The past year has seen a lot of notable accomplishments for the DIACC, which we are proud to share with our members at the June 2020 Annual General Meeting, and with our community in the below report.
Download the DIACC’s Year In Review
Yearly Archives: 2020
Request for Comment and IPR Review: PCTF Credentials (Relationships & Attributes) Draft Recommendations V1.0
STATUS: This review is now closed. Thank you for your participation!
Notice of Intent: DIACC is collaborating to develop and publish a Credentials (Relationships & Attributes) industry standard as a component of the Pan-Canadian Trust Framework (PCTF) to set a baseline of public and private sector interoperability of identity services and solutions.
To learn more about the Pan-Canadian vision and benefits-for-all value proposition please review the Pan-Canadian Trust Framework Overview.
Document Status: These review documents have been approved as Draft Recommendations V1.0 by the DIACC’s Trust Framework Expert Committee (TFEC) that operates under the DIACC controlling policies.
Summary: This component specifies conformance criteria that Digital Identity Ecosystem Participants can use to assess the degree to which the ecosystem protects the use of digital Credentials. The scope of this component includes features of the digital Credential lifecycle and focuses on ensuring transparency and auditability as the primary methods for building trust across the Entities involved. Additional information can be found in the Component Overview linked below.
Invitation: All interested parties are invited to comment.
Period: Opens: June 1, 2020 at 23:59 PST | Closes: July 2, 2020 at 23:59 PST
Document: PCTF Credentials (Relationships & Attributes)
- Component Overview Draft Recommendation V1.0
- Conformance Profile Draft Recommendation V1.0
- DIACC Comment Submission Spreadsheet
When reviewing this draft, consider the following and note that responses to these questions are non-binding and serve to improve the PCTF.
- The purpose of this component is to describe processes related to attributes and relationships. Is that sufficiently clear throughout the document?
- Is the title of this component sufficiently reflective of its contents?
- Are the attributes and relationships processes clearly explained?
- Is the distinction between the Define Attribute process, which describes a type or class of Attribute, and the Bind Attribute process, which describes the creation of an instance of an Attribute, sufficiently clear?
- Is the distinction between the Define Relationship process, which describes a type or class of Relationship, and the Declare Relationship process, which describes the creation of an instance of a Relationship, sufficiently clear?
Intellectual Property Rights: Comments must be received within the 30-day comment period noted above. All comments are subject to the DIACC contributor agreement; by submitting a comment you agree to be bound by the terms and conditions therein. DIACC Members are also subject to the Intellectual Property Rights Policy. Any notice of an intent not to license under either the Contributor Agreement and/or the Intellectual Property Rights Policy with respect to the review documents or any comments must be made at the Contributor’s and/or Member’s earliest opportunity, and in any event, within the 30-day comment period. IPR claims may be sent to review@diacc.ca. Please include “IPR Claim” as the subject.
Process:
- All comments are subject to the DIACC contributor agreement.
- Submit comments using the provided DIACC Comment Submission Spreadsheet.
- Reference the draft and corresponding line number for each comment submitted.
- Email completed DIACC Comment Submission Spreadsheet to review@diacc.ca.
- Questions may be sent to review@diacc.ca.
Value to Canadians: The PCTF Credentials (Relationships & Attributes) Component will provide value to all Canadians, businesses, and governments by setting a baseline of business, legal, and technical interoperability. The DIACC’s mandate is to collaboratively develop and deliver resources to help Canadian’s to digitally transact with security, privacy, and convenience. The PCTF is one such resource that represents a collection of industry standards, best practices, and other resources that help to establish interoperability of an ecosystem of identity services and solutions. The DIACC is a not-for-profit coalition of members from the public and private sector who are making a significant and sustained investment in accelerating Canada’s Identity Ecosystem.
Context: The purpose of this Draft Recommendation review is to ensure transparency in the development and diversity of a truly Pan-Canadian, and international, input. In alignment with our Principles for an Identity Ecosystem, processes to respect and enhance privacy are being prioritized through every step of the PCTF development process.
DIACC expects to modify and improve these Draft Recommendations based upon public comments. Comments made during the review will be considered for incorporation into the next drafts and DIACC will prepare a Disposition of Comments to provide transparency with regard to how each comment was handled.
Thank you for your support and participation in this review period.
DIACC Launches New Special Interest Group (SIG) to Address Foundational Identity
Collaboration is at the core of the DIACC’s work, and we are pleased to announce a new initiative – one that engages multiple stakeholders to further advance digital identity.
We’re pleased to advise that DIACC’s Foundational Identity Special Interest Group (SIG) will launch soon. This is a great opportunity to connect insights. Participation is open to DIACC members and non-members. All are welcome.
This SIG will seek to answer one question: “How can existing birth and immigration record sets be used to improve service delivery and reduce fraud?” This SIG will develop recommendations for a roadmap for improving service delivery and reducing fraud through better identity resolution capabilities.
Reference the Foundational Identity SIG Charter for additional information.
To learn how you can get involved, please contact us at info@diacc.ca.
The DIACC Board of Directors have ratified the formation of DIACC’s first SIG. DIACC SIGs are open to all sustaining members, adopting members, as well as non-members who are interested to convene discussions around a specific interest. SIGs enable more opportunities to connect subject-matter experts around the world.
The concept for this SIG was proposed by DIACC Members Valid8ID Solutions and the Government of British Columbia. The SIG will form to discuss opportunities for ‘Reducing Identity Fraud by Leveraging the Existing Unique Foundational Identities’. A topic that has been presented to DIACC’s Innovation Expert Committee (IEC).
“The work of this SIG is important because, when our foundational identity systems and processes are weak, the opportunity to have strong, well-trusted digital identity solutions is diminished.”
Andrew Johnston, IEC Co-Chair
As the name implies, foundational identity is a key concept, he explained, as components of the Pan-Canadian Trust Framework (PCTF) make reference to “foundational evidence of identity” which is evidence that is commonly kept in a birth registry for example. These records serve as the starting point for official and authoritative identification of people. Unfortunately, fraudsters may take advantage of such systems to defraud government programs and service providers, as well as to impersonate real people.
“If we’re going to build digital identity solutions that can be trusted, building on a solid and trustworthy foundation is fundamental to that mission,” he added.
“For a number of reasons, variants of our legal names are quite commonly used on secondary documents such as driving permits and resident cards,” explained Bill Pezoulas, Co-founder, Valid8ID Solutions. “The disparity between our legal name and the name used on common identifying documents gives rise to inefficiencies in identity validation in service delivery contexts and provides opportunities for identity theft and other kinds of fraud, which cost significant losses to public and private sector institutions.
The Foundational Identity SIG was formed as a forum to examine ways to anchor evolving Digital Identities in the foundational record sets to reduce inefficiency and fraud, Pezoulas said. The anticipated outcome of the group’s discussion is to recommend approaches to engage foundational evidence authorities regarding opportunities to increase trust in our Digital Identity ecosystem and accelerate adoption so that Digital Identity can be a driver of Canadian economic growth.
“When I learned that the birth certificate is the one unique identifier that allows for multiple people to be named John Smith it was an “ah ha” moment,” said Don Waugh, IEC Co-Chair alongside Johnston. The anchor for identity, this document is the method by which a relying party can know which ‘John Smith’ they are dealing with.
Pointing out that, in Canada, the birth certificate is foundational for digital identities and is even more important than SINs, passports and driver’s licence numbers, Waugh said that when identity attributes are anchored to this document, it eliminates the confusion that arises form duplicate names and alternate nicknames.
SIGs are a great way to engage broad Pan-Canadian and international discussions and we expect that more SIGs will be established going forward. Johnston noted that all ideas are welcomed, and topics or challenges of interest should be brought to the attention of the IEC. “The motivating drive of this committee is to organize members of DIACC and the identity community at large to address outstanding problems, kick the tires on new approaches and assist in the alignment of those new approaches to the PCTF,” he said.
OARO: Fighting COVID-19 with Automated Temperature Screening
by Brenan Isabelle, Director, Enterprise Solutions, OARO
As the world is grappling with coronavirus (COVID-19), minds are churning with the desire to come up with innovative ideas. We need solutions, and fast.
Leveraging our OARO ACCESS product line, a physical access control system that uses facial recognition and blockchain identity technology, the team at OARO took a leap forward – offering a technology solution to meet the needs of the current pandemic.
Mainly used to secure areas in New Brunswick’s Saint John Airport, we have expanded this line to now feature an optional body temperature module for fever screening. A common symptom of COVID-19, up to 80 per cent of individuals suffering from the virus may have a higher than normal temperature, making temperature a critical factor to measure. To enable fully automated detection of elevated body temperatures, OARO has integrated the latest generation of smart thermal cameras with our AI-based facial recognition technology. Additionally, with this solution, physical contact at entry points is also greatly reduced.
How does temperature screening work?
Involving both a thermal camera and a visual camera, the two video feeds are streamed back to a computer server that uses facial recognition to automate the temperature screening process. Artificial intelligence recognizes faces in the visual video stream, identifying the best place to measure skin temperature, which is near an individual’s inner eye (the tear duct). It is important to note that this is not a diagnosis, it is simply a screening method.
Why temperature screening in the time of COVID-19?
One issue in today’s health sensitive world is that many physical access control systems use either palm or fingerprint readers, which carry the risk of viral transmission. Thus, there has been a shift towards the use of facial recognition and thermal cameras. Our vision at OARO is to have this integrated within access control or video management systems, optimizing it for large enterprises.
For contactless access control systems, there are two various set-ups: a thermal camera can run automated facial recognition at an entry check-point, and the gate could be configured to open for authorized employees and contractors. Alternatively, smart facial recognition terminals can be installed at doors, and read employee keycards.
What differentiates OARO’s thermal screening approach from other thermal screening approaches?
We are striving to move away from having trained operators, with an entirely automatic system that scans multiple faces so people do not have to stop at screening points.
As with all technologies today, maintaining a responsible approach to privacy by design and data management is key, as is compliance with PIPEDA and Canada’s Privacy Act. If done wrong, this technology has the potential to be quite invasive and “big brother-esque.”
An extremely popular technology today, the current demand for thermal cameras is very high (there is limited inventory across North America)! As businesses are considering this technology, which many are, it is important to remember that, despite being in a pandemic situation, identity and privacy needs must be continually upheld. As many of the current systems were not built on privacy by design principles, our goal was to take a modern, blockchain and cryptographic approach to this, rather than one that is centred on surveillance and big data.
Learn More about DIACC member initiatives and identity solutions including OARO’s within the COVID-19 Actions Directory, where we are pleased to share the actions taken to address the demands of these extraordinary circumstances.
About the Author: Brenan Isabelle
Brenan is the Director of Enterprise Solutions at OARO. Brenan’s background is in private equity and venture capital investments. Prior to this, he was a strategic and operations consultant at Deloitte — the largest professional services network in the world and a bond trading analyst at Scotia Capital. He holds an MBA in finance from Dalhousie University and a BBA from St. Francis Xavier University. Outside work, Brenan is an expert skydiver with over 3,700 logged parachute jumps.
Reliance on the Internet and the Battle Against COVID-19 Highlight the Need for Multi-Channel Authentication
By Karl P. Kilb III, CEO, Boloro Global Ltd.
Today, as COVID-19 rocks the world, the importance of digital identity solutions are only emphasized. We are pleased to share a number of guest blogs in the context of the DIACC network, showcasing members with capabilities, solutions and forward-thinking ideas surrounding the pandemic.
Learn more about DIACC member initiatives and identity solutions within the COVID-19 Actions Directory, where we are pleased to share the actions taken to address the demands of these extraordinary circumstances.
Due to the COVID-19 pandemic, society is moving towards an increasingly virtual lifestyle, as many of our daily activities are now taking place in the digital realm, including online banking and eCommerce. We are all traveling non-stop on an information superhighway that was not built with safety and security in mind, as the Internet was built for mass dissemination of information and not for secure transactions and other risky activity that could allow fraudsters to run rampant with identity theft. We see stories each day about emails being hacked and Operating Systems being subjected to malware, making online activity inherently vulnerable to fraud. Our increased reliance on online activity during the current pandemic highlights these long-standing problems, as SIM Swaps, email hacks, malware, man-in-the-middle attacks and other forms of fraud are all rising dramatically. The decentralization of customer support desks may also be contributing to the ability of fraudsters to wreak havoc on current security systems in place.
So, what can be done to put real security in the hands of consumers?
As activity on the Internet and Operating Systems are increasingly becoming easy prey to sophisticated fraudsters who routinely exploit this single point of failure, we need to consider new approaches to security that avoid such systems. Security should not only be multi-factor, but also multi-channel, eliminating the vulnerabilities of a single point of failure. “In app security” is still touching the inherently vulnerable Internet, meaning its users are still putting all of their eggs in an unstable basket. Out-of-band security is one option that stands as a viable alternative, meaning, when activity is on one channel, authentication should be on a separate channel, providing an independent lock-and-key that cannot be intercepted and compromised.
At a time when the world is increasingly becoming aware of the inherent vulnerabilities of virtual technologies, we are also seeing the dangers of physically touching public Point of Sale devices, ATM keypads, finger scanners, or anything that could spread the virus. During a time of social distancing, conducting multi-factor and multi-channel security safely on one’s own device is an effective approach.
Along with data protection and privacy, authentication processes must also be considered. In Europe, for instance, the Payment Services Directive (PSD2) defines Secure Customer Authentication, and the General Data Protection Regulation (GDPR) defines the guidelines for protection of personal data, regardless of the form it might take. There is a need to address both. One way this can be achieved is with a multi-channel approach that provides real security (both what you possess and what you know). Authentication should strive to provide assurance to the question “Is this really you?” without being unnecessarily intrusive in its use of a consumer’s personal data.
At Boloro, we believe that authentication should be multi-factor and multi-channel, separating the security process from the activity itself in order to avoid the vulnerabilities of a single point of failure. Authentication should be secure, user-friendly, instantaneous and compatible with all mobile phones, giving everyone the opportunity to safely, securely and seamlessly participate in the global economy and social media using what should be their most trusted device – their own personal, mobile handset.
We should all strive to work together to make the world safer and healthier, and doing this through secure mobile activity is one of the ways we can work towards achieving this goal.
About the Author: Karl P. Kilb III
Karl P. Kilb III has been the CEO of Boloro Global Limited since October 2016, focusing on the licensing of Boloro Authentication for all forms of identity verification and activity validation. Boloro Authentication is patented in 84 countries and approved by the GSMA, among others. Prior to Boloro, Kilb was a pioneer in data, analytics, media, and electronic trading at Bloomberg LP, serving as General Counsel for more than 15 years. Kilb regularly lectures on identity verification, cyber security, fraud prevention, and welcomes exploring collaboration opportunities.
Self-Assessment: CitizenOne by Vivvo
This document is intended to be used by identity network providers that want to demonstrate how their solution fits into the framework and requirements as described in the Making Sense of Identity Networks white paper. This self-assessment is an informal way to illustrate the concepts discussed in the white paper and has been reviewed by Consult Hyperion to ensure it is objective, accurate, and aligns with the framework.
View the self-assessment: CitizenOne by Vivvo
Self-Assessment: Verified.Me by SecureKey Technologies Inc.
This document is intended to be used by identity network providers that want to demonstrate how their solution fits into the framework and requirements as described in the Making Sense of Identity Networks white paper. This self-assessment is an informal way to illustrate the concepts discussed in the white paper and has been reviewed by Consult Hyperion to ensure it is objective, accurate, and aligns with the framework.
View the self-assessment: Verified.Me by SecureKey Technologies Inc.
A Summary: Making Sense of Identity Networks
Who do identity networks serve, what functions do they support, and what are some key questions to consider, when selecting a network? This infographic distills the key concepts laid out in the DIACC white paper Making Sense of Identity Networks, based on research performed by DIACC member Consult Hyperion and developed in consultation with DIACC members.
Download the infographic: Making Sense of Identity Networks Infographic
Download the paper: Making Sense of Identity Networks
Making Sense of Identity Networks
This DIACC white paper is based on research performed by DIACC member Consult Hyperion and developed in consultation with DIACC through a community review process, provides an objective and impartial comparison of identity networks. Considering the different types of identity networks that currently exist or are being developed, and using ‘Mary’ as an example, the paper presents a high-level framework with which to understand and assess them, offering guidance to those who are considering participating in such a network.
Download the paper: Making Sense of Identity Networks
Read the infographic: Making Sense of Identity Networks Infographic
Reference industry self-assessments: Verified.Me by SecureKey Technologies Inc.; CitizenOneTM by Vivvo
How does this apply to your solution? Contact us to contribute a self-assessment
Yoti’s Commitment to Doing Good During the COVID-19 Pandemic
by Leigh Day, Business Development Manager, Canada, Yoti
In response to the COVID-19 pandemic, the team at Yoti made a pledge. We are offering free, contactless identity verification for health organizations and volunteer initiatives working on the front lines. Using our existing technologies, we have been able to achieve positive change, in light of this crisis, reaching a wider audience and assisting those in need.
Remotely and safely onboarding workers at scale
Yoti’s pledge revolves around several use cases, one being healthcare workers coming out of retirement on a volunteer basis, to aid in the COVID-19 efforts. After taking just a few minutes to download the free Yoti app and create their account, the worker can then scan a QR code on their employer’s website to remotely and securely verify their identity and be onboarded. A revocable Staff Digital ID card is then issued into their Yoti app, which they can present when reporting to a hospital to prove their identity and employment. Recruitment can be done remotely, without the need for face-to-face contact.
This solution has been deployed by the UK’s National Health Service (NHS) in April, 2020. Putting employees’ NHS ID cards directly onto their phones will help improve the onboarding of new NHS staff, as identity can be proved online and in-person within seconds, allowing these front line workers to provide the immediate medical assistance needed.
Lessening regulatory headwinds and rapid regulatory advancement
The pandemic and associated lockdowns are forcing many organizations to confront the challenge of remote identity verification in order to adapt and ensure they can provide their services effectively. We are seeing certain regulators embracing digital identity solutions, paving the way for rapid technical innovation. Businesses and regulators are realizing that digital identity solutions enable safe business continuity during this unprecedented time. This, we believe, is a step in the right direction.
For instance, the Canadian real estate industry has been largely disrupted, as real estate agents cannot hold open houses, and land title laws still require in-person identity verification plus wet ink signatures on contracts. Digital identity verification and e-signatures could be allowed, removing the requirement for notaries and clients to meet in person.The time to innovate is now, in real estate and beyond, and businesses that do not adapt quickly enough risk losing their position to those that do, and to new businesses entering the market.
email).
Emphasizing the need for true innovation, rather than manual workarounds
In response to this crisis, we are also seeing relaxation of identity verification requirements to enable business continuity. In B.C. for instance, car insurance is provided by the Insurance Corporation of British Columbia (ICBC). Insurance regulations are decades old and don’t currently contemplate digital identity solutions. To maintain social distancing, ICBC is applying temporary variance from normal in person identity verification in allowing certain transactions to be completed remotely, rather than in person, by phone or email. Instead of innovating and permanently adopting a digital ID solution for verification, this body is creating a temporary and risky work-around. A step away from innovation, this is where fraudsters can thrive.
Where solutions exist, they should be integrated, and digital ID solutions do exist. Yoti already has a diverse set of products, ranging from an electronic signing solution to enable the remote signing of documents, as well as ID verification solutions. Other technology providers offer their own innovative solutions as well, many of who are members of the DIACC.
Many of these products are already built, they just need to be adapted to the situation at hand. For digital identity adoption globally, this is a massive opportunity.
Learn More about DIACC member initiatives and identity solutions including Yoti’s within the COVID-19 Actions Directory, where we are pleased to share the actions taken to address the demands of these extraordinary circumstances.
About the Author: Leigh Day
A veteran Cyber Security Executive turned Digital ID evangelist, Leigh is helping expand Yoti’s global presence by driving new business and growth across Canada and the US, and representing Yoti within the Digital ID and Authentication Council of Canada, sitting on expert committees and contributing to the development of the Pan Canadian Trust Framework.