Trust Framework
The Pan-Canadian Trust Framework™ (PCTF) addresses current and future Canadian digital identity ecosystem innovation needs by verifying the trust of services and networks. PCTF documents and artifacts help to secure the interoperability of public and private sector identity capabilities while prioritizing user-centred design, privacy, security, and convenience of use. PCTF is an open public resource. It will always be freely available to the public for review and adoption. Drafts are made available for public review and input. PCTF develops under DIACC’s neutral good governance policies and procedures. |
|
Quick Links
|
One Framework, Many Partners
Benefits from the inputs of Canada’s federal, provincial, and territorial representatives within the Joint Councils (a multi-jurisdictional collaborative body supported by the Institute for Citizen-Centred Services), the Canadian public sector, international stakeholders, and the broad economic sector.
PCTF Documents
To respond to the complexities that digital identity and trust entail, the PCTF has a modular approach, which provides a comprehensive set of documents aligned to the various functionalities and core aspects of identity management services.
Title Status Scope Needs for Canada Notice Number Type Ready for Certification
Authentication
Component Overview
Conformance ProfileFinal Recommendation V1.2 Defines criteria used to enable access to digital systems. Stakeholders have identified the need for a set of criteria that will be used to enable access to digital systems. 2024-08-09 DIACC PCTF03 Normative Yes
Digital Wallet
Component Overview
Conformance ProfileFinal Recommendation V1.0 Defines criteria, requirements, and guidelines regarding digital wallets. Stakeholders have identified the need for a set of criteria that will be used to create well-designed, privacy enhancing digital wallets. 2023-04-25 DIACC PCTF12 Normative Yes
Infrastructure (Technology & Operations)
Component Overview
Conformance ProfileFinal Recommendation V1.2 Defines criteria, requirements, and guidelines regarding the trustworthiness of IT infrastructure. Stakeholders have identified the need for a set of criteria, requirements, and guidelines regarding the trustworthiness of IT infrastructure. 2023-04-25 DIACC PCTF08 Normative Yes
Verified Person
Component Overview
Conformance ProfileFinal Recommendation V1.2 Defines criteria used to establish that a natural person is real, unique and identifiable. Stakeholders have identified the need for a set of criteria that will be used to establish that a natural person is real, unique and identifiable. 2022-03-31 DIACC PCTF05 Normative Yes
Privacy
Component Overview
Conformance ProfileFinal Recommendation V1.2 Defines criteria concerned with the handling of personal data for digital identity purposes. Stakeholders have identified the need for a set of criteria concerned with the handling of personal data for digital identity purposes. 2022-03-31 DIACC PCTF04 Normative Yes
Trust Registries
Component Overview
Conformance ProfileFinal Recommendation V1.0 Defines criteria, requirements, and guidelines regarding Trust Registries. Stakeholders have identified the need for a set of criteria, requirements, and guidelines regarding Trust Registries governance, operations, and registration and certification management. 2023-11-10 DIACC PCTF13 Normative Yes
Credentials (Relationships & Attributes)
Component Overview
Conformance ProfileFinal Recommendation V1.0 Defines criteria related to the creation, issuance, and management of credentials existing in digital form. Stakeholders have identified the need for a set of criteria related to the creation, issuance, and management of credentials existing in digital form. 2020-06-01 DIACC PCTF07 Normative No
Verified Organization
Component Overview
Conformance ProfileFinal Recommendation V1.0 Defines criteria that allow organizations to exchange trustworthy information about themselves or others (individuals or organizations) with external parties. Stakeholders have identified the need for a set of criteria that allow organizations to exchange trustworthy information about themselves or others (individuals or organizations) with external parties. 2020-02-17 DIACC PCTF06 Normative No
Notice & Consent
Component Overview
Conformance ProfileFinal Recommendation V1.0 Defines criteria used to formulate a statement about the collection, use and disclosure of personal information, and to obtain a consent decision on that statement from a person authorized to do so. Stakeholders have identified the need for a set of criteria used to formulate a statement about the collection, use and disclosure of personal information, and to obtain a consent decision on that statement from a person authorized to do so. 2019-04-03 DIACC PCTF02 Normative No
Assurance Maturity Model Draft Recommendation V1.0 Provides guidance regarding how to use PCTF conformance criteria in order to properly classify Levels of Assurance. Stakeholders have identified the need for an Assurance Maturity Model to provide guidance regarding the use of PCTF conformance criteria in order to classify, compare, and align different Levels of Assurance schemes. 2021-06-28 DIACC PCTF11 Informative Not Applicable
Glossary Final Recommendation V1.0 A list of terms identified in the PCTF. Stakeholders have identified the need for a common set of definitions to be used to communicate with regard to identity and access management. 2020-03-10 DIACC PCTF10 Informative Not Applicable
Overview Final Sets out the vision and value proposition for the PCTF. Canadian citizens and consumers, i.e. end users, are the beneficiaries of trust that will be achieved through service standardization and accountability to the PCTF. 2023-10-30 DIACC PCTF00 Informative Not Applicable
Development & Maintenance
The PCTF is developed and maintained through an open and collaborative process defined in the DIACC Operating Procedures. The DIACC’s Trust Framework Expert Committee (TFEC) is the working group responsible for developing and maintaining the PCTF. The TFEC consists of members from the public and private sectors who work collaboratively through a Peer-Review and Development Process to maintain the PCTF, ensuring it’s up to date with evolving ecosystems.
The TFEC defines the PCTF’s informative and normative documents, adhering to DIACC’s Operating Procedures, and describes the applicable value propositions across Canada’s public and private sectors. The TFEC ensures audibility, suitability, and consistency of its defined conformance criteria operationalized in the DIACC’s Certification Program.
PCTF Conformance Criteria Development Process
The PCTF requirements are developed following an open and standardized process as specified in the following graphic. These include initial draft development, committee review, DIACC Board approval for public input, revisions to incorporate public feedback, and approval from DIACC membership for final publication.
As specified in the Operating Procedures, reviewing the informative and normative documents is a public and open process where any interested party can participate and provide feedback. The public Call for Comments & IPR Review period is vital to the DIACC multistakeholder model. It provides a mechanism to ensure a balanced representation of interested parties’ opinions, views, and suggestions.
In addition to the public comment review periods, DIACC offers an ongoing channel for anyone interested in providing feedback using the PCTF Out of Band Feedback form.
This form collects PCTF public community feedback outside the prescribed public review & comment periods. The DIACC team monitors this form’s responses every quarter. The DIACC’s TFEC will consider comments for inclusion.