The Pan-Canadian Trust Framework ™ (PCTF) is an economic benefits focused set of resources that are developed in collaboration in the DIACC’s Trust Framework Expert Committee (TFEC), published by the neutral governance of the DIACC, and benefiting from the broad input of the economic sector and from Canada’s federal, provincial, and territorial representatives of the Joint Councils Identity Management Subcommittee (IMSC).
PCTF describes the roles and requirements to be agreed on by participating public and private sector organizations, to meet current and future Canadian innovation needs. PCTF documents and artifacts are intended to secure interoperability of public and private sector identity capabilities while prioritizing user-centred design, privacy, security, and convenience of use.
PCTF Discussion Drafts and Draft Recommendations are released in a phased approach to work in the open where all Canadians and international interested parties are invited to submit comments.
PCTF is developed as an open public resource. PCTF will always be freely available to the public for review and adoption. Drafts are continually made available for public review and input. PCTF is developed under DIACC’s neutral good governance policies and procedures.
|P1001||August 1st, 2016||Pan-Canadian Trust Framework |
English / French
|The PCTF exists to enable the Canadian digital identity|
ecosystem and will be used to identify applicable existing policy and technology standards that meet the needs defined in the PCTF. The PCTF may be used to identify future areas for collaboration, development, and standardisation.
The PCTF leverages the outputs and previous accomplishments of the IMSC through collaboration with the Canadian economic sector. The PCTF develops mechanisms for digital identity ecosystem participants to interact with integrity based on common terminology, concepts and technical specifications. The PCTF is designed to be suitable for digital
identification, electronic authentication, online credential, and authorization systems used to provide services to government entities, citizens, business partners, and customers.
| Canadian citizens and consumers, i.e. end users, are the ultimate beneficiaries of trust that is achieved through service standardisation and accountability to the PCTF. The intended participants and implementers of the PCTF are government, commercial, non-profit, and other entities who offer and|
consume identity services in support of their business and program activities.
|P1002||February 12th, 2019||Pan-Canadian Trust Framework |
|Draft Recommendation |
|This document provides the high-level model of the PCTF and a recap of PCTF contextual information, goals, and objectives. This document also outlines functional areas that are the primary focus of the PCTF. The outline provides a sense of the digital representations with which the PCTF is concerned and the various processes involved in creating, managing, and using these digital objects. Individual PCTF components and profiles will provide detailed descriptions of the processes highlighted in this document.||The PCTF is intended to standardize trusted digital representations (i.e., identities, attributes, relationships) of people and other types of entities in Canada.|
|P1003||April 3rd, 2019||Pan-Canadian Trust Framework |
Notice & Consent
|Discussion Draft |
|The Notice and Consent Component defines a set of processes used to formulate a statement about the collection, use and disclosure of personal information, and to obtain a consent decision on that statement from a person authorized to do so. The Notice and Consent processes ensure that notice statements are accurately formulated according to defined requirements, that the person making the consent decision has the authority to do so, and that the management of that consent decision is possible.|
The objective of the Notice and Consent Component is to ensure the ongoing integrity of the notice and consent processes by applying standardized conformance criteria for assessment and certification. A certified process is a trusted process that can be relied on by other participants of the Pan-Canadian Trust Framework.
The Notice and Consent Component builds on the forthcoming Privacy baseline that is in development and scheduled for Discussion Draft release in the coming months.
|The Notice and Consent Component will provide value to all Canadians, businesses, and governments by setting a baseline of business, legal, and technical interoperability. The DIACC’s mandate is to collaboratively develop and deliver resources to help Canadian’s to digitally transact with security, privacy and convenience. The Pan-Canadian Trust Framework is one such resource. The Pan-Canadian Trust Framework represents a collection of industry standards, best practices, and other resources that help to establish interoperability of an ecosystem of identity services and solutions. The DIACC is a not-for-profit coalition of members from the public and private sector who are making a significant and sustained investment in accelerating Canada’s Identity Ecosystem.|
|P1004||May 15th, 2019||Pan-Canadian Trust Framework |
|Discussion Draft |
|The Verified Login Component defines a set of processes used to enable access to digital systems and a set of conformance criteria for each process. These processes include binding a credential to a subject, binding authenticators to a credential, as well as lifecycle management functions that include updates, suspension, recovery, and revocation, and session management. For the purposes of Verified Login, a subject may be a person, organization, application, or device.|
The objective of the Verified Login Component is to ensure the ongoing integrity of the login processes by applying standardized conformance criteria for assessment and certification. Verified Login is a set of processes that are intended to help establish confidence and trust in the use of a trusted digital identity. A certified process is a Trusted Process that can be relied on by other participants of the Pan-Canadian Trust Framework.
|The Verified Login Component will provide value to all Canadians, businesses, and governments by setting a baseline standard to guide public and private sector interoperability of identity solutions and services. The DIACC’s mandate is to collaboratively develop and deliver resources to help Canadian’s to digitally transact with security, privacy and convenience. The Pan-Canadian Trust Framework is one such resource. The Pan-Canadian Trust Framework represents a collection of industry standards, best practices, and other resources that help to establish interoperability of an ecosystem of identity services and solutions. The DIACC is a not-for-profit coalition of members from the public and private sector who are making a significant and sustained investment in accelerating the establishment of Canada’s Identity Ecosystem.|