Monthly Archives: July 2020

Request for Comment and IPR Review: PCTF Assessment and Infrastructure (Technology & Operations) Draft Recommendations V1.0

Notice of Intent: DIACC is collaborating to develop and publish an Assessment and Infrastructure (Technology & Operations) industry standards as components of the Pan-Canadian Trust Framework™ (PCTF) to set a baseline of public and private sector interoperability of identity services and solutions.

To learn more about the Pan-Canadian vision and benefits-for-all value proposition please review the Pan-Canadian Trust Framework Overview.

Document Status: These review documents have been approved as Draft Recommendations V1.0 by the DIACC’s Trust Framework Expert Committee (TFEC) that operates under the DIACC controlling policies.

Summary: 

The intent of the PCTF Assessment component is to establish the certification scheme to verify that a process, service, or product conforms with criteria defined in the PCTF.

The intent of the PCTF Infrastructure (Technology & Operations) component is to identify the operational policies, plans, technology and technology operations requirements to support implementation of the principles of the PCTF Profiles in the context of a Digital Identity Ecosystem.

Invitation: All interested parties are invited to comment.

Period: Opens: July 20, 2020 at 23:59 PST | Closes: August 20, 2020 at 23:59 PST

Document: Assessment Draft Recommendation V1.0

When reviewing this draft, consider the following and note that responses to these questions are non-binding and serve to improve the PCTF.

  1. Is the description of roles and responsibilities clear at this level?
  2. This draft describes a tiered assessment process with varying levels of evidence examination applied depending on risk and usage profile of the service being examined for certification
    • Are the two processes defined enough? If not, what would be the nature of any additional discrete process? What would it apply to? Would its addition change the nature of either of the two processes defined?
    • If the two process versions defined are sufficient, do the differences between them meet the goals of application of a less onerous certification process to some applications for certification? If not, then what would you suggest as an alternative?
    • Keeping in mind the noting of potential adjustment based on the output of the TFEC Working group on LoA, are the criteria for determining which certification process applies acceptable in principle?
    • A draft definition of classification based on service usage is included. Does this meet the needs of this Profile at this level? If not, what alternative would you suggest?
  3. Are there concepts or terminology that remain unclear or inconsistently applied?
  4. This Overview is meant to define the high level model and process for certification. Development of the significant Programme execution supporting information has been deferred until the model at this level is ratified. Are there any significant omissions from this high level Overview that would preclude you from understanding the model at this level?
  5. Do you agree with the process for certification of Services as described? If not, what specific modifications would you suggest?
  6. Do you agree with the process for certification of Accredited Assessors as described? If not, what specific modifications would you suggest?
  7. The last section of the document identifies a number of required documents to support this certification process. The intent is to capture detailed process-oriented content in these documents after the Certification Assessment Program has been approved in principle. With this in mind, and considering the level of detail appropriate for this document, are there any major elements of the certification program not yet addressed in this draft?

NOTE that elements of examination for certification may be adjusted based on the finalization of the Working group on LoA, please keep this in mind when commenting on this document.

Documents: Infrastructure (Technology & Operations) Draft Recommendations V1.0

When reviewing this draft, consider the following and note that responses to these questions are non-binding and serve to improve the PCTF.

  1. Several feedback items suggest that additional prescriptive detail be added to this Conformance Profile. Some adjustments were made but additional input is sought to identify areas where further detail should be included. Where specific methods or standards are to be expanded upon, please include suggested methods, tools, or plan/policy items that you feel should be added. 
  2. The Conformance Criteria are organized into three categories. Are these appropriate and understandable? If not, please suggest an alternate categorization scheme.
  3. Care was taken to try to strike a balance between generic Criteria defined at a high level and being too prescriptive. Do the criteria meet this objective of being prescriptive enough to be useful and generic enough to be applicable to most Digital Identity Ecosystem instances?
  4. Note that there are several instances where cross references to related information in other Profiles. Are there other instances where this would be appropriate?
  5. Are there significant requirements missing from this draft? If so, please identify the requirements you believe should be included.
  6. Care was taken not to identify a specific technology or technology protocol, believing that none applied as a requirement in every instance. Is this correct, or is there a specific technology or protocol that should be included as a PCTF requirement?

NOTE that the PCTF Working Group on LoA is underway with the objective of defining how LoA will be treated across all PCTF Profiles. Treatment of potential variances in Conformance Criteria based on Service LoA were deferred in this version of the Profile. Please reserve your comments in this area to an enhanced draft of these documents when the LoA Working Group has published their results.

Intellectual Property Rights: Comments must be received within the 30-day comment period noted above. All comments are subject to the DIACC contributor agreement; by submitting a comment you agree to be bound by the terms and conditions therein. DIACC Members are also subject to the Intellectual Property Rights Policy. Any notice of an intent not to license under either the Contributor Agreement and/or the Intellectual Property Rights Policy with respect to the review documents or any comments must be made at the Contributor’s and/or Member’s earliest opportunity, and in any event, within the 30-day comment period. IPR claims may be sent to review@diacc.ca. Please include “IPR Claim” as the subject.

Process:

  • All comments are subject to the DIACC contributor agreement.
  • Submit comments using the provided DIACC Comment Submission Spreadsheet.
  • Reference the draft and corresponding line number for each comment submitted.
  • Email completed DIACC Comment Submission Spreadsheet to review@diacc.ca.
  • Questions may be sent to review@diacc.ca.

Value to Canadians: The PCTF Assessment and Infrastructure (Technology & Operations) components will provide value to all Canadians, businesses, and governments by setting a baseline of auditable criteria to assess business, legal, and technical interoperability. The DIACC’s mandate is to collaboratively develop and deliver resources to help Canadian’s to digitally transact with security, privacy, and convenience. The PCTF is one such resource that represents a collection of industry standards, best practices, and other resources that help to establish interoperability of an ecosystem of identity services and solutions. The DIACC is a not-for-profit coalition of members from the public and private sector who are making a significant and sustained investment in accelerating Canada’s Identity Ecosystem.

Context: The purpose of this Draft Recommendation review is to ensure transparency in the development and diversity of a truly Pan-Canadian, and international, input. In alignment with our Principles for an Identity Ecosystem, processes to respect and enhance privacy are being prioritized through every step of the PCTF development process.

DIACC expects to modify and improve these Draft Recommendations based upon public comments. Comments made during the review will be considered for incorporation into the next drafts and DIACC will prepare a Disposition of Comments to provide transparency with regard to how each comment was handled.  

Thank you for your support and participation in this review period.

New Partnership to Advance Digital Identity in Quebec & Across Canada

TORONTO, MONTRÉAL July 16, 2020 – The Digital ID & Authentication Council of Canada (DIACC) and TechnoMontréal, the Technology Cluster of Greater Montréal, are pleased to announce a new partnership to propel collaboration to accelerate the adoption and development of digital identity.

The two organizations are coming together to identify projects and cross-sector connections to bring together Canada’s foremost leaders in industry and digital identity to increase the development of digital identity, data privacy and security innovation.

“This collaboration will accelerate the development of the digital identity, as well as the expansion of Québec and Canadian knowledge and expertise”

François Borrelli, President & Director of TechnoMontréal

The partnership between the two community-oriented organizations will support innovative Québecois, Canadian, and international organizations to facilitate an exchange of knowledge and expertise.

“We are pleased to be able to play an active role in the development of digital identity by catalyzing the Québec ecosystem and creating local and international partnerships,” said François Borrelli, President & Director of TechnoMontréal.

The initiative will expedite technical innovation and integration of digital identity solutions across sectors. “This collaboration will facilitate the mobilization of ecosystem players, to propel the development of digital identity across Canada and Québec,” added Borrelli.

The joint initiative will focus on strategic projects to advance digital identity, drive innovation, and ensure as many Canadians as possible can realize the benefits of a secure digital identity framework.

Projects will explore key opportunity areas for cross-pollination and technical advancements, including Smart Health and Smart Building Experiences. A Smart Municipality Digital Identity Roadmap with the City of Montréal will also be undertaken in support of TechnoMontréal’s smart city challenges win.

“TechnoMontréal shares our goal to bring together leading Canadian teams and technologies to create more innovative and effective solutions,” noted DIACC President, Joni Brennan. “We are excited to work together to deepen our connections with Québec and collectively build a digital identity ecosystem that offers the world a model to emulate.”

DIACC and TechnoMontréal share common values and are excited to forge new connections and partner on digital solutions across Canada and around the world.

With benefits to be realized at home and abroad, the strategic partnership will enhance the rate of adoption and advance technical solutions for Canadians. “This collaboration will accelerate the development of the digital identity, as well as the expansion of Québec and Canadian knowledge and expertise,” said Borrelli.

About the Digital ID and Authentication Council of Canada (DIACC)

The DIACC is a non-profit coalition of public and private sector leaders committed to developing a Canadian digital identification and authentication framework to enable Canada’s full and secure participation in the global digital economy. The DIACC was created as a result of the federal government’s Task Force for the Payments System Review and members include representatives from both the federal and provincial levels of government as well as private sector leaders.

About TechnoMONTRÉAL (https://technomontreal.com/)

TechnoMontréal, the Technology Cluster of Greater Montréal, unites technology industry players around growth-generating projects led by the industry. Established in 2007, TechnoMontréal is a non-profit organization that plays a major role in Montréal’s economic and social vitality by rallying the private, institutional, and public technology sectors around common goals and coordinated actions. TechnoMontréal’s vision is to enrich the business climate and encourage innovation by building bridges between the various actors in the industry. To this end, TechnoMontréal is implementing an approach that develops technologies through vertical markets, in partnership with the city’s leaders and clients.

Spotlight on iProov

1. What is the mission and vision of iProov?

iProov’s mission is to make the internet a safer place for businesses and consumers. We provide trusted biometric authentication that is seamless, secure and effortless. Our vision is for all governments and enterprise institutions to be confident that the remote user is real and can be trusted. iProov strongly believes that the user and usability should be the heart of any solution and as such must be accessible to all users irrespective of their abilities, literacy and digital capability.

iProov ensures trust online through Genuine Presence Assurance. Governments, financial institutions and other enterprises are using iProov’s Genuine Presence Assurance technology to ensure that an online user is not only the right person, but that they are a real person and authenticating right now. This unique approach protects against impersonation and criminal attacks, providing the highest levels of security alongside effortless usability.

2. Why is trustworthy digital identity critical for existing and emerging markets?

One of the most significant challenges with digital service is establishing trust. A key element of which is how to bind the digital identity attributes of a person, to the person and assuring only they can assert that identity. As online digital becomes the primary channel to interact with services, customers and citizens are increasingly vulnerable to impersonation attacks from fraudsters compromising their identity. It is crucial to have consented, secure and effortless identity verification and authentication for everyone.

In many economies, parts of the citizen population have no formal identity documentation. Embracing digital identities will enable all members of society to be included, enabling them to unlock access to services previously not possible.

3. How will digital identity transform the Canadian and global economy? How does iProov address challenges associated with this transformation?

Digital identities are the cornerstone of doing businesses in the 21st century, they offer speed and flexibility in remote interactions which creates greater competition, economical efficiency, and greater citizen empowerment and inclusion.

iProov provides governments and enterprises with a very high level of assurance that the person interacting with their service is the legitimate user while protecting against criminal attacks. iProov Genuine Presence Assurance technology ensures trust by validating and authenticating users online to the highest level of certainty i.e. that a user is a real person, the right person, and authenticating right now.

4. What role does Canada have to play as a leader in the space?

DIACC is playing a critically important role in coordinating a national digital identity and framework in a way that is notably lacking in the US and UK. By showing how a liberal democracy can successfully empower citizens with a nationally structured system of digital identity, Canada will exert a very powerful influence on both sides of the Atlantic and help lead the G7 to a better place.

5. Why did iProov join the DIACC?

iProov believes that trust between a provider and its citizens or customers must be achieved alongside two critical objectives:

  • Accessibility and inclusion – providing services which offer maximum access, irrespective of their abilities, literacy and digital savviness.
  • Sustainable security – ensuring a secure environment, business processes and centralized management controls to flexibly evolve and manage future, unknown risks.

It is this experience and insight that iProov brings to DIACC and can help DIACC in developing digital identity standards.

6. What else should we know about iProov?

The iProov solutions are trusted at national scale levels today with institutions such as:

  • The UK National Health Service – iProov provides strong authentication to onboard citizens in the UK to the NHS Login mobile app. With iProov, citizens registering for the NHS app are able to authenticate themselves in real-time with the image on their passport or driver’s license, allowing them to book medical appointments, order repeat prescriptions, and gain access to their patient record.
  • The UK Home Office – the EU Settled Status scheme is utilizing iProov to assure the genuine presence of remote users and to verify that the applicant is the rightful holder of the validated ID document. Over 3 million EU citizens have used the service to apply for permanent residency status.

It is this experience and insight that iProov brings to DIACC and can help DIACC in developing digital identity standards.

iProov’s proven, simple and inclusive user experience is critical to the service we offer to our Government and Enterprise customers, and has been a key contributor to our successful engagements with some of the world’s most security-conscious and user-friendly organizations.

Adapting to Distance: How Digital Solutions are Creating a Path Forward for Traditional Industries

The pandemic has changed everything – in small, invisible ways and in big, obvious, and often dramatic shifts. “It is not business as usual. People are rushing to find solutions, and people who were procrastinating are committed to changing,” explained Patrick Drolet, VP, Operations and Product Strategy, Notarius

Traditional sectors, like the legal sector, banking, education, and government, are particularly impacted by requirements to stay physically distant. As organizations that are heavily reliant on paper documents, witnesses, and face-to-face meetings, working in a new digital and decentralized format can present challenges. 

“What has amazed me is the variety of people who want to go digital,” Marc St-Jacques, VP, Sales and Marketing at Notarius said. “Everything from government to industry, health, [and] universities.”

Making the transition to digital isn’t always straightforward. For many of these secure, highly sensitive industries, a foundation of strong, trusted, and protected digital identity is necessary to continue operating. As individuals and businesses shift their focus and, in some cases, scramble to quickly adapt, a delta is opening up between those who were already moving towards digital transformation – and those who were dragging their feet. 

“It is not business as usual. People are rushing to find solutions, and people who were procrastinating are committed to changing.”

“On the one hand, individuals forced into digital are going now. It also illustrates the disparity between approaches. The shift has made everyone stand out,” St-Jacques explained. Whether it’s because they’re practiced in offering digital solutions or because they’ve been holding off, St-Jacques says it’s easy to see how different businesses operate. 

The Pan-Canadian Trust Framework, can help close the gap between early adopters and laggards, and ensure everyone has a clear path to operating in an increasingly digital-first world. 

For Notarius, there are two product lines that have been in high-demand in the wake of COVID-19. The traditional “old fashioned identity” that is consistently a big part of their business, and renewed interest in the document part. Secure, remote digital signatures and document execution are presenting a lot of opportunities for their clients to move forward. At the onset of the pandemic, they offered 60-day free trials and special offers, helping make the transition even easier for clients.

Witnessing the Shift in Industries

The industries who are showing the most interest are traditional sectors that may have been slow to adopt and adapt to digital technologies. “We are seeing a lot of appetite from the government. It is refreshing to see, as [the sector] has been slow to adopt. The biggest uptake, though, is in the university marketplace, both inside and outside of Quebec. They have moved quickly,” St-Jacques said.

“In many instances, organizations were held back by a department or two,” St-Jacques explained. “Legal departments were often the roadblock.” Those departments, including IT and government sectors, are now transforming rapidly to keep up.

The change is not – and cannot – only happen at the organizational level, though. From provincial to federal governments, the pandemic is accelerating change. “There is a long list of laws that were not ID-friendly. Government used to be so slow. They are moving now, which is super exciting,” Drolet said. 

One example is the notary bar in Quebec, a completely paper-based line of work. Although digital transformation was under consideration for the past four or five years, in the COVID-19 era, it took just three weeks for a temporary law to be passed so notaries can work in a digital format. 

Across the board, attitudes are changing and, in many cases, charting a digital path forward is no longer an option – it’s necessary for survival. The Pan-Canadian Trust Framework ensures businesses from all industries will be able to interact seamlessly with government and other industries, creating more efficiencies and helping all Canadian industries meet a baseline for privacy, security and usability. 

Digital ID Helps Maintain Connections Across Closed Borders

In a highly connected, global environment, these tools offer more options to continue connecting internationally. “Foreign students need their transcripts, they want to do their exams. Transcripts are like the identity of organizations,” St-Jacques explained, connecting the trends in education to other sectors. 

Through Notarius, these identifying documents are connected with a digital signature that it is clear and immediate, appealing to teams around the world. “We’re seeing requests from Europe, Asia, and the US,” St-Jacques shared. 

“For the international part, we are the only one recognized by Adobe. We were the only platform certified with EIDAS, with the highest standards,” Drolet explained.

Looking Ahead as Old Barriers Come Down

While the situation has not been ideal for anyone, the speed with which many have had to respond to this serious outbreak has led to some positive changes. “Usually it would be a structured and siloed process. Now, everyone is scrambling and can take initiative,” Drolet shared. “They see the value and what used to take weeks, now takes 15 minutes. Unfortunately, the pandemic was the driver.” 

So, what does the future look like?

For digital identity, Drolet predicts a surge in interest and adoption. “Who are your competitors in the ID space? The bad guy used to be the pen, now even that guy is going away,” he said.   

For industries, St-Jacques envisions lasting change. “I really don’t see people going back,” St-Jacques predicts. Old concerns about security, processes, and reluctance to change are being dissolved, as the rapid changes set precedent for what’s possible.

No matter what comes to pass, digital identity will be an important lever for success. Join Canada’s digital identity ecosystem to be a part of leading the change.
The Pan-Canadian Trust Framework ensures privacy, security, and accessibility remain features of our economy as all industries face a global push to go digital. Learn more about how DIACC is aligning organizations across industries, sectors, and Canada toward digital transformation.

Spotlight on Peer Social

1. What is the mission and vision of Peer Social? 

Peer Social is a team of dedicated decentralists who are researching and developing new architectures and technologies to solve some of the most pressing problems of our time—starting with social media. We are committed to eliminating the dynamic of user exploitation, which has become commonplace on the social internet.  

Social networks and centralized Cloud service providers require users to agree to terms which include giving up control of their personal data in return for using their network or service. They use this agreement as a blanket authorization to host, track and store, their users’ online activities and behaviours. The Surveillance Capitalism business model represents the worst excesses of the social Internet—we are here to change it.

Over the past 2 years we have assembled a super-talented team of security architects, designers, developers, and some of the world’s best academic researchers to build a secure, distributed, mobile networking app, which allows users to create their own private network (using a secure blockchain)—it’s called Manyone. Manyone is a safe, digital environment where users control their personal information, connections, and unique personas. 

We want to fix content moderation, content hosting, and the ownership problems of today’s social Internet by giving users decentralized ownership and control of their data. We want everyone to have a self-sovereign, self-hosted, digital identity. 

2. How will digital identity transform the Canadian and global economy? 

Users having a real, verifiable, trusted, digital identity solution is the ambition of every person, country and every business. Enabling one true digital identity for every human would improve access to services like healthcare, government, and banking by uncoupling this access from traditional identity issuers—this would give the under-privileged and under-banked the ability to establish their own unique digital identity. 

Economies around the world, including Canada, are going to need to rebuild quickly. Imagine a world where all people had their own self-sovereign digital identity. By establishing immutable links to every citizen at the individual level—we would remove the friction (measured in both time and money) associated with accessing online services/support. Digital access that is efficient, secure, and convenient for everyone is key in helping rebuild and transform economies. 

3. How does your organization address the needs of this transformation?

Peer Social focuses on an increasingly important component to any digital identity architecture by enabling true, verifiable, self-sovereign digital identity. 

Any individual user, business or government wanting to create a self-sovereign digital identity can do so by recording it on a personal blockchain and securely sharing it with other people and institutions over a private distributed network.

We aim to deliver the simplest, yet most powerful, self-sovereign, verified, decentralized digital identity platform we can for our users.

4. What role does Canada have as a leader in this space? 

Canada is in a unique position to take a leadership role in the global digital identity market by already possessing a foundation of ‘trust’—essential for any successful solution. Brand Canada has a lot of admirers around the world and it is easy to imagine a robust and cutting edge, Canadian-built digital identity solution gaining wide acceptance at a global level.

In today’s world, Canadians are more likely to trust a self-sovereign, digital identity solution that is architected and built in Canada. In fact, a digital identity solution produced in Canada is more likely to be accepted as a global standard due to Canada’s reputation as a fair and open society.

5. Why did your Peer Social join the DIACC and what else should we know about your organization? 

Peer Social joined DIACC to become more engaged (at the policy level) in the Canadian digital identity conversation. We live in interesting times, where a lot of attention is being paid to digital identity and how to produce the best solution to meet the needs of traditional identity issuers like banks and governments—while still respecting individual users’ civil liberties. Joining DIACC is a great way to connect and listen to what others have to say—as well as add our voice to the discussion.

Keep an eye on Peer Social. We are launching our first generation, decentralized, self-sovereign, digital identity mobile App, Manyone, very soon— allowing each of us to take our first steps towards a self-sovereign, digital future.