trusted identity solutions, and keen to contribute in making this technology a success in Canada.

  1. What else should we know about Northern Block?

For the past three years, Northern Block has been building enterprise software solutions that use blockchain. For every solution to be truly decentralized, decentralized digital identities are necessary. For this reason, the company has ongoing projects that use digital identities, and  gained their initial experience by developing an identity project for the Ontario Government.
Lastly, Northern Block hosts the  #SSIToronto meetup group, which helps to educate the community about the many benefits of self-sovereign identity and how this technology could be implemented.


To learn more about DIACC members, check out our other member Spotlights!

Request for Comment and IPR Review: PCTF Verified Organization Draft Recommendations V1.0

Le français suit…

STATUS: This review is now closed. Thank you for your participation!

Notice of Intent: DIACC is collaborating to develop and publish a Verified Organization industry standard as a component of the Pan-Canadian Trust Framework (PCTF) to set a baseline of public and private sector interoperability of identity services and solutions.

Document Status: These review documents have been approved as Draft Recommendations V1.0 by the DIACC’s Trust Framework Expert Committee (TFEC) that operates under the DIACC controlling policies.

Summary:

The intent of this PCTF component is to address challenges and requirements specific to the use of Identity Information pertaining to Organizations – specifically the exchange of information to verify the existence and Identity of an Organization in a given service or transaction.

This component is to specify Trusted Processes and associated Conformance Criteria that establish an Organization exists, is real, unique, and identifiable. Once a process is certified as conforming to the associated Conformance Criteria it becomes a trusted process which then can be relied on by other Participants of the Digital Identity Ecosystem.

To learn more about the Pan-Canadian vision and benefits-for-all value proposition please review the Pan-Canadian Trust Framework Overview.

Invitation:

  • All interested parties are invited to comment.

Documents:

When reviewing these drafts, please consider the following and note that responses to these questions are non-binding and serve to improve the PCTF.

  1. If your organization were to self-assess today, would your organization comply?
  2. Could your organization identify any barriers to compliance (business, legal, or technical)?
  3. Would your organization be willing to complete a non-binding self-assessment? If so, would you be willing to share those results with the DIACC Trust Framework Expert Committee.
  4. Are the conformance criteria clear and measurable/assessible?
  5. Is the description of the Trusted Processes clear and accurate?
  6. Many processes are triggered by or otherwise linked to an event in the life of an organization. Appendix A of the overview document provides an initial list of such events. Have any event types been omitted, particularly those that might be relevant to the private sector (i.e., not official registrars)?

Period:

  • Opens: February 17, 2020 at 23:59 PST | Closes: March 19, 2020 at 23:59 PST

Intellectual Property Rights:

Comments must be received within the 30-day comment period noted above. All comments are subject to the DIACC contributor agreement; by submitting a comment you agree to be bound by the terms and conditions therein. DIACC Members are also subject to the Intellectual Property Rights Policy. Any notice of an intent not to license under either the Contributor Agreement and/or the Intellectual Property Rights Policy with respect to the review documents or any comments must be made at the Contributor’s and/or Member’s earliest opportunity, and in any event, within the 61-day comment period. IPR claims may be sent to review@diacc.ca. Please include “IPR Claim” as the subject.

Process:

  • All comments are subject to the DIACC contributor agreement.
  • Submit comments using the provided DIACC Comment Submission Spreadsheet.
  • Reference the draft and corresponding line number for each comment submitted.
  • Email completed DIACC Comment Submission Spreadsheet to review@diacc.ca.
  • Questions may be sent to review@diacc.ca.

Value to Canadians:

The PCTF Verified Organization Component will provide value to all Canadians, businesses, and governments by setting a baseline of business, legal, and technical interoperability. The DIACC’s mandate is to collaboratively develop and deliver resources to help Canadian’s to digitally transact with security, privacy, and convenience. The PCTF is one such resource that represents a collection of industry standards, best practices, and other resources that help to establish interoperability of an ecosystem of identity services and solutions. The DIACC is a not-for-profit coalition of members from the public and private sector who are making a significant and sustained investment in accelerating Canada’s Identity Ecosystem.

Context:

The purpose of this Draft Recommendation review is to ensure transparency in the development and diversity of a truly Pan-Canadian, and international, input. In alignment with our Principles for an Identity Ecosystem, processes to respect and enhance privacy are being prioritized through every step of the PCTF development process.

DIACC expects to modify and improve these Draft Recommendations based upon public comments. Comments made during the review will be considered for incorporation into the next drafts and DIACC will prepare a Disposition of Comments to provide transparency with regard to how each comment was handled.

Demande de commentaires et d’examen des droits de propriété intellectuelle: ébauches de recommandations pour l’organisation vérifiée du Cadre de confiance pancanadien V1.0

Déclaration d’intention: Le CCIAN collabore pour développer et publier une norme de l’industrie en matière d’organisation vérifiée en tant que composante du Cadre de confiance pancanadien afin d’établir une base d’interopérabilité des services et solutions d’identité dans les secteurs public et privé.

État des documents: Ces documents à examiner ont été approuvés en tant qu’ébauches de recommandations V1.0 par le Comité d’experts du cadre de confiance (TFEC) du Conseil canadien de l’identification et de l’authentification numériques (CCIAN), qui est régi par les politiques qui contrôlent le CCIAN.

Résumé

La présente composante du Cadre de confiance pancanadien porte sur les défis et exigences spécifiques à l’utilisation des renseignements sur l’identité s’appliquant aux organisations – en particulier l’échange de renseignements pour vérifier l’existence et l’identité d’une organisation dans un service ou une transaction en particulier.

Cette composante vise à spécifier les processus de confiance et les critères de conformité correspondants qui déterminent qu’une organisation existe, e est réelle, unique et identifiable. Une fois qu’un processus est certifié conforme aux critères de conformité qui y sont associés, il devient un processus de confiance auquel peuvent alors se fier d’autres participants de l’écosystème de l’identité numérique.

Pour en savoir davantage sur la vision du Cadre de confiance pancanadien et les avantages qu’il procure à tous, veuillez lire le document Aperçu du Cadre de confiance pancanadien.

Invitation:

  • Toutes les parties intéressées sont invitées à faire des commentaires

Documents:

En examinant ces ébauches, veuillez tenir compte des questions et noter que les réponses ne sont pas contraignantes et visent à améliorer le Cadre de confiance pancanadien.

  1. Si votre organisation devait s’auto-évaluer aujourd’hui, serait-elle conforme?
  2. Votre organisation pourrait-elle identifier des obstacles à sa conformité (sur les plans commercial, juridique ou technique)?
  3. Votre organisation serait-elle disposée à faire une auto-évalluation non contraignante? Si oui, accepteriez-vous de partager ces résultats avec le Comité d’experts du cadre de confiance du CCIAN?
  4. Les critères de conformité sont-ils clairs et mesurables, et peuvent-ils être évalués?
  5. La description des processus de confiance est-elle claire et exacte?
  6. De nombreux processus sont déclenchés par ou rattachés à un événement dans la vie d’une organisation. L’annexe A du document sur l’aperçu fournit une liste initiale de tels événements. Y a-t-il des types d’événements qui ont été omis, en particulier ceux qui pourraient être pertinents au secteur privé (c.-à-d. registraires non officiels)?

Période:

  • Début : 17 février 2020 à 23 h 59 HP | Fin : 19 mars 2020 à 23 h 59 HP

Droits de propriété intellectuelle:

Les commentaires doivent être reçus pendant la période de 30 jours indiquée ci-dessus. Tous les commentaires sont assujettis à l’entente de contributeur du CCIAN; en soumettant un commentaire, vous acceptez d’être lié par les conditions qu’elle renferme. Les membres du CCIAN sont également assujettis à la politique sur les droits de propriété intellectuelle. Tout avis d’intention de ne pas octroyer une licence en vertu de l’entente de contributeur et/ou de la politique sur les droits de propriété intellectuelle relativement aux documents à examiner ou à des commentaires doit être donné dès que le contributeur et/ou le membre en ont la possibilité, et en toute circonstance, pendant la période de commentaires de 61 jours. Les revendications au titre des droits de propriété intellectuelle peuvent être adressées à review@diacc.ca. Veuillez indiquer « Revendication en matière de propriété intellectuelle » dans l’objet.

Processus:

  • Tous les commentaires sont assujettis à l’entente de contributeur du CCIAN.
  • Veuillez utiliser le formulaire prévu à cet effet pour soumettre vos commentaires au CCIAN.
  • Assurez-vous d’indiquer le numéro de ligne correspondant à chaque commentaire soumis.
  • Le formulaire de soumission de commentaires au CCIAN doit être envoyé par courriel, dûment rempli, à review@diacc.ca.
  • Questions: review@diacc.ca.

Valeur pour les Canadiens:

La composante « Organisation vérifiée » du Cadre de confiance pancanadien procurera de la valeur à l’ensemble des Canadiens, entreprises et gouvernements en établissant une base d’interopérabilité commerciale, juridique et technique. Le CCIAN a pour mandat de collaborer au développement et à la prestation de ressources visant à aider les Canadiens à faire des transactions numériques qui sont sécuritaires et commodes, et qui respectent leur vie privée. Le Cadre de confiance pancanadien est une de ces ressources. Il représente un ensemble de normes de l’industrie, de pratiques exemplaires et autres ressources qui aident à établir l’interopérabilité d’un écosystème de services et solutions en matière d’identité. Le CCIAN est une coalition sans but lucratif de membres des secteurs public et privé qui effectuent un investissement important et soutenu pour accélérer l’écosystème de l’identité du Canada.

Contexte:

L’examen des ébauches de recommandations a pour but d’assurer la transparence de l’élaboration et de la diversité d’un apport véritablement pancanadien et international. Conformément à nos principes pour un écosystème de l’identité, la priorité est accordée aux processus visant à respecter et à renforcer la vie privée à chaque étape du processus de développement du cadre de confiance pancanadien.

Le CCIAN s’attend à modifier et à améliorer ces ébauches de recommandations en fonction des commentaires du public. Les commentaires faits pendant l’examen seront pris en compte pour être intégrés dans les prochaines ébauches et le CCIAN va préparer un document expliquant d’une façon transparente comment chaque commentaire a été traité.

Who should Control or Regulate Identity Verification?

When you consider the various players involved in identity verification, this number is quite large. Border security agents, cashiers at the provincially-owned liquor stores across Canada, employers and banks are a few that may come to mind. Identity verification is necessary across many industries and use cases: insurance, the gig economy, car rental and real estate, to name a few. 

The question becomes: who should be responsible for the control and regulation of such verification? 

This past October 2019, the Financial Action Task Force (FATF) released its draft guidance on digital ID, outlining recommendations for digital ID service providers, authorities and regulated entities. The updated guidance offers clarity in regards to the process for confirming the existence of corporations and other entities. Providing a regulatory framework, guidelines such as the one offered by the FATF are crucial in exploring this and identifying various recommendations. 

The General Data Protection Regulation (GDPR) and the Payment Services Directive (PSD2) are two examples of European-wide sets of regulations, cited in a recent blog post from DIACC member Trulioo. Yet different countries have different rules for compliance, which makes global harmony a challenge. Furthermore, the increasing power of organizations to collect and store personally identifiable information (PII) means that individuals need to have greater authority in controlling their own information. 

“Organisations relying on implied authorisation or other legal constructs to process consumers’ personal information are taking risks that could be avoided by incorporating consumer consent into their verification and business processes,” the blog’s author, Zac Cohen, COO of Trulioo, pointed out. 

World map with satellite data connections. Connectivity across the world.
Different countries have different rules for compliance, which makes global harmony a challenge.

Additionally, Zac notes that there has been a 500 per cent increase in regulatory changes in the developed markets over the past 10 years, and, each year, banks are spending $270 billion on compliance and regulatory obligations.  Innovations in compliance-led technology (RegTech) are also critical, and new technology is now available for developers to instantly verify customers in multiple markets, while supporting Anti-Money Laundering (AML) and Know Your Customer (KYC) laws that are country-specific. 

Such examples highlight why collaboration, and an interoperable solution, are important – a clear line of communication and helping various parties develop a clearer understanding of how digital ID systems work. 

In today’s digital age, with so many different players, channels, sophisticated methods and possible loopholes to exploit, identity verification, and who should control or regulate it, is a challenge to solve. Yet the work of DIACC members in the space, and the support of its three committees, offer a uniquely Canadian approach to this challenge. One such action is the submission that was filed on behalf of the DIACC to the FATF in response to their public consultation, this past November. By taking action on such opportunities, the DIACC has the chance to shape the Canadian, and global, conversation.

We invite you to join the conversation, collaborate with other leaders and solve today’s real-world challenges, in Canada and beyond. 

Parcours du CCIAN: Rétrospective 2015-2019

Aperçu de l’évolution du CCIAN, de 2015 à 2019

Le Conseil Canadien de l’identification et de l’authentification numériques (CCIAN) a pris énormément d’expansion depuis sa création en 2012, grâce au travail acharné et au dévouement sans relâche de ses membres. Téléchargez un infographique accrocheur afin d’avoir un aperçu de l’évolution du CCIAN et des jalons atteints entre 2015 et 2019, et voyez l’évolution du paysage identitaire au Canada et ailleurs dans le monde.

Téléchargez une version imprimable, une page à la fois, de l’infographique.

Téléchargez la version tabloïd de l’infographique.

DIACC-Years-in-review-infographic-full-vertical-FR-ver-1