Tag Archives: digital identity

DIACC Women in Identity: Deborah Moore

DIACC is hosting a series of spotlights showcasing our amazing female DIACC members in the digital identity space, noting the importance of diversity. These spotlights will be regularly socialized through DIACC’s LinkedIn and Twitter channels as well as our monthly member newsletters.

If you’re a DIACC member and would like us to feature your spotlight, contact us today to learn more!

What has your career journey looked like?

My curiosity paved much of my career path. It certainly wasn’t a linear or traditional path. There were a number of leaps forward largely into uncertainty fuelled by emerging digital opportunities throughout my career. And, there were a few pauses as well to grow wee ones and fight with cancer along the way. A quest for learning and higher education throughout my career propelled me forward and continues to fuel my passion.

When you were 20 years old, what was your dream job and why?

When I was 20 I wanted to be an engineer. It was the creative and innovative aspects of the job to solve problems for people and improve their lives that interested me. I was keenly aware that it was male dominated profession at the time and this opportunity/challenge didn’t deter me – quite the opposite.

As a female leader, what has been the most significant barrier in your career?

There’s no doubt that at times, gender bias has come into play but equally it was the limitations or unconscious beliefs that we impose on ourselves as female leaders that created a few obstacles for me as well.

How do you balance work and life responsibilities?

Balance – what balance? More seriously, one of my mentees asked me how I do ‘it all’. For her, it appeared that everything was seamless as I managed the demands of my career, school, and a young child. I realized it appeared that way but in truth, I had help. I had a support system and sometimes things were a bit chaotic. I just didn’t expect perfect balance and thrived as things ebbed and flowed.

How can more women be encouraged to pursue careers in the digital ID/tech space?

There are three key areas to focus on STEM education targeted on girls, sustained promotion of digital ID and tech careers as being well suited for women and propagating images that negate gender/racial stereotypes. Women need to see digital and tech roles as a compelling option and more prominent female representation, particularly in leadership roles to illustrate the interesting career options and progression opportunities in tech. Finally, all genders of leaders have a role in empowering women, making space for and ensuring they have a voice.

What are some strategies you have learned to help women achieve a more prominent role in their organizations?

Strategies are often dependent on their situation but here are a few basics. First, helping them to identify any limiting beliefs that may be holding them back. Often times, it’s not the lack of opportunity but the lack of confidence that can hold women back, for example, the feeling that they need to know it all before taking the next step. Second, I reinforce that value of building your network, establishing a mentor, a coach and a sponsor to grow and support progression as well as being a mentor to other women. Lastly, I suggest they take a leap, be bold, own their voice, and not be afraid to make mistakes.

What will be the biggest challenge for the generation of women behind you?

Gender imbalance will continue to be a challenge and their opportunity is work together to see the sky undistorted by glass.

What advice would you give to young women entering the field?

Building the digital economy is an imperative to our economic and societal wellbeing, particularly for our economic recovery from the pandemic. The opportunity for young women is boundless and their participation and voices are needed at all levels to create a sustainable and equitable future for all.

Deborah Moore is the Director of Digital Transformation at Celero.

Decentralized Identity and DIACC PCTF Authentication

While the Authentication component may have been mostly developed before Decentralized Identity approaches emerged, this document demonstrates that Authentication is applicable in the context of Decentralized Identity systems and encourages service providers not to lose sight of good security practice even in the face of new approaches.

Download the paper.

Decentralized-Identity-and-DIACC-PCTF-Authentication-1

Digital ID, the next step to easier, more convenient government services for citizens

Contributions made by members of the DIACC’s Outreach Expert Committee

Across the country, governments are grappling with digital transformation, in an effort to offer services to citizens and businesses with greater flexibility and ease of access. With COVID-19, these efforts are all the more pressing to enable service at a distance and recognize that many people have settled into a new, more remote way of operating.

Moving governments online is not a new focus. Governments have been tackling this transformation for well over 10 years. As technology has advanced and people have grown comfortable transacting digitally, government efforts have also increased to put more information and services online. Yet, the more complex services, (i.e., ones that deal with sensitive data, require multi-ministry involvement, or involve large payouts by way of grants or loans), still generally remain offline, largely due to one key problem: proving that the person behind the computer is who they say they are. The answer to this problem is digital ID.

Digital ID is the ability to identify someone electronically and confirm that they are the right person for a specific activity. When coupled with program information, a Digital ID can help confirm that the person has permission or authorization to carry out a transaction or activity. When delivered well, it offers citizens and businesses improved data security, increased flexibility to access government services when and how they want, and ultimately is a key foundation for accelerating our digital economy. Just think of all the times in banking, education, health and even buying alcohol where you’re required to produce a physical ID.

In a digital ID world, improved privacy and security can complement convenience, rather than inhibit it. The old ways ask us to show up in person for a signature or to show ID, or to fill out a form with all sorts of personal information that is then collected and stored where it’s left susceptible to hacks, and frankly, simply becoming out of date. Digital IDs allow us to confirm information without storing it. Governments can ask you for personal information – an address, birthdate, or even your photo – and compare it against sources of truth like vital stats or the driver’s license database. But then, critically, that information is discarded. No additional storage and you’ve proven it’s you without leaving your own home.

The promise has been significant, but until recently it has been inhibited by immature technology, a lack of standards to build trust and safeguard Canadians, and with few exceptions, a lack of public-sector investment to dig in and get digital IDs delivered across the country. Fortunately, in the last few years that’s all started to change.Both Alberta and British Columbia have launched digital IDs, with BC including a mobile card and a Verify by Video option. Provinces like Quebec have madesignificant investments, and other jurisdictions likeOntario, Saskatchewan, Yukon, Nova Scotia, Newfoundland, Prince Edward Island, and New Brunswick are nudging into the space with pilots, proofs of concepts and digital ID components offered through their single-sign ons. Enabling the broader digital economy is also on the horizon. Digital documents, such as government-issued licences, permits, and education credentials, are envisioned to support digital trade and commerce, and to enable individuals and organizations to participate in the digital economy and society.

In short, federal, provincial, territorial and municipal collaboration is coalescing like never before, with strong leadership and a sense of purpose. Digital ID solution providers are emerging in Canada’s tech sector, thanks in part to creative challenges, pilot projects and investment from the public sector. The Pan-Canadian Trust Framework, and its public sector counterpart, the Public Sector Profile, have emerged to provide the blueprints for digital ID in Canada and are being accelerated with the increasing realization that social distancing is here to stay, for a while.

Once we have the confidence that the person on the internet is truly who they say they are, that they are a legitimate, verified person, it opens up a whole new world of possibilities. We can start to attach proofs to digital ID, like proof of vaccination or essential worker status. We can use digital IDs to prove online that we’re the correct person to write an exam, sign a mortgage or contract, or stamp blueprints.

We can use digital IDs to speed up lines at the airports, borders and other secure access points with trusted, reliable ‘scan and go’ systems, and we can use digital ID to help maintain that all important social distancing, protecting the safety of workers and citizens by not having to hand over your physical ID card and instead presenting your phone to be scanned. Digital ID offers Canadians improved data security, enhanced access and increased flexibility when dealing with governments, and ultimately will support ushering in an enhanced digital economy.

Governments across the country are working harder than ever to make digital ID a reality. The necessary investment, focus, and accelerators that allow governments to move with trust and confidence are finally starting to come together. With COVID-19 still very much present, now more than ever is the time to make the shift. Look to the DIACC to learn more about digital ID and primary accelerators like the Pan-Canadian Trust Framework and the ever growing vendor community working to verify identity online.

La COVID-19 a accéléré la demande des Canadiens pour une identité numérique

Selon une étude du Conseil canadien de l’identification et de l’authentification numériques, trois quarts des Canadiens trouvent important d’avoir une identité numérique sûre et fiable qui protège davantage la vie privée pour effectuer des transactions en ligne en toute sécurité

lire le rapport ici

lire le résumé du rapport ici

lire le résumé du rapport d’une page ici

Toronto, le 16 février 2021 – Alors que le nombre de Canadiens et d’entreprises qui font le saut en ligne augmente en raison de la pandémie de COVID-19, les trois quarts de la population estiment important d’avoir une identité sûre et fiable qui protège davantage la vie privée pour effectuer des transactions en ligne en toute sécurité. 

« Qu’il s’agisse de recevoir des prestations d’urgence liées à la pandémie, de s’assurer que les dossiers de santé sont exacts ou d’aider les enfants et les jeunes à étudier en ligne, une identité numérique sûre est essentielle de bien des façons pour le fonctionnement de la vie quotidienne pendant une pandémie », a déclaré Joni Brennan, présidente du Conseil canadien de l’identification et de l’authentification numérique (CCIAN). La pandémie a mis en évidence la nécessité pour les gouvernements d’agir avec urgence pour investir dans l’infrastructure numérique nécessaire afin que les Canadiens reçoivent les services dont ils ont besoin et que les entreprises canadiennes puissent participer pleinement et en toute sécurité à l’économie numérique mondiale. »

Selon l’étude, la majorité des Canadiens estime important que les gouvernements fédéral et provinciaux agissent vite pour instaurer une identité numérique d’une manière sécuritaire et sûre. Il ressort également de l’étude qu’une collaboration entre les gouvernements et le secteur privé continue d’être considérée comme la meilleure approche pour créer un cadre d’identité numérique pancanadien.

« À l’heure où les décideurs réfléchissent à la façon idéale d’investir pour soutenir la relance économique post-pandémie du Canada, l’attribution à tous les Canadiens de justificatifs d’identité numérique de confiance doit être une priorité », a indiqué Dave Nikolejsin, président du Conseil du CCIAN.

Maintenant que le gouvernement fédéral axe ses efforts sur la relance post-pandémie, c’est censé du point de vue économique d’investir dans l’identité numérique, surtout pour les petites et moyennes entreprises. Les PME pourraient profiter de l’impact de l’identité numérique pour améliorer des processus qui sont actuellement ardus, en particulier dans les cas où les entreprises doivent fournir une preuve d’identité à d’autres compagnies. Sachant que les PME comptent pour environ 30 pour cent du PIB total du Canada (450 milliards de dollars), il suffirait qu’une PME moyenne gagne un pour cent d’efficacité en ayant accès à une identité numérique de confiance pour rapporter potentiellement 4,5 milliards de dollars en valeur ajoutée aux PME et réinvestissements dans l’économie canadienne.

L’identité numérique est essentielle pour protéger la vie privée au Canada

Les participants à l’étude ont indiqué que la sûreté, l’efficacité et la protection de la vie privée sont les trois principaux avantages de l’identité numérique. En outre, de très nombreux Canadiens veulent des solutions qui s’appliquent aux secteurs tant public que privé. 

« Maintenant que le ministre de l’Innovation, des Sciences et de l’Industrie François-Philippe Champagne a présenté le projet de loi C-11, qui édicte la Loi sur la mise en œuvre de la Charte numérique, afin d’introduire dans le secteur privé des mesures destinées à protéger les données des consommateurs, c’est impératif que la législation tienne également compte du secteur public », a affirmé Joni Brennan.

Une identité numérique aiderait à protéger les données des Canadiens et faciliterait l’accès aux services à l’échelle du gouvernement alors que nous traversons la pandémie et nous dirigeons vers la reprise. C’est pourquoi il faut adopter le cadre de confiance pancanadien.

Étant donné cette nouvelle étude et ses données irréfutables, c’est le moment idéal pour les gouvernements d’investir pour faire de l’identité numérique une priorité nationale en termes de politique publique. 

À propos du CCIAN

Fruit du groupe de travail du gouvernement fédéral chargé d’examiner le système de paiement, le DIACC est une coalition à but non lucratif de leaders des secteurs public et privé qui se sont engagés à développer un cadre canadien d’identité et d’authentification numériques afin que le Canada puisse participer pleinement et d’une manière sécuritaire à l’économie mondiale. Les membres du DIACC incluent des représentants des gouvernements fédéral et provinciaux ainsi que des leaders du secteur privé. Pour plus de renseignements, visitez diacc.ca.

À PROPOS DE L’ÉTUDE

Burak Jacobson Research Partners est une firme d’études de marché qui offre des services-conseils complets et a son siège social à Toronto, en Ontario. Fondée en 1981, Burak Jacobson a mené plus de 4 000 projets de recherche dans 39 pays et diverses industries.

Protecting Privacy While Reopening Economies

The Value of the Pan-Canadian Trust Framework

Co-written by Kaliya Young, IdentityWoman & Joni Brennan, DIACC President

Around the world, people are suffering due to the disruption caused by the COVID-19 pandemic. Some of this suffering is due to the need to move education and work to take place fully online. Many workplaces have moved their workforce to be remote.  However, not all workplaces are able to function remotely. (Examples goods and essential services, pharmacy, travel etc…) Workplaces that are not able to operate remotely have shut down or limited hours and capacity severely.  This puts a massive strain on economies.  

In the past we have talked about Digital Identity as a convenience to make it easier for people to transact with cybersecurity and privacy protection. Now, when we talk about security, the conversation is urgent and focused on life security.  People are asking, “Will I be able to continue to work? Will I be able to put food on the table?”  

Governments and businesses are urgently looking for tools to safely reopen and restart economies. 

About CLEAR

In the U.S., large cities are considering proposals that delegate the management of phygital (physical-digital) identity to CLEAR, a U.S. based company, so that cities can “safely reopen” their local economies by requiring people who want to navigate the city to have a CLEAR ID and link it to their health record/COVID status. 

CLEAR offers a service that replaces a physical ID check with a biometric scan of a person’s eyes and fingertips. In some locations, this service allows passengers to move through airport security faster. 

CLEAR is like “login-with Facebook” or “login-with Google” where people are required to get into websites to have a relationship with these private identity providers where CLEAR’s service straddles both the physical and digital worlds. 

Just as Facebook or Google login tracks and surveils you and your behaviours, the CLEAR approach could essentially track and surveil people in the physical world. This approach also has the potential to delegate authority to manage access to public spaces by a single private sector entity. Without an agreed on and adopted framework, this type of approach could have the effect of restricting freedom of movement to be managed by a single private sector entity.  

Why Trust Frameworks Matter

As businesses and governments are looking for tools to safely reopen and restart economies.  Tools for reopening are an important part of the challenge.  Tool development and tool selection in these scenarios must be guided by “rules of the road” that put people and socioeconomic security at the centre of the design. 

Without transparent operational guidance, people’s privacy and personal freedoms may be compromised. By having a set of operational rules, decision makers will have the capacity to make better decisions that will enable the public to trust that the tools being implemented have been designed to respect their best interests. 

The Pan-Canadian Trust Framework represents a set of operational rules that have been developed by public and private sector leaders to enable a diversity of public and private sector organizations to provide services and solutions that could help to restart the economy.  

By having a Pan-Canadian Trust Framework, the playing field could be leveled to enable a diversity of entities to play a role in safely reopening economies with privacy and personal data protections built in by design. 

The Pan-Canadian Trust Framework has been built with privacy and consent to personal information disclosure embedded into all aspects of the design. The Pan-Canadian Trust Framework has been designed to measure the implementation of assurance, security and privacy practices in networks and solutions that are built on various (and often different) technologies. 

For more information about how your organization can adopt or help to shape the Pan-Canadian Trust Framework please visit diacc.ca or contact us at info@diacc.ca.

La pertinence des portefeuilles numériques

Les progrès récents dans le niveau de perfectionnement des systèmes d’identité numérique redonnent à l’utilisateur le contrôle de ses informations et de sa vie privée. Un élément important de cette avancée est le portefeuille numérique pour les utilisateurs. Ce document présente ce qu’un portefeuille numérique de confiance devrait viser à faire. Sans lui, les développeurs de logiciels sont laissés à eux-mêmes et l’offre du marché sera fragmentée, ce qui retardera ultimement l’adoption d’une solution d’identité numérique centrée sur l’utilisateur.

Télécharger l’article.

Making-Sense-of-Digital-Wallets_FR2

The Next Evolution of Levels of Assurance in Canada

Levels of Assurance (LOA) play a foundational role in the world of standards, digital identity, and digital transactions. Put simply, LOA is the degree of confidence in the validity of a claim, process, or authentication. In the sphere of digital identity, it is a necessary model to verify that the person or entity claiming an identity is the entity to which that identity was assigned. 

Most Canadians don’t think too deeply about LOAs, and yet most Canadians interact with these models, unknowingly, at some point in their lives. For example, Canadian experience LOAs when opening a bank account, demonstrating qualifications for a government service or benefit, making an insurance claim, or wiring money to a client or family member. 

Organizations that use LOAs to inform their policies and processes often have dedicated strategies and teams, working out contingencies and approaches to maximize security in Canada and internationally. These teams often face challenges interacting with other service providers, meeting different standards across jurisdictions, and minimizing friction for clients accessing their services.

How the Current LOA Model Works

Imagine two people, Samir and Aiya, are trying to apply for a small business loan. Both women have very strong credentials, a passport, driver’s license and the requisite business records. Samir and her credentials are linked through a knowledge-based authentication (KBA), and are accepted after answering a security question she previously populated about her father’s middle name. Aiko and her credential are linked with an in-person ceremony, as she went to her local bank branch with two pieces of identification and her business records to complete the loan application. Aiya’s scenario offers a stronger LOA and Samir’s a weaker LOA. Despite these differences, Canada’s federal LOAs currently dictate that Samir and Aiya both have the same assurance. 

In Canada and many places around the world, it is common for LOA structures to combine a number of factors into a single score. The result is an obscured view of the risk factors and authentication. This lack of granularity into the LOAs of specific capabilities is a challenge present in the construct of LOA models around the world. The deciding factor regarding acceptance of an identity comes down to Relying Parties (parties who rely on the validity of identities) who determine their own risk profiles. 

In this case, the relying party is the bank. The banker helping Samir and Aiya also benefits from a stronger LOA as they sign off on the business loan. In addition to building a stronger relationship with the client, they are able to manage their portfolio with confidence.

There is widespread agreement the current LOA model in Canada is inadequate. While LOAs serve a purpose, they are not transparent and dynamic enough to address the myriad digital solutions and scenarios of today. Internationally, single LOA schemes are no longer state of the art and today’s requirements necessitate separate evaluation for specific capabilities. In the DIACC community, there is consensus that there must be separate schemes for credentials and identity, at a minimum, in order to be useful in the widest possible range of scenarios and contexts. An improved assurance model should be capable of asserting identity and credentials at different levels.

Envisioning a New Risk-based Model for Assurance

A risk-based model offers a more enduring, user- and industry-friendly path forward that enables existing LOA schemes to participate while building for a more dynamic and scalable digital ecosystem. The notion of leveraging a risk-based model is highly applicable as the application of LOAs  today are best determined by performing a threat or risk analysis. The risk-based model must address the likelihood and impact of something happening, and the appropriate mitigation approach. 

LOA is essential in determining liability and risk; offering a clear understanding how a Subject (customer or citizen) and a Relying Party (company or government service) can validate that they are who they say they are. It is a central component in being able to determine whether a transaction should proceed. 

The risk-based starts by assessing risk first and then the approach drives more value for organizations, as they confront the baseline of their current systems and assess risk realistically. It also helps adopters improve their systems through motivation to  reduce or remove risks through various types of mitigation.

DIACC is on a mission to rapidly deliver a modern, risk-based LOA model that is…

  • Risk-based
  • Directive and illustrative
  • Non-prescriptive in execution
  • Evergreen
  • Deterministic in implementation and assessment
  • Congruent with existing state of the art and best practices
  • Inclusive in support of both the private and public sector
  • Supportive of evolving needs on credentials and bindings

The impact of this evolution is far-reaching, and will ensure that the  Pan-Canadian Trust FrameworkTM is strong and resilient over time. This evolution takes a framework-wide approach to address interdependencies, independencies, and support communication across platforms. This new approach ensures scalability over time as technologies and their uses evolve.


DIACC has engaged a small, representative team to rapidly deliver a new model to support the PCTF, which launched September 15, 2020. The model will benefit from the DIACC’s well-documented peer and public review process. Members can contact info@diacc.ca to contribute. Non-members can get in touch to learn more.

Newer Entries »