Trust Framework

 

 

The Pan-Canadian Trust Framework™ (PCTF) addresses current and future Canadian digital identity ecosystem innovation needs by verifying the trust of services and networks.

PCTF documents and artifacts help to secure the interoperability of public and private sector identity capabilities while prioritizing user-centred design, privacy, security, and convenience of use.

PCTF is an open public resource. It will always be freely available to the public for review and adoption. Drafts are made available for public review and input. PCTF develops under DIACC’s neutral good governance policies and procedures.

 

Quick Links

 

 

 

 

One Framework, Many Partners

Benefits from the inputs of Canada’s federal, provincial, and territorial representatives within the Joint Councils (a multi-jurisdictional collaborative body supported by the Institute for Citizen-Centred Services), the Canadian public sector, international stakeholders, and the broad economic sector.

PCTF Documents

To respond to the complexities that digital identity and trust entail, the PCTF has a modular approach, which provides a comprehensive set of documents aligned to the various functionalities and core aspects of identity management services. 

TitleStatusScopeNeeds for CanadaNoticeNumberTypeReady for Certification
Digital WalletFinal Recommendation V1.0Defines criteria, requirements, and guidelines regarding digital wallets.Stakeholders have identified the need for a set of criteria that will be used to create well-designed, privacy enhancing digital wallets.2023-04-25DIACC PCTF12NormativeYes
Infrastructure (Technology & Operations)Final Recommendation V1.2Defines criteria, requirements, and guidelines regarding the trustworthiness of IT infrastructure.Stakeholders have identified the need for a set of criteria, requirements, and guidelines regarding the trustworthiness of IT infrastructure. 2023-04-25DIACC PCTF08NormativeYes
Verified PersonFinal Recommendation V1.2Defines criteria used to establish that a natural person is real, unique and identifiable.Stakeholders have identified the need for a set of criteria that will be used to establish that a natural person is real, unique and identifiable.2022-03-31DIACC PCTF05NormativeYes
PrivacyFinal Recommendation V1.2Defines criteria concerned with the handling of personal data for digital identity purposes.Stakeholders have identified the need for a set of criteria concerned with the handling of personal data for digital identity purposes.2022-03-31DIACC PCTF04NormativeYes
Trust RegistriesFinal Recommendation V1.0Defines criteria, requirements, and guidelines regarding Trust Registries.Stakeholders have identified the need for a set of criteria, requirements, and guidelines regarding Trust Registries governance, operations, and registration and certification management. 2023-11-10DIACC PCTF13NormativeYes
Credentials (Relationships & Attributes)Final Recommendation V1.0Defines criteria related to the creation, issuance, and management of credentials existing in digital form.Stakeholders have identified the need for a set of criteria related to the creation, issuance, and management of credentials existing in digital form.2020-06-01DIACC PCTF07NormativeNo
Verified OrganizationFinal Recommendation V1.0Defines criteria that allow organizations to exchange trustworthy information about themselves or others (individuals or organizations) with external parties.Stakeholders have identified the need for a set of criteria that allow organizations to exchange trustworthy information about themselves or others (individuals or organizations) with external parties.2020-02-17DIACC PCTF06NormativeNo
AuthenticationFinal Recommendation V1.0Defines criteria used to enable access to digital systems.Stakeholders have identified the need for a set of criteria that will be used to enable access to digital systems.2019-05-15DIACC PCTF03NormativeNo
Notice & ConsentFinal Recommendation V1.0Defines criteria used to formulate a statement about the collection, use and disclosure of personal information, and to obtain a consent decision on that statement from a person authorized to do so.Stakeholders have identified the need for a set of criteria used to formulate a statement about the collection, use and disclosure of personal information, and to obtain a consent decision on that statement from a person authorized to do so.2019-04-03DIACC PCTF02NormativeNo
Assurance Maturity ModelDraft Recommendation V1.0Provides guidance regarding how to use PCTF conformance criteria in order to properly classify Levels of Assurance.Stakeholders have identified the need for an Assurance Maturity Model to provide guidance regarding the use of PCTF conformance criteria in order to classify, compare, and align different Levels of Assurance schemes.2021-06-28DIACC PCTF11InformativeNot Applicable
GlossaryFinal Recommendation V1.0A list of terms identified in the PCTF.Stakeholders have identified the need for a common set of definitions to be used to communicate with regard to identity and access management. 2020-03-10DIACC PCTF10InformativeNot Applicable
ModelFinal Recommendation V1.0A high-level model of PCTF related contextual information, goals, and objectives.Stakeholders have identified the need for a high-level model to organize the Canadian Digital Identity Ecosystem.2019-02-13DIACC PCTF01InformativeNot Applicable
OverviewFinalSets out the vision and value proposition for the PCTF.Canadian citizens and consumers, i.e. end users, are the beneficiaries of trust that will be achieved through service standardization and accountability to the PCTF.2023-10-30DIACC PCTF00InformativeNot Applicable

Development & Maintenance

The PCTF is developed and maintained through an open and collaborative process defined in the DIACC Operating Procedures. The DIACC’s Trust Framework Expert Committee (TFEC) is the working group responsible for developing and maintaining the PCTF. The TFEC consists of members from the public and private sectors who work collaboratively through a Peer-Review and Development Process to maintain the PCTF, ensuring it’s up to date with evolving ecosystems. 

The TFEC defines the PCTF’s informative and normative documents, adhering to DIACC’s Operating Procedures, and describes the applicable value propositions across Canada’s public and private sectors. The TFEC ensures audibility, suitability, and consistency of its defined conformance criteria operationalized in the DIACC’s Certification Program.

PCTF Conformance Criteria Development Process

The PCTF requirements are developed following an open and standardized process as specified in the following graphic. These include initial draft development, committee review, DIACC Board approval for public input, revisions to incorporate public feedback, and approval from DIACC membership for final publication.

As specified in the Operating Procedures, reviewing the informative and normative documents is a public and open process where any interested party can participate and provide feedback. The public Call for Comments & IPR Review period is vital to the DIACC multistakeholder model. It provides a mechanism to ensure a balanced representation of interested parties’ opinions, views, and suggestions. 

In addition to the public comment review periods, DIACC offers an ongoing channel for anyone interested in providing feedback using the PCTF Out of Band Feedback form

This form collects PCTF public community feedback outside the prescribed public review & comment periods. The DIACC team monitors this form’s responses every quarter. The DIACC’s TFEC will consider comments for inclusion.