Jun 27, 2021 in Interoperability by DIACC

Request for Comment and IPR Review: PCTF Assurance Maturity Model Draft Recommendation V1.0

This review period is officially closed. Thank you.

Notice of Intent: DIACC is collaborating to develop and publish a Pan-Canadian Trust Framework™ (PCTF) Assurance Maturity Model to set a baseline of public and private sector interoperability of identity services and solutions.

To learn more about the Pan-Canadian vision and benefits-for-all value proposition please review the Pan-Canadian Trust Framework Overview.

Document Status: This review document has been approved as a Draft Recommendation V1.0 by the DIACC’s Trust Framework Expert Committee (TFEC) that operates under the DIACC controlling policies.

Summary: It is essential that Participants in a digital ecosystem have a way to evaluate the robustness and trustworthiness of transactions within that ecosystem. In order to do so, Participants must share a common vocabulary that describes the level of confidence they can associate with an Entity or transaction, as well as a common way in which to determine that level of confidence.

In the Pan-Canadian Trust Framework™ (PCTF), a Level of Assurance (LoA) represents the level of confidence an Entity may place in the processes and other conformance criteria defined in any given component of the PCTF.  Levels of Assurance are elemental in creating networks of trust. Levels of Assurance models only work if all Participants in a digital ecosystem are able to interpret them consistently. It is therefore critical that all Participants in an ecosystem agree upon a minimum set of criteria for each Level of Assurance. Only then will a Relying Party in that ecosystem be able to properly evaluate the risks inherent in a relationship or transaction, and the Level of Assurance that can be placed in Participants, Credentials, and those transactions. The components of the PCTF describe the detailed conformance criteria that should be used to evaluate such Levels of Assurance in the context of a given PCTF component. This document provides guidance regarding how to use those criteria in order to properly classify Levels of Assurance.

Invitation: All interested parties are invited to comment.

Period: Opens: June 27, 2021 at 23:59 PT | Closes: July 28, 2021 at 23:59 PT

Document: PCTF Assurance Maturity Model

Intellectual Property Rights: Comments must be received within the 30-day comment period noted above. All comments are subject to the DIACC contributor agreement; by submitting a comment you agree to be bound by the terms and conditions therein. DIACC Members are also subject to the Intellectual Property Rights Policy. Any notice of an intent not to license under either the Contributor Agreement and/or the Intellectual Property Rights Policy with respect to the review documents or any comments must be made at the Contributor’s and/or Member’s earliest opportunity, and in any event, within the 30-day comment period. IPR claims may be sent to review@diacc.ca. Please include “IPR Claim” as the subject.

Process:

  • All comments are subject to the DIACC contributor agreement.
  • Submit comments using the provided DIACC Comment Submission Spreadsheet.
  • Reference the included PDF to include the corresponding line number for each comment submitted.
  • Email completed DIACC Comment Submission Spreadsheet to review@diacc.ca.
  • Questions may be sent to review@diacc.ca.

Value to Canadians: The PCTF Assurance Maturity Model will provide value to all Canadians, businesses, and governments by setting a baseline of business, legal, and technical interoperability. The DIACC’s mandate is to collaboratively develop and deliver resources to help Canadian’s to digitally transact with security, privacy, and convenience. The PCTF is one such resource that represents a collection of industry standards, best practices, and other resources that help to establish interoperability of an ecosystem of identity services and solutions. The DIACC is a not-for-profit coalition of members from the public and private sector who are making a significant and sustained investment in accelerating Canada’s Identity Ecosystem.

Context: The purpose of this Draft Recommendation review is to ensure transparency in the development and diversity of a truly Pan-Canadian, and international, input. In alignment with our Principles for an Identity Ecosystem, processes to respect and enhance privacy are being prioritized through every step of the PCTF development process.

DIACC expects to modify and improve this Draft Recommendation based upon public comments. Comments made during the review will be considered for incorporation into the next draft and DIACC will prepare a Disposition of Comments to provide transparency with regard to how each comment was handled. 

Thank you for your support and participation in this review period.