Notice of Intent: DIACC is collaborating to develop and publish the Authentication component of the Pan-Canadian Trust Framework (PCTF) to set a baseline of public and private sector interoperability of identity services and solutions. During this public review period, DIACC is looking for community feedback to ensure that the conformance criteria is clear and auditable.
To learn more about the Pan-Canadian vision and benefits-for-all value proposition please review the Pan-Canadian Trust Framework Overview.
Document Status: These review documents have been developed by members of the DIACC’s Trust Framework Expert Committee (TFEC) who operate under the DIACC controlling policies and consist of representatives from both the private and public sectors. These documents have been approved by the TFEC as Final Recommendations V1.1.
Summary:
The PCTF Authentication Component defines:
1. A set of processes that enable access to digital systems.
2. A set of Conformance Criteria for each process that, when a process is shown to be compliant, enable the process to be trusted.
Invitation:
- All interested parties are invited to comment.
Period:
- Opens: January 16, 2024 at 23:59 PT | Closes: February 15, 2024 at 23:59 PT
When reviewing the components Conformance Criteria, please consider the following and note that responses to this question are non-binding and serve to improve the PCTF.
- Would you consider the Conformance Criteria as auditable or not? That is, could you objectively evaluate if an organization was compliant with that criteria and what evidence would be used to justify that?
Review Documents: Authentication
- Conformance Profile Final Recommendation V1.1
- Component Overview Final Recommendation V1.1
- DIACC Comment Submission Spreadsheet
Intellectual Property Rights:
Comments must be received within the 30-day comment period noted above. All comments are subject to the DIACC contributor agreement; by submitting a comment you agree to be bound by the terms and conditions therein. DIACC Members are also subject to the Intellectual Property Rights Policy. Any notice of an intent not to license under either the Contributor Agreement and/or the Intellectual Property Rights Policy with respect to the review documents or any comments must be made at the Contributor’s and/or Member’s earliest opportunity, and in any event, within the 30-day comment period. IPR claims may be sent to review@diacc.ca. Please include “IPR Claim” as the subject.
Process:
- All comments are subject to the DIACC contributor agreement.
- Submit comments using the provided DIACC Comment Submission Spreadsheet.
- Reference the draft and corresponding line number for each comment submitted.
- Email completed DIACC Comment Submission Spreadsheet to review@diacc.ca.
- Questions may be sent to review@diacc.ca.
Value to Canadians:
The purpose of the PCTF Authentication Component is to assure the on-going integrity of login and authentication processes by certifying, through a process of assessment, that they comply with standardized Conformance Criteria. The Conformance Criteria for this component may be used to provide assurances:
· That Trusted Processes result in the representation of a unique Subject at a Level of Assurance that it is the same Subject with each successful login to an Authentication Service Provider.
· Concerning the predictability and continuity in the login processes that they offer or on which they depend.
All participants will benefit from:
· Login and authentication processes that are repeatable and consistent (whether they offer these processes, depend on them, or both).
· Assurance that identified Users can engage in authorized interactions with remote systems.
Relying Parties benefit from:
· The ability to build on the assurance that Authentication Trusted Processes uniquely identify, at an acceptable level of risk, a Subject in their application or program space.
Context:
The purpose of this review is to ensure transparency in the development and diversity of a truly Pan-Canadian, and international, input. In alignment with our Principles for an Identity Ecosystem, processes to respect and enhance privacy are being prioritized through every step of the PCTF development process.
DIACC expects to modify and improve these Draft Recommendations based upon public comments. Comments made during the review will be considered for incorporation into the next iteration and DIACC will prepare a Disposition of Comments to provide transparency with regard to how each comment was handled.